1. Preparing for the Competition
Dates
Scoring
Tools
Setting up your Computers

2. Disclaimer
Nothing learned here should be used outside this room or on networks you do not have explicit permission to conduct tests on. Misuse of these skills will lead to immediate removal from further meetings. If I find you are acting in a way which is not in accordance with moral or ethical standards, I will make it my mission to specifically use you to test every attack I know. Enjoy.

3. Contact – Christopher Flatley
Phone
(914)
WhatsApp

4. Goal
Prepare you for the NCL Competition as well as give you a strong working understanding of some of the tools used by security professionals in the cyber security field
I will not be able to teach you everything but I can provide the groundwork for you to be able to go further and solve problems

6. Coaches can not help during the Preseason, Regular Season, or Post Season

7. Cost Pre / Regular Season Post Season $25 Per Player (Individual)
$10 Per Player (2 to 5 People)
Unlimited # of Teams per Institution

8. Brackets
All Regular Season registrants will participate in a mandatory Preseason game. Based on the results of NCL’s mandatory Preseason Game, players will be placed in one of three brackets, to facilitate Regular Season play amongst individual players with similar knowledge and skill levels.
 BRACKETS:
The NCL Mandatory Preseason Game will identify individual players with similar knowledge and skill levels; players will be placed in one of 3 brackets as follows:
Bronze: novice players. Players will have limited existing knowledge and skills and should be able to complete some or most of the preparatory lab exercises
Silver: intermediate players. Players will have an intermediate level of knowledge and skills and should be able to complete all of the preparatory lab exercises
Gold: experienced players. Players will have the highest level of knowledge and skills (e.g., have already completed relevant certifications and/or completed more advanced study)

9. At the end of the Preseason game, all players’ scores will be totaled and used to place players in the appropriate bracket in their Conference:

11. Ethical Behavior and Rules of Conduct 2017 Season (updated 02/25/17)
Players are forbidden from accessing or attempting to access another player’s machine, or account
Players are free to examine any target systems. Attacks or other offensive activity against any other player’s systems or the NCL systems is forbidden and will not be tolerated. Any player performing offensive activity against other players’, or the NCL’s systems, will be immediately disqualified and expelled from the game.
You DO hereby have express permission to attack any asset designated as an NCL game "target," so long as you abide by the game rules and terms of this rules document.

12. Acquiring tools Be careful downloading from unknown places
I have access to a repository of known safe downloads so if you are looking for something then I may have it
That being said still be cautious, use Sandboxie and VirtualBox
All Internet resources used during the game must be freely available to all players.

13. Recommended Tools & Equipment
Game is cloud based but you do need to be able to download files and work on them on your computer
External Hard Drive
Dedicated Laptop

14. 1 TB External HDD $55

15. Lenovo Thinkpad $34.62

16. Provided by me
Laptop
Hard drive loaded with Wordlists, programs, etc

17. Team Strategy Coaches can not help during the competition
Working together as a team vs. picking individual strengths
Write down your answers before submitting
Accuracy counts
Have someone check them over

20. Open Source intelligence
Topics
Malware
Data
Bitcoin
Etc
Programs Used
Google
Waybackmachine
Example Question
What is the CVE of the ransomware known as Bad Rabbit?
How many seconds did the Bad Rabbit ransomware wait before launching an attack?
What web framework is running on the website of
Who is the CTO for Lead Cyber Solutions?

21. Cryptography Topics Programs Used Example Question Cryptography
Ciphers
Steganagraphy
Programs Used
Cryptocrack
Hashcat
John the Ripper
Digitial Invisible Ink Toolkit
Example Question
What is the flag in this picture?
What is the plaintext of niosandionaiowdhuiduigqwiudgabduau?

22. Scanning Topics Programs Used Example Question Web Scanning
Network Scanning
Programs Used
OWASP ZAP
DirBuster
Nmap
Maltego
Example Question
Find hidden directory on webservers

23. Password Cracking Topics Programs Used Example Question OPH Crack
John the Ripper
Example Question
QAsFnTG::18C3712B9296FE81AAD3B435B51404EE:F271C0A449D600DED85D615B3 6B92404:::

24. Log Analysis Topics Programs Used Example Question Splunk
SQL Browser Lite
Notepad ++
Example Question
How many IP addresses logged into the system?
When was there suspicious activity?

25. Network Traffic Analysis
Topics
Programs Used
Wireshark
Network Miner
Fiddler
Example Question
Find credit card numbers from web traffic
Find the device on the network that is performing nmap scans

26. Wireless Access Exploitation
Topics
Programs Used
Aircrack-ng
Kali
Example Question
Given the pcap file, find the WEP passcode
Find WPA passcode

27. Web Application Exploitation
Topics
Programs Used
Metasploit
SQL Invader
BURP
MXToolBox
Example Question
Perform SQL injection
Read the source code and find vulnerability
Issue remote commands to the server

28. Enumeration and Exploitation
Topics
Programs Used
Kali
Uncompyle6
Binwalk
foremost
Example Question
Find the flag in this exe file.

29. Tentative Schedule Week Date Topic 1 Thursday, February 1, 2018
Introduction 2
Thursday, February 8, 2018
Open Source Intelligence / Password Cracking 3
Thursday, February 15, 2018
Password Cracking / Network Traffic Analysis 4
Thursday, February 22, 2018
Network Traffic Analysis 5
Thursday, March 1, 2018
Log Analysis 6
Thursday, March 8, 2018
Cryptography 7
Thursday, March 15, 2018
Scanning 8
Thursday, March 22, 2018
Web Application Exploitation 9
Thursday, March 29, 2018
Wireless Access Exploitation 10
Thursday, April 5, 2018
GYM IS OPEN BEGIN ON TOPICS THERE