Security G33k: SANS 560 GPEN Training and CTF Event

Sunday 3 November 2013

SANS 560 GPEN Training and CTF Event

Went for a GPEN course that was held in Singapore at the Grand Copthorne Waterfront Hotel last week and had a great time learning some of the network hacking stuffs that i am not aware of. Unlike the previous course i attended which was the GWAPT (Web Application Pen Test), the books for GPEN was much thicker. The trainer was an official GIAC trainer and was from Belgium and spoke good, clear and understandable English. He was fun and approachable and explain things confidently when we were unsure.

At the last day of the course, like GWAPT in Bangkok, there was a Capture the Flag event, a mini hacking competition for all the participants and whoever wins it will get a special medal. This limited edition medal can only be given to those who successfully managed to capture all the flags and present to the participants how they win it.

The GPEN CTF was much harder than GWAPT. Only after the event was over that the trainer confessed that there were no vulnerable machines for us to exploit and we had to find another weakness in the system instead. So it was a disappointment when we found NOTHING after running tools like Nessus and NMAP vuln nse scripts. There were both Linux and Windows machines and we had to think out of the box on getting the flags! It wasn't as straight forward as i would have thought. Even the CTF organized by Symantec previously wasn't as tough as this. We needed to know how to use password cracking/guessing tools, had to know how to sniff and analyze traffic using Wireshark/TCPdump. We had to know how to crack the hashes and compile an exploit to try and exploit a Linux machine! And who would have guessed that one of the flags was stored in a VOIP traffic!!!??? It was a quite tough 3-4 hrs event.

And eventually, despite all the toughness, our team won and was the only team to capture all the flags after the hour is over.

Here are some pictures:

The Course