My Experience at the 2024 Core NetWars Tournament of Champions
Background
A SANS NetWars Tournament is a cybersecurity competition where participants compete to solve a series of progressively difficult challenges within a set time limit. Each challenge consists of a group of questions and participants earn points for correctly answering them. As they progress through the competition, they unlock more difficult challenges which grant more points. There are several variations of NetWars with each focusing on specific cybersecurity specializations, such as Cyber Defense, Healthcare, and DFIR. In Core NetWars specifically, the questions are multi-disciplinary and cover a wide range of topics, such as starting with basic Linux and PowerShell commands and working up to complex tasks such as performing firmware image analysis and exploiting vulnerable web applications.
I've had the privilege of participating in multiple SANS NetWars tournaments across 2022, 2023, and 2024, and I'm grateful to have finished in 1st place in each of them. These competitions were facilitated by the Department of Defense Cyber Crime Center through their DCISE FIRE offering. Since they were organized outside of SANS, I didn't anticipate any opportunity to progress beyond them. However, I was pleasantly surprised when, in October 2024, I received an email from SANS inviting me to participate in the 2024 Core NetWars Tournament of Champions.
After doing a bit of quick research, I realized how important this opportunity was. The winning team and top five solo players from each Core NetWars Tournament throughout the year earn an invitation. I was excited about the challenge, but also a bit apprehensive about what to expect. Despite my worries, I booked my hotel and prepared to travel, viewing it as a great opportunity to push myself and further develop my skills. The tournament was scheduled to take place at the Washington Hilton's International Ballroom on December 16 and 17, 2024 between 6:30 PM and 9:30 PM.
Day 1
I traveled to Washington, D.C. and arrived at the Washington Hilton in the early afternoon of December 16th, the first day of the tournament. After checking into the hotel, I took some time to get settled in my room, unwind with a good meal, and make final preparations for the tournament later in the evening.
About 30 minutes before the start, I headed to the ballroom to secure a good spot. The room was set up with many rows of tables and chairs and illuminated by deep red ambient lighting. I chose a spot, sat down, and set up my laptop along with my second monitor. The tables were equipped with nearby power strips, which were helpful with keeping my laptop powered during the tournament. However, I was a little surprised to find there was no option for a wired network connection; only Wi-Fi was provided for internet connectivity.
Right on time at 6:30 PM, the opening presentation kicked off. The organizers outlined the rules, explained the scoring system, and shared some useful logistical details. This was my first time experiencing version 10 of Core NetWars, which featured a new theme: a group of SANS students are visiting an arcade and are transported to a digital world controlled by artificial intelligence. While the storyline added some flair, I didn't focus too much on it because it wasn't critical to solving the challenges. However, I do appreciate SANS keeps the content fresh and relevant.
I was surprised to learn this event wasn't just a Core NetWars Tournament of Champions—it was also a regular Core NetWars competition happening at the same time. This meant the room was filled with a mix of first-time and experienced players. To accommodate both groups, separate leaderboards were set up for each tournament, ensuring fair recognition for participants in both categories.
Within minutes of the competition starting, a team gained over 5,000 points while everyone else had barely reached 200. I was aware this could happen as I had read some participants store answers from prior tournaments and bring them into future events. Although this practice is allowed, I do wonder about its fairness. Having never participated in a Core NetWars 10 Tournament before, this was my first time encountering questions which were notably different from those in a previous Core NetWars 9 Tournament I had competed in. As a result, I couldn't implement the same strategy since I was seeing the questions for the first time. Of course, there could be other strategies that don't rely on prior knowledge which I might have overlooked. While it doesn't particularly bother me, I do find it an interesting dynamic to consider.
Throughout the day, the provided Wi-Fi network faced several issues. Latency was inconsistent and transfer speeds were often slow, which made some workloads more challenging. The provided virtual machines, accessed via Apache Guacamole and WebTTY, were particularly impacted as they showed very noticeable delays in responses to clicks and keystrokes. Despite these challenges, the connectivity was generally sufficient for my needs and I was able to complete several challenges without significant difficulty.
Although I made a conscious effort to avoid checking the leaderboard too often, I couldn't help but notice the intense competition. After a few hours, I found myself settling among the top 5 spots, but the race was incredibly tight. The positions were constantly shifting, with the top five contenders frequently trading places. There was never a moment when I felt I could comfortably take a break as I was always worried stepping away would cause me to fall behind.
At 9:30 PM, the tournament paused for the day. When I checked the leaderboard, I was pleasantly surprised to see I was in 2nd place in the individual champions standings. Satisfied with my performance for the evening, I returned to my hotel room to get some rest. With such a long break between the first and second day, some participants choose to continue working on challenges during the pause and prepare answers for submission the following day. This strategy allows them to focus on new challenges when the tournament resumes, rather than revisiting tasks from the previous day. That said, I decided not to take this approach. I felt that taking time to relax and recharge would be more valuable for myself in the long run.
Day 2
I arrived in the ballroom 30 minutes early again, setting up just like the previous day with my laptop and second monitor. In response to the Wi-Fi issues from the day before, the organizers divided the ballroom into four zones and assigned each its own dedicated Wi-Fi network. I connected to the network assigned to my zone, but unfortunately, this change didn't resolve the problem.
When the tournament resumed, it was immediately clear the connection was much worse than the previous day. Accessing and using the provided virtual machines became extremely difficult. Apache Guacamole would frequently lose connection and WebTTY had delays of up to 15 seconds at times, making even basic tasks very frustrating. The Wi-Fi issues were widespread, with almost everyone in the room raising their hand when the organizers asked who was experiencing connection problems. At one point, I needed to download a 60MB PCAP file and a 40MB APK file, but Firefox estimated they would each take over 30 minutes to complete. After several failed download attempts, I switched to a Wi-Fi hotspot provided by my cell phone. The connection was much better, despite the typical challenges of using a cell connection indoors.
Aside from the Wi-Fi issues, the second day was pretty much the same as the first. The competition remained intense, with the top 5 spots still continuously shifting.
When 30 minutes remained in the tournament, the organizers hid the leaderboard rankings. I had read that some participants choose to defer submitting answers until this point, then submit them all at once. This strategy allows them to jump up the rankings rapidly without drawing any immediate attention. Since I knew this was a possibility, I kept working to answer as many questions as I could before the tournament ended.
At 9:30 PM, the tournament officially ended. It was a tense moment as I had no idea how I had performed. With the competition being so fierce, I couldn't even guess at my final standing. The organizers spent a few minutes processing the results on their end and then announced the winners.
When the results were announced, I was thrilled to learn I had achieved 3rd place on the individual champions leaderboard! Given how intense the competition had been, I was proud of my performance. As a token of recognition, I received a crystal trophy and a challenge coin.
Final Thoughts
Participating in the 2024 Core NetWars Tournament of Champions was truly an honor. It was a privilege to test my skills alongside such talented individuals, and the entire event was a rewarding experience from start to finish. I deeply appreciate the opportunity to challenge myself and to learn more about my limits and adaptability under pressure. The level of competition was intense, and it kept me on my toes from beginning to end. As I look back, I can honestly say it was a great game and I'm proud of the progress I made.
I look forward to future NetWars tournaments and will certainly take the lessons I've learned here into future events. If you have the opportunity to participate in a NetWars competition yourself, I can't recommend it enough. It's an incredible way to push your skills to the limit, test your knowledge in real-world scenarios, and be part of a highly engaged and skilled community of cybersecurity professionals.
And finally, a big congratulations to everyone who participated. Thank you for making the tournament an exciting and challenging experience. Good game, everyone!
Tips for Future Participants
If you're planning to participate in a future NetWars Tournament or similar competition, these are my general tips to help you succeed.
- Arrive Early: Plan to arrive 30 minutes before the start time to secure a good seat. This also gives you time to settle in, get comfortable, and prepare for the tournament.
- Prepare Your Setup: Think ahead about the tools and peripherals you will need to be comfortable. Bring everything you might want: an external keyboard, mouse, second monitor, etc. You don't want to be stuck using the trackpad on your laptop you hate because you forgot to bring a mouse.
- Bring a Wi-Fi Hotspot: The provided Wi-Fi was unreliable during this tournament. While I hope that improves in future events, it's a good idea to have a backup connection available, just in case. Make sure your hotspot and laptop support the 5GHz spectrum as the 2.4GHz spectrum can get quite crowded.
- Stay Adaptable: Not every strategy or tool will work as planned. Whether it's a network issue or a particularly tricky question, being flexible and adjusting your approach quickly can help you stay on track.
- Collaborate and Learn from Others: Even if you are competing solo, the participants around you may have unique insights or strategies. Sharing tips can be mutually beneficial and can help you refine your approach.
- And most importantly, Have Fun: It's easy to get caught up in the competition, but remember to enjoy the experience. These tournaments are a great opportunity to learn, challenge yourself, and connect with like-minded individuals.
If you're looking to take your performance to the next level, these strategies may be helpful. While I didn't employ all of these techniques myself in this tournament, I will be considering them for future events.
- Manage Your Time: Be mindful of how much time you spend on each question. Also, weigh the points each question is worth against your skillset and the likelihood of completing it efficiently. If a question is taking too long or isn't worth the effort, it might be better to move on to something else.
- Leverage Breaks: If your tournament includes a break, use the time strategically. Before the break begins, save a copy of questions you want to work on and download any necessary files. During the break, work through those questions and prepare your answers for submission when the tournament resumes. This will free up valuable time during the main event to tackle new questions.
- Work Asynchronously: Take advantage of tasks which can run in the background to work on other questions. For example, if you're brute-forcing a hash for one question, switch to working on another while the attack is running.
- Record Your Screen: After the tournament concludes, review the recording to identify successful strategies, spot mistakes, and refine your techniques for future events.