Blue Team CTF Competition We’ve Done in 2020
There is a lot of things happened in 2020. Since the Covid-19 Breakout in early March, we’ve done a lot of things from home. Personally, i am not a person who involved in CTF competition a lot. The most CTF competition i’ve attended is SANS Netwars CTF (since i got the free pass for attending the SANS Course). Other than that, i only take 1 or 2 competition before.
Starting in 2020, a lot of Blue Team CTF comes up, and i decided to participate in those tournaments. Most of them is CTF in a team. Sometimes i took the game with MII Cyber Security colleagues, or i asked guys from CDEF Community to participate on the CTF game.
In most of CTF Team, we are using copo.banget as our Team Name. Here is the list CTF competition we’ve done so far in 2020 :
a. https://incident-response-challenge.com/ this CTF game created by Cynet. This is an individual CTF competition. I managed to to finish in 5th position from 2500+ participant all around the world. Not bad for a newbie #eh. This game quite nice since they are using artifact that we are doing in real case DFIR for our customer, such as analyzing MFT, Registry Hive, Memory Analysis, Disk Forensic, Analyzing Persistence Mechanism, Backdoor Analysis, Timeline Analysis. You still can access the artifact (and download it, too), and trying to solve the challenge!
b. DEFCON 28 OpenSOC CTF. This CTF created by https://opensoc.io/ Team. This is a team CTF. My first participation in OpenSOC event. Ended in 100-something position (LOL). It is a good experience though. OpenSOC CTF is one of the best CTF i’ve ever attended. The dataset used by OpenSOC is very close to real security incident. They are using open source platform such as Elastic Stack, Graylog, Snort, Suricata, Zeek, Osquery, Velociraptor, Moloch (Now Arkime), and leveraging the log using Sysmon. Check their calendar and follow ther twitter to make sure you can join the competition.
c. SANS Core Netwars CTF — August 2020. This CTF competition is exclusive CTF for person who takes SANS Course during 2020. I have a chance to attend this CTF since i took FOR610 Course. My colleague in MII, Satria Ady Pradana also participate in this event and we are doing this CTF as a team. This CTF is a combination from Pentest and DFIR. Actually we didn’t manage to get in the top position, but suddenly we got the email from Counterhack Organizer mentioning that we won the coin since we are in the top rank of group in category 1st Timer. Wohooooo… Not bad in 1st Timer Group Category. And we got the chance to compete in SANS Netwars CTF Tournament of The winner this 17–18 December 2020. Wish us luck!
d. CyborgSecurity CTF — https://ctf.cyborgsecurity.com/. honor description Cyborg Security CTF is oriented for people interested in threat hunting, cyber defense, blue team, network traffic analysis, malware analysis, and forensics. This CTF Competition created by Cyborg Security (https://cyborgsecurity.com/) — a company that focused on the Threat Hunting Platform. We managed to finish in 1st Position. This CTF Competition. The prize is Apple watch, but unfortunately they have the rule that only US resident based can get the prize shipped. :(. It is okay for us, at least we got some experience in this CTF. YOu can access the solution of this challenge and announcement of the winner here : https://www.cyborgsecurity.com/cyborg_labs/cyborg-security-2020-ctf-solutions/
e. Grayhat OpenSOC CTF. We come back again in OpenSOC CTF! after having some good experience from DEFCON 28 OpenSOC CTF, we decided to participate in another OpenSOC CTF. In this CTF competition, we managed to finish at 6th Rank. Wohooo… A lot of improvement from previous CTF. Some of the exercise case is new, some of them using the same dataset and exercise from DEFCON 28 CTF.
f. Bsides Islamabad 2020 Blue Team CTF Competition — https://www.bsidesislamabad.com/. This CTF is individual CTF Game. BSides Islamabad 2020 (https://www.bsidesislamabad.com) is the first-ever BSides cybersecurity conference happening in Pakistan. Security BSides is known all over the world for being a different and community-driven event. BSides conference provides a platform for first-time speakers, students, new and experienced professionals to present their work in a friendly and welcoming environment. Like other BSides events, BSides Islamabad looks forward to bringing a venture of the Cyber Security Industry in Pakistan.
Bsides Islamabad also held CTF Competition in this year for Rad Team CTF and Blue Team CTF (https://ctfdfir-bsidesislamabad.ctfd.io)
I managed to finish in the 1st Position in Blue Team CTF (https://ctfdfir-bsidesislamabad.ctfd.io/users/476) and come as a winner announced on the Youtube Channel of Bsides Islamabad 2020 during the closing of the conferences.
g. HITB Adversaries vs Defenders CTF Competition (Red Team vs Blue Team CTF) — https://redteamvillage.org/HITB-CyberWeek-2020-Red-vs-Blue-CTF/. This is a teamwork CTF. Unfortunately this is the CTF that i am not focusing on, and the least contribution from myself. The CTF timing in my timezone is on weekdays, and at the same time, i have to go onsite to my customer. Overall, the CTF Platform is the same thing like OpenSOC, using Elastic Stack SIEM, with dataset from Red Team activties. Few hours before Blue Team Started, the Red Team doing the CTF to pwn the target. All activities from Red Team CTF game is being analyzed by Blue Team. The CTF competition concept is actually interesting, unfortunately i don’t have much time to participate in this game.
h. Corelight CTF Tournament https://www3.corelight.com/ctf/tournament/r1. Corelight conducting CTF game related to Blue Team activities. Players will race to answer Zeek-based security challenges in Splunk or Elastic with points earned for accuracy and speed. The top three finishers of each preliminary round game will receive an invite to a final Corelight CTF Champions Round where they’ll compete with dozens of past Corelight CTF winners for the ultimate prize. Tis CTF game is individual CTF game. It is very interesting CTF game and we learned a lot about Zeek Log and how useful it is for Blue team. We are focusing more into analyzing Zeek (Bro) dataset provided by Corelight using Splunk and Elastic Stack platform.
i. Recorded Future Threat Intelligence CTF — https://www.linkedin.com/events/ctfcompetition-warningupforcros6733688060875292672/. This is local CTF Competition (Indonesia) organized by ICION and Recoreded Future. This CTF leverage Recorded Future Platform to hunts. This is the first ever Threat Intelligence CTF i’ve ever attended and i’ve ever known. The game is nice and fun. There is some question that we need to answer from the threat intelligence data provided by Recorded Future. The question is a real security incident case that happened before. I managed to finish in 1st position in this CTF competition
That’s all the summary of Blue Team CTF in 2020. Hopefully in 2021 there will be more Blue Team CTF game competition that we can participate.
See you in 2021!
