Throughout my time competing in the National Cyber League (NCL), there have been a few key moments that have shaped the way I approach a challenge, both inside and outside the NCL Games. For example, writing my first log analysis script showed me how to automate tasks, and reversing my first binary changed how I looked at applications. However, the event that truly leveled-up my critical thinking and changed my approach to problem solving was creating CTF challenges. At my alumni, I had the opportunity to lead the development of a student-run, school-wide CTF; having never made a single CTF challenge before, this was a novel experience for me, and it changed my perspective on problem solving.

The first perspective I gained was “how to think like a hacker.” Having a hacker’s mindset is crucial in the cybersecurity world and is just as important when approaching a CTF challenge. To me, a good CTF challenge should be relatable to real-world skills and scenarios. Therefore, when creating a CTF challenge, I began thinking of how I would hack a certain type of network infrastructure or how I would compromise a vulnerable web application and then build a challenge around that approach. For example, when creating a log analysis challenge, I set-up the attack scenario of an attack against a local vulnerable “vsftpd” FTP server. To make that challenge I had to set-up the environment and simulate a real attack on my local server. This experience provided me with intimate knowledge of how the attack worked and what events triggered what log entries. Next time I was faced with an FTP log analysis challenge in NCL, I had a better understanding of exactly what user actions would cause what log entries. Another challenge I created helped me to understand the creativity behind the hacker’s mindset. While creating a hard network traffic analysis challenge, I wanted to find a creative way to exfiltrate strings of data over a network without raising obvious suspicion. So, I began researching how to covertly exfiltrate data over different network protocols without encryption. I ended up writing my own scripts to exfiltrate binary data through TCP packet size. Forcing myself to find a creative method to make a challenge opened my eyes to more creative thinking when solving challenges.

The second perspective I gained was “how to think like a creator.” Although good CTF challenges have real-world applicability, they are still challenges created by a person to strain your critical thinking abilities and teach you a cybersecurity concept. As I created challenges, I began thinking of little ways I could add a small aspect to a challenge to prevent out-of-the-box tools to solve the challenge right away. For example, having part of a image in a network capture file be corrupted so that Wireshark cannot automatically extract the image, forcing the competitor to find a more creative way to extract the image. Another example was encoding a message in 7-bit ASCII instead of the standard 8-bits, requiring the player to think outside of the box. As I took this mindset to NCL as a player, when a solution was not easily found, I applied a “creator’s mindset” to the challenge and started thinking outside the box. For example, when faced with a custom cypher, I approached the challenge from the mindset of “how would I make a novel cypher,” and from there, I eventually solved the challenge.

The improvement I saw from creating CTF challenges was not merely anecdotal; I saw a significant increase in my NCL leaderboard placements. The NCL season after I had worked on making a CTF, my ranking increased by nearly threefold. Certainly, creating a CTF was not the only factor that lead to a better placement, but it was definitely a major contributor to my technical and personal growth.

gond0r