Home page

Let’s Get Started

Over the years that I have been involved with Cyber Patriots I have found that many of the students are not sure of where to start, as well as how to continue down the path of discovering the vulnerabilities in the competition.  I am building this site as a continuous mentor to all CyberPatriot competitors to help guide them down the path of discovering all the vulnerabilities, which I am going to call flags.  You can read more about me and my background here.

Assuming the images are extracted and you (the CyberPatriot) are ready to collect all the flags on the system, I would like you  to consider following these steps:

Do a System Recon

As part of the system recon you need to collect data from the file system, running processes, and system configuration.  To get this data faster, you should create something I am calling a recon script.  Listed below are some of the conceptual steps that should be part of the recon script.

  1. Make an output folder, check passwords,and get a list of user accounts
  2. Get group memberships, get password policy setting, and auto update settings
  3. Get list of installed software and features, get a list of Services
  4. Get listening ports, look for unauthorized files, get list of files accessed after a defined date.
  5. List files over 10 MB, list directory names from program files
  6. Show firewall config status, get the system configuration info

All of these tasks will take some preparation, and I hope to help you learn these tasks.  Keep in mind, your recon script should not be limited to these tasks, but these are a good start.  I am going to write a different blog post for each of these tasks and discuss how to use commands to correct the flags (vulnerabilities) as well.

Review ReadMe File and Take Good Notes

Review the ReadMe file for configuration details, take notes and make sure you know what might be hidden. Read between the lines, and look for special hints. Discuss the ReadMe file with your team mates and before making any changes, make sure you all agree with details that are described in the ReadMe file.

Forensic Question

Read the questions and review the output of the Recon Script for the answers.  Many of the Forensic Questions will ask you  about files, users, or services.  The Recon Script should collect all of this information.  I would encourage you to solve all the Forensic Questions that you understand, then move on to the other flags.

FixIt Scripts

Through out the blog posts I am going to have a section called FixIt Script. These sections of the blog post are going to be series of commands you can use to fix problems and receive credit for the various flags.  For example there are commands you can use to set passwords for user accounts.

The Blog Posts

I hope you all enjoy and benefit from these blog posts and I will try to publish one post per week starting 7 Oct 2017.