search
top


SANS 542 – Winning the CTF Event – Coinage

SANS 542 – Winning the CTF Event

I just finished taking the SANS 542 vLive class on Web Application Penetration testing. During the last week (week 6) of the course, we have a CTF (Capture The Flag) event, where you team up with other classmates to exploit systems in a special SANS virtualized environment.

In our event, it started off being a bit unfair where the team I was on had 1 other person with me. While, the team on the other end had 4 members, so it was a 4 vs. 2 battle for most of the CTF. SANS has a similar environment as to one you would see at SANS Netwars. There is an area to create a team name, see your team rank and scores, as well as questions that are asked to you.

In the event our team thepentestninjas won the event leading the other team by over 100 points. We compromised all of the servers on the network, and completed the Level 3 mark. We however, got the very last system with 1 minute to spare.

SANS now has started a new program where they give out special SANS coins to winners of these types of events.

What is a SANS Pentest Coin?

I asked this very question when I found out our team had won this coin. After looking into this some more, I found an older web link on the SANS website –> https://pen-testing.sans.org/blog/pen-testing/2013/03/24/coinage-the-sans-pen-testing-coins-backstory

The SANS team running the Pen test classes now gives out coins to winners of CTF events. And, I think it’s a brilliant idea on their part.

There are many other coins available to obtain. As far as I have read on social media, there is at least 1 person who has won and collected all of the coins. That means this person has won every CTF for every Pen test SANS course, as well as winning Netwars! It’s truly remarkable, and for those that have done it. Hats off to you!

SANS Pentesting coins

SANS Pentesting coins

Tips on the CTF event

I don’t want to give off too much information about the CTF only because it will kill off the fun of it. My only recommendation would be that you really study everything you’ve learned in the class. Go over all your labs, re-read slides and remember the key concepts. Lastly, understand the tools you learned and how to best use them to your advantage. Your toolkit is critical and very important not just in the CTF event, but for any real work you conduct in the real world. It takes lot’s of time to really master the skills needed, and this CTF event really gives you the feeling of finding real vulnerabilities as you would with a Web App Pen test job. If you follow the above steps you will do well on the CTF event.

What’s Next?

My plan now is to use the next few months to re-read the SANS material. And, spend time re-doing all the labs and everything I also learned during the CTF event. This I hope is going to prepare me well enough to challenge the GWAPT exam before the end of summer.

If you’ve collected any coins feel free to post what you got in the comments section below.



One Response to “SANS 542 – Winning the CTF Event – Coinage”

  1. Kaplan says:

    Hey there, a very interesting post about SANS Coins, I wish I had won one during my class. Thanks a bunch!

Trackbacks/Pingbacks

  1. SEC 542 SANS Course Review - StealthBay - […] If you want to know more about what you can win if you get the best CTF (during week…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

top