New MacBook Air, Dell XPS 13, or $600 Off with SANS Online Training for a limited time!

NetWars: FAQ


  • NetWars Tournament runs over an intense two- to three-day period, at either a SANS training event or hosted facility, while NetWars Continuous is available across the Internet over a four month period.
  • NetWars Continuous offers a completely separate set of challenges from NetWars Tournament. Although it is organized into the same five levels, there are more in-depth challenges in NetWars Continuous, given its four-month timespan.
  • NetWars Continuous offers a unique Automated Hint System, so you can simply click on a button to receive a hint to help you move forward, without any penalty whatsoever. The Automated Hint System makes NetWars Continuous an ideal learning environment for hands-on infosec skills.
  • With NetWars Tournament you have the ability to earn 6 CMU/CPE credits, while NetWars Continuous provides participants who reach Level Three 12 CMU/CPEs.
Core NetWars covers all aspects of IT Security, while DFIR NetWars concentrates on Digital Forensics, Incident Response, and Threat Hunting. Core NetWars includes topics on Vulnerability Assessment, Penetration Testing, Incident Response, and System Hardening. DFIR NetWars covers Incident Response, Endpoint/Host Forensics, Network Forensics, and Malware & Memory Analysis.
We designed NetWars so that entry-level players can hone their skills.

The environment includes five levels that progressively increase in difficulty. No matter your skill level, anyone can jump right in and begin answering questions at Level 1.
We designed NetWars so grand masters of InfoSec can quickly advance through earlier levels and find more complex scenarios and target infrastructures to analyze and attack. The in-depth challenges of Levels 3 and beyond will let you demonstrate your awesome abilities and possibly even challenge you to take your skills to the next level.
Getting stumped is no big deal. If NetWars was only about solving easy challenges, it wouldn't be very valuable. When you reach a problem you can't solve, NetWars becomes a learning environment for you to pick up new techniques and get exposed to new tools in an environment optimally set up for you to do so.
Not at all. NetWars consists of both offensive and defensive challenges in a wide variety of information security disciplines, including system hardening, packet analysis, digital forensics, malware analysis, vulnerability assessment, and penetration testing. Also, the best way to hone your skills as a defender is to understand the attacker, so everyone (both defense specialists and offensive-minded people) can benefit from NetWars.


  • If you purchase NetWars Continuous as a stand-alone product or as a bundle with an OnDemand course your subscription link will be active within 48 hours.
  • If you purchase NetWars Continuous as a bundle option with a live or simulcast course your subscription link will be active 7 days after the last day of the event.
Once you have the subscription link you have a 90-day period during which you can activate your subscription. Once activated, your subscription begins and will end 4 months from the day it was activated.
NetWars Tournament runs at live, face-to-face conferences for one to three days. NetWars Continuous is played across the Internet at any time over a four-month span. Although the design of NetWars Tournament and Continuous are similar and the two use the same style of scoreboard, the actual challenges for them are very different. NetWars Continuous is larger, with more challenges and options, given that it covers a four-month span.
NetWars Continuous trial accounts are granted on a case-by-case basis. The trial cost is $20 and will give access to a small subset of questions from the first three levels of NetWars for one week. If you are interested in a trial account please send us a request along with the following information: your name, company name, title, department, and phone number.
NetWars covers a broad range of topics, so almost every class offered by SANS will help you succeed in NetWars. The classes that will best help you get started are as follows:

SANS SEC401: Security Essentials Bootcamp Style
SANS SEC504: Hacker Techniques, Exploits & Incident Handling
SANS SEC560: Network Penetration Testing and Ethical Hacking
SANS SEC542: Web App Penetration Testing and Ethical Hacking
SANS FOR408: Windows Forensics
SANS FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting
SANS FOR526: Memory Analysis
SANS FOR572: Network Forensics
SANS FOR610: Malware Analysis
Although VMWare is heavily preferred, any virtualization software capable of booting from an ISO of a Linux LiveCD image will be sufficient. Any computer capable of running a virtual machine in said virtualization sofware will be sufficient.
There is no certification for NetWars, however NetWars Tournament participants receive 6 CPEs and NetWars Continuous participants who reach Level Three receive 12 CPEs.

NWC (accessed across the Internet over a four-month timeframe) is available to NetWars Tournament participants or as a bundle option for those who purchase any SANS long course for $1199 (a $2750 value). A discount code will be sent to NetWars Tournament participants after the event that can be used to register for NWC at the discounted rate.

If NWC is being added to a registration as a bundle option with a long course it must be added within the following time frames consistent with the addition of other products:

  • Conference and Simulcast- before the end of the event
  • OnDemand and SelfStudy- within the first 30 days of access
  • vLive, Community, and Mentor- by the last day of class

Please send an email to for information on adding NWC to a vLive or Mentor class or to add the NWC bundle to an existing registration.

Students who register and pay for any long course at a SANS event that includes a NetWars Tournament may participate in the tournament at that event free of charge.
If you are interested in renewing your NetWars Continuous subscription, you may purchase up to two NetWars Continuous 4-month renewals for the discounted price of $799 each. You may also purchase one or more 1-month extensions for only $199 each. Either option will extend access for your existing account, allowing you to pick up right where you left off. If you are interested, you may drop us a note at
No. NetWars Continuous is available globally across the internet. NetWars Tournament competitions take place live at every National SANS Event as well as select conferences around the world.

Getting Started

For NetWars Continuous, a zip file containing the LiveCD ISO image and a VMX file for opening in VMWare can be downloaded from the Game Details page on the CHC Portal ( by clicking the link for the game under "My Games". For NetWars Tournament, a CD containing these two files will be handed out at the event.
You can submit as few or as many answers at a time as you wish. Any question left blank will be ignored and you will not lose points *or lose your mulligan* on that question.
Yes! The use of outside resources is encouraged to help you learn any material necessary to solve the challenges. NetWars was created to encourage self-guided learning.
The scoring server password is randomly generated and different from the password you chose for your Counter Hack Challenges Portal account. To log into the scoring server, first log into the CHC Portal ( using the credentials you chose upon registering. Go to "My Games" and click on the game details link in the list for the game you are currently participating in. On the game details page, click on "Log In to Scoring Server" which will automatically log you in.

Levels 1 and 2

No. The version of Linux used in NetWars is not compatible with VMWare tools and will not allow it to install correctly. For copying, pasting, and resizing the screen, please refer to the next set of FAQ questions.
The README file on the desktop of the VM and in your home folder contains the complete command syntax for changing your resolution. To do so, first run:

$ xrandr

This gives you a list of valid resolutions which can then be changed to using:

$ xrandr -s [width]x[height]
Inside of the VM, different programs have different key combinations for copy/paste. When inside the terminal, Ctrl+Shift+C/V are used to copy/paste. Anywhere else Ctrl+C/V works. In both cases you can use right-click -> copy/paste. *** Copying between your host and the VM will not work because VMWare Tools is not installed. Instead, open Firefox inside of the VM and log into the scoring server there to copy/paste your answers. ***
No. The VM is a LiveCD image and therefore does not store any files created or edits made to existing files. All changes are lost when you reboot or shut down the VM. If you accidentally delete an artifact or other system file necessary to complete a challenge, a reboot will restore the system to its original state.

Levels 3+

If you are playing NetWars Continuous, the README file on the desktop of the VM and in your home folder contains complete command syntax for SSH to connect to the SSH gateway. If you are playing NetWars Tournament, a similar guide is available in Appendix B at the end of the provided handout. The basic command to connect is:


$ ssh -i [path_to_private_key] -p [sshd_listening_port] [lowercase_username]


$ ssh -i [path_to_private_key] -p [sshd_listening_port] [lowercase_username]
Using Firefox to browse the websites on the target boxes requires you to first set up a SOCKS5 Proxy connection through the SSH gateway. The command for doing this can be found in the same section referred to by the previous question "How do I access the SSH gateway?". Once your SOCKS5 proxy is configured, simply change the Firefox proxy settings to "Manual". They have already been filled in for you and do not need to be changed after being set to manual. It is not necessary to fill anything into the HTTP or HTTPS Proxy settings in Firefox.
A README file can be found in your home folder on the SSH gateway with a list of provided tools.

Still have questions? Drop us a note at