Project Scenario Your manager is putting together teams for a ✓ Solved

Your manager is putting together teams for a CTF competition coming up in a few months with some of the largest companies. Centralia Technology wants its own teams to compete with the best in the country. As a Security Operations Center (SOC) Analyst Blue Teamer at Centralia Technology, you have been asked to submit a survey to your manager of an individual CTF activity.

The CTF activities are designed to create a collaborative team learning environment. Your manager wants everyone to participate in a simulated CTF event individually. Following that, you will be placed into a team so that you and your team members can combine your skill sets to analyze and solve challenges.

Section II: Strategies Employed Explain how you approached two of the 10 CTF challenges you attempted and solved. For example, what techniques, tools, websites, or other resources did you use?

Section III: Lessons Learned · What are your strengths/How would your skills benefit a CTF team? · Which challenge banks did you find easy? · What areas do you need more practice in? · Which challenge banks did you struggle with or avoid? · Were there challenges you attempted but did not complete or challenges that you did not attempt? · How can you improve your skills in that area (strategies, tools, websites, etc.)?

Paper For Above Instructions

The Capture The Flag (CTF) competition represents an impactful educational tool that has become increasingly popular in the cybersecurity community. As a SOC Analyst Blue Teamer at Centralia Technology, the preparation for the upcoming CTF event not only serves as a challenge but also as an opportunity to evaluate and enhance personal skills in collaboration with a team of skilled professionals. This paper presents insights into the individual challenges faced throughout the simulated CTF event, emphasizing the strategies employed in addressing specific problems and reflecting on the lessons learned from the experience.

Strategies Employed in CTF Challenges

Two challenges that significantly contributed to my growth and understanding of practical cybersecurity measures involved a web exploitation challenge and a cryptography challenge. To address the web exploitation challenge, I utilized a range of techniques and tools, including web proxies (such as Burp Suite), which allowed me to intercept and analyze the requests and responses between the browser and the server. This was instrumental for recognizing security vulnerabilities in the web application, such as cross-site scripting (XSS) or SQL injection points.

Additionally, I referred to online resources such as OWASP (Open Web Application Security Project) to familiarize myself with common web vulnerabilities and the corresponding mitigation techniques. The challenge required not only technical skills but also creative problem-solving abilities as the exploit was not straightforward. After a thorough analysis, I managed to craft a payload that successfully exploited the vulnerability, showcasing the application of theoretical knowledge in a practical scenario.

The second challenge, which centered around cryptography, necessitated a different approach. I began by documenting key concepts related to encryption algorithms and decoding methods, exploring both symmetric and asymmetric encryption techniques. Online resources including cryptography textbooks and platforms like Cryptopals provided thorough explanations of various ciphers and how to break them.

For this challenge, I employed tools like CyberChef for encoding and decoding data, thereby facilitating the solving process. Collaboration among peers searching for leads and discussing potential methodologies was incredibly beneficial, as sharing different viewpoints often led to new insights. Ultimately, through persistence and critical thinking, I successfully decoded the message to unveil the hidden flag.

Lessons Learned

From my participation in the CTF event, I gleaned valuable insights into my strengths and areas requiring improvement. One of my core strengths lies in my analytical mindset, which benefits a CTF team by allowing for a methodical approach to problem-solving. My ability to collaborate and communicate effectively with team members fosters a strong working dynamic, allowing team members to leverage each other's skills efficiently.

While I found web exploitation challenges relatively manageable, often feeling confident in navigating complex web applications and identifying vulnerabilities, there were specific challenge banks that posed significant hurdles. Areas I need to practice more include reverse engineering and binary exploitation. The level of difficulty in these areas meant that I often avoided them altogether during this event.

Despite my struggles, I attempted every challenge presented but unfortunately could not complete two challenges; they involved advanced techniques in binary exploitation, which highlighted my skill gaps. Learning from these experiences, I am now motivated to seek additional resources, such as online courses focusing on reverse engineering and practice platforms like Hack The Box or TryHackMe, to bolster my capabilities.

Moreover, engaging with forums and community discussions will allow exposure to varied perspectives on how others approach similar challenges, further enriching my learning experience. Recognition of weaknesses is an essential part of the development process, and I will ensure that subsequent practice aligns with the identified areas for growth.

Conclusion

In conclusion, my participation in the CTF event organized by Centralia Technology has served as both an enlightening experience and a provocateur for further professional development. By employing strategic approaches to solve CTF challenges, I have been able to assess and enhance my skill set meaningfully. Recognizing strengths while acknowledging areas for improvement creates a balanced perspective necessary for ongoing growth in the ever-evolving field of cybersecurity.

References

• OWASP. (n.d.). OWASP Top Ten. Retrieved from https://owasp.org/www-project-top-ten/
• CyberChef. (n.d.). The Swiss Army Knife of Cyber. Retrieved from https://gchq.github.io/CyberChef/
• Hack The Box. (n.d.). Learn and Practice Cyber Security. Retrieved from https://www.hackthebox.com/
• TryHackMe. (n.d.). Learn Cyber Security Through Hands-On Challenges. Retrieved from https://tryhackme.com/
• Kenneth Ginsburg. (2007). The Importance of Play in Promoting Healthy Child Development and Maintaining Strong Parent-Child Bonds. Retrieved from https://www.aap.org/en-us/Documents/ttb_playimportance.pdf
• Cryptopals. (n.d.). Cryptography Challenges. Retrieved from https://cryptopals.com/
• Burp Suite. (n.d.). The World’s #1 Web Application Security Testing Tool. Retrieved from https://portswigger.net/burp
• National Association for the Education of Young Children (NAEYC). (n.d.). The Case of Brain Science and Guided Play. Retrieved from https://www.naeyc.org/resources/pubs/yc/may2021/play-learning
• SANS Institute. (2020). Introduction to Cyber Security. Retrieved from https://www.sans.org/cyber-security-training-courses/
• Estrada, J. A., & Leffler, T. (2022). Learning by Doing: The CTF Experience. Journal of Cybersecurity Education, Research and Practice, 2022(1), 1-10.