Wyatt Tauber
MetaCTF logo in front of a computer screen
MetaCTF logo in front of a computer screen
MetaCTF held its annual CyberGames competition on the weekend of October 24th.

This post is a collaborative effort between myself, Connor C., Tim E., and Tilden W. Together, we represented Northeastern University, the University of Cincinnati, the Rochester Institute of Technology, and the University of Virginia. Thanks for a great time, guys!

MetaCTF is an annual cybersecurity Capture The Flag (CTF) event, hosted online this year due to the COVID-19 pandemic. Teams of four from across the world, composed of students and non-students alike, competed in the event for a total prize pool of $5000. The 24-hour event began on October 24 at noon EST. …


Logos for conINT, The Many Hats Club, Trace Labs, and NCPTF
Logos for conINT, The Many Hats Club, Trace Labs, and NCPTF
The inaugural conINT Intelligence Conference was held on October 17th and 18th, 2020.

conINT is a two-day INTelligence conference and fundraising event hosted by The Many Hats Club, Trace Labs, and the National Child Protection Task Force (NCPTF). Held live on Twitch this year, attendees had the opportunity to develop intelligence acquisition and analysis skills, learn about digital investigation, and more with the first full day of presentations and hands-on technical workshops. The second day of conINT allowed attendees to apply these skills by assisting international law enforcement agencies in locating missing persons from real cases using OSINT techniques during the six-hour Trace Labs OSINT Search Party CTF.

Trace Labs

Trace Labs is a nonprofit organization founded in 2017 by Rob Sell, a tracker for search and rescue and computer security professional, dedicated to organizing global Capture-the-Flag (CTF) “Search Parties” for missing persons and children across the world. To date, Trace Labs has assisted in over 300 investigations across 35 search parties, both online and in-person at notable security conferences including DEF CON. …


Image for post
Image for post
The Cisco Certified CyberOps Associate focuses on operational skills and knowledge needed in security operations centers.

Today I’ll be taking a look at the Cisco Certified CyberOps Associate exam, an entry-level exam designed to validate the day-to-day tactical knowledge and skills that Security Operations Center (SOC) teams need to detect and respond to cybersecurity threats. The exam covers knowledge and skills related to security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures to help teach the essentials of preventing, detecting, and responding to incidents and breaches.

Exam Information

The CyberOps Associate’s corresponding exam is Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS 200–201), taken at one of Pearson VUE’s testing centers available worldwide (and online, temporarily, due to the COVID-19 pandemic). …


Image for post
Image for post
The CompTIA PenTest+ is a basic penetration testing certification emphasizing planning, scoping, and reporting on offensive engagements.

Today I’ll be reviewing the CompTIA PenTest+ exam, a basic penetration testing certification with an emphasis on planning, scoping, and reporting on offensive engagements. The exam covers the knowledge and skills related to security concepts, security monitoring, host-based analysis, network intrusion analysis, and security policies and procedures to help teach the essentials of preventing, detecting, and responding to incidents and breaches.

Exam Information

The PenTest+ PT0–001 exam contains four weighted sections:

  • 15% Planning and Scoping — policies and procedures, legal concepts, contract types, and rules of engagement
  • 22% Information Gathering and Vulnerability Identification — vulnerability scanning and enumeration, exploit identification, identifying and scanning specialized…

Image for post
Image for post
The RIT Computing Security Lab

In RIT’s Computer System Forensics class, students learn basic incident response procedures as well as methods to uncover and investigate the activities of computer users. Students also learn to employ activities needed to gather and preserve evidence to be presented in court cases. Some of the concepts discussed in class are incident response reporting, forensic imaging, Linux and Windows file systems and steganography.

While the class is well-designed and the concepts presented are highly applicable, assignments and labs can grow a bit stale because the two professors that regularly teach the class are actively involved in research. Such was the case for Spring 2019's memory acquisition and analysis lab, which instructs on how to use the Linux Memory Extractor (LiME) and the Volatility Framework to analyze memory images for system information and malware infections. …


Image for post
Image for post
The RIT Security Club

The final week of RITSEC’s Spring 2019 CTF has concluded. Although the official challenge write-ups for the semester CTF will be posted on RITSEC’s GitHub for those interested, I have more detailed write-ups here each week for the challenges I am able to solve. I do this because as a freshman, when I read the challenge write-ups they often went step-by-step but never elaborated on why a certain command was run or the strategy the user followed when solving the challenges. This is my effort to elaborate on the reasoning to the process.

Topic — Scripting

This week, participants were challenged to write scripts for a variety of purposes, including port scanning, wireless packet capturing, web scraping, log parsing, and many more. However, in order to earn points for these challenges, each language may only be used three times. The languages allowed for these challenges…


Image for post
Image for post
The RIT Security Club

The eleventh week of RITSEC’s Spring 2019 CTF has concluded. Although the official challenge write-ups for the semester CTF will be posted on RITSEC’s GitHub for those interested, I have more detailed write-ups here each week for the challenges I am able to solve. I do this because as a freshman, when I read the challenge write-ups they often went step-by-step but never elaborated on why a certain command was run or the strategy the user followed when solving the challenges. This is my effort to elaborate on the reasoning to the process.

Topic: Red Team Windows

This week, participants were given a Windows Server 2016 virtual machine, each with an account corresponding to a challenge. Starting with no login information, users were required to enumerate, obtain credentials, log in, and escalate privileges from each user account to the next, eventually reaching the Administrator account and successfully “pwning” the box. Then, participants were challenged to act as the red team and learn how to create and install their own persistence mechanisms on Windows. …


Image for post
Image for post
The RIT Security Club

The ninth week of RITSEC’s Spring 2019 CTF has concluded. Although the official challenge write-ups for the semester CTF will be posted on RITSEC’s GitHub for those interested, I have more detailed write-ups here each week for the challenges I am able to solve. I do this because as a freshman, when I read the challenge write-ups they often went step-by-step but never elaborated on why a certain command was run or the strategy the user followed when solving the challenges. This is my effort to elaborate on the reasoning to the process.

Topic: Windows Blue Team

Image for post
Image for post
Unhiding hidden and protected files in Windows Explorer

This week, participants were given a Windows Server 2016 virtual machine with several different types of hidden persistence mechanisms . Points were earned by discovering and analyzing these programs for the flags. To begin, ensure that Sysinternals is downloaded on the VM and that the options for viewing hidden files and protected operating system files are enabled in Windows Explorer Folder Options. …


Image for post
Image for post
The RIT Security Club

The tenth week of RITSEC’s Spring 2019 CTF has concluded. Although the official challenge write-ups for the semester CTF will be posted on RITSEC’s GitHub for those interested, I have more detailed write-ups here each week for the challenges I am able to solve. I do this because as a freshman, when I read the challenge write-ups they often went step-by-step but never elaborated on why a certain command was run or the strategy the user followed when solving the challenges. This is my effort to elaborate on the reasoning to the process.

Topic — Linux Red Team

This week, participants were given two virtual machines. The first, a minimal CentOS 7 box, served as the main challenge VM for learning how red teams (such as RITSEC’s) operate and prepare blue teamers for some of their antics in the upcoming IRSeC. The second VM was a black box, a virtual machine for which no login information was given, to simulate common experiences of a red team member. Topics covered this week included various persistence and data exfiltration techniques, penetration testing, and malware installation. …


Image for post
Image for post
The RIT Security Club

The eighth week of RITSEC’s Spring 2019 CTF has concluded. Although the official challenge write-ups for the semester CTF will be posted on RITSEC’s GitHub for those interested, I have more detailed write-ups here each week for the challenges I am able to solve. I do this because as a freshman, when I read the challenge write-ups they often went step-by-step but never elaborated on why a certain command was run or the strategy the user followed when solving the challenges. This is my effort to elaborate on the reasoning to the process.

Topic — Linux Blue Team

This week, participants were given an Ubuntu 16.04 (Xenial Xerus) virtual machine with several malware infections and misconfigurations. Points were earned by identifying and correcting these weaknesses, from PAM files to Apache backdoors and a basic Linux rootkit. Tools covered this week also touched on Linux memory forensics with an introduction to the Linux Memory Extractor (LiME) and the Volatility Framework. …

About

Wyatt Tauber

DFIR, CTFs, disinformation, STEM education, and pretty much anything else that comes to mind. RIT Computing Security ’22. wyatttauber.com

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store