If this is your first time coaching students for the National Cyber League (NCL), then read on for helpful information on how to coach students. If you are a Coach who has done this for a few seasons, then read on for a new twist on how to help your students succeed.
Note: This is a guide for coaches who are somewhat knowledgeable about cybersecurity; it may not apply if you are a coach who does not have that background knowledge.
First, check to make sure you are registered as a Coach (registering as a Coach is completely free) and that your students are registering using the link you provided. Each student should then appear in your advisor dashboard on the Cyber Skyline website. In the advisor dashboard, you can also check on the number of points and accuracy for each student you are advising/coaching. You can select the Gymnasium, Preseason Game, Individual Game, and Team Game to examine the stats for each Game.
When you click on each student’s handle name, you can drill down on each module to determine where each student is excelling or struggling and which challenge each student attempted. In the advisor dashboard, also called “advisor insights”, you can look at the timeline and score distribution of your students. Use this as an advising guide to ensure your students are doing well!
How to Coach
The best way to coach your students is to use the Gymnasium. The Gymnasium has the same modules and similar challenges as the actual Games. The Gymnasium operates similar to the Games with points and accuracy. The challenges are also categorized as easy, medium, and hard. One major difference is that the Gymnasium provides hints and solutions for most challenges.
There are a few ways to go from here. It is up to you to decide which way is best for you and your students. You can also “mix and match” as needed.
Let the students work in the Gymnasium independently or in small teams going through each of the module’s challenges one by one. The students can look at the hints and solutions as needed. It is recommended that students attempt to solve the challenges before looking at the solutions. The Coach can then check in regularly, e.g. every few days or every week, to look at everybody’s progress.
If you are coaching the students for a class, student organization, or cybersecurity club, you can go through some of the Gymnasium challenges in front of everybody, then allow the students to work on the rest of the challenges. When solving the first few Gymnasium challenges, provide your reasoning/walk-through out loud so that students can learn from that. For the remaining challenges, give students some time to work through the questions themselves. You can provide some hints for Gymnasium challenges along the way. Note that some challenges are easy and quick to solve, whereas others can take minutes or hours. The guided way allows you to check in on students. You can also have the students work in small teams in the Gymnasium as needed.
With this method, you can also ask some students to share their Gymnasium solutions with the rest of the class. For many of the challenges, the solution itself is not as important as the walk-through—that is, how the student reasoned and found the solution. The journey to find the solution is more important than the answer. This is true for cybersecurity in general since it is a fast-changing field.
This is similar to the previous method, but you walk through every challenge in the Gymnasium and give the walk-through/solution for each challenge. Students can follow along. Make sure to slow down so no student is left behind. Students can always review each Gymnasium challenge later.
What to Coach
Cybersecurity is a huge field, so it is hard to teach students the exact things they need in order to do well in the Games. For example, you might teach them about Apache and SSH logs, but a challenge might be about Nginx logs. Below is a general overview of each module:
Open Source Intelligence (OSINT)
This is mostly a “decoding” module. Here are some useful ciphers/encodings to know: binary, hexadecimal, base64 (usually ends with =), Caesar cipher, Morse code, Vigenere cipher, Affine cipher, ROT-13, atbash, and railfence. There are also image-based ciphers. Check this blog post for more details: An Introduction to Cryptography. There is also a Cryptography blog category that links to additional posts.
This module (usually inside the bigger Cryptography module) is about finding hidden information inside images, text, or binaries. See the Steganography blog category for some advice.
Password cracking probably doesn’t require any introduction. You are given some hashes and need to find the plaintext password. See the Password Cracking blog category to find blog posts on the subject.
This module requires answering questions about the provided logs. Usually, these logs are text files, but sometimes they can be database files. Installing the correct software can make all the difference here. For example, for a sqlite3 file, you can install sqlite3, which requires knowledge of basic SQL commands, or use a graphical SQLite database viewer. Browse the Log Analysis blog category for more tips and tutorials.
Network Traffic Analysis
This is pretty much analyzing pcap files using Wireshark. Some pcap files include HTTP traffic, others could be SSH, and others could be other applications (previous seasons have used “Among Us” or Bluetooth connection). To practice this module, spin up a virtual machine (VM), record the network traffic of some application(s), then ask students to answer some specific questions about what happened. You can find more advice by searching through the Network Traffic Analysis blog category.
Wireless Access Exploitation
Similar to Network Traffic Analysis, these are usually wireless pcap files. Again, Wireshark will be useful. As of the Fall 2020 season, Wireless Access Exploitation now falls within the Network Traffic Analysis module, but you can still find blog posts tagged as Wireless Access Exploitation specifically.
Forensics is a fairly new module. Digital forensics is generally used to uncover important data that was lost, stolen, or damaged in a breach. The tools that can be used for this category depend on the individual challenges. Read blog posts in the Forensics category for some specifics.
Make sure to tell students to read the description. Sometimes automated tools are not allowed. This is a diverse module. Some of the challenges involve network scanning, others are more file scanning or host/operating system scanning. Posts in the Scanning blog category can help you learn what to expect.
Web Application Exploitation
A web application is provided and the goal is to exploit that web application. Note that, usually, automated tools are not allowed for this module. Gather ideas for how to approach this module by looking through posts in the Web Application Exploitation blog category.
Enumeration and Exploitation
This module involves looking at and exploiting code. The code could be the source code or a binary. Knowledge of a programming language is important, but knowledge of the particular language used in the challenge is not important. For example, if a student does not know Python but knows Java, the student can likely figure out what a Python source code is doing. A lot of times, this module involves compiling and running code, thus running inside a VM is paramount. Do not trust any code from the Internet. You’ll find other useful tips in the Enumeration and Exploitation blog category.
I would highly recommend that all Coaches attempt to complete the Games. A Coach does not need to pay the registration fee. This will help Coaches provide better advice to their students.
You can treat the NCL as a game, so there are basic types of advice you can give to your students (as long as they are not specific to any challenges). For example, go for the easy challenges first. If they are stuck, move on to the next challenge. For Team Games, communication is key.
The NCL has different modules, so encourage students to tackle the easy or familiar modules first, especially in Team Games.
There are more resources and sample challenges you can go through with your students, even before the Gymnasium opens, here on the CryptoKait website.
Incorporating NCL as Assignment
Some Coaches make the NCL a graded assignment for their classes. If you plan to do that, make sure the assignment is doable for all students since usually every student has a different background and set of technical skills. Instead of asking the students to solve every challenge, you can ask them to solve for K out of N challenges or for X out of Y points. You can further divide it up—for example, beginner students need to obtain X1 out of Y points and more experienced students need to obtain X2 out of Y points, where X1 < X2. If you need some guidance for integrating NCL into your coursework, take a look at this example syllabus PDF from the NCL.
You can assign the Gymnasium, Preseason, Individual, Team, or any combination as part of the assignment. The Gymnasium is available for a long period of time. The Preseason Game is available for about a week. The Individual and Team Games are available for a weekend. Make sure to announce this to your students so they can plan ahead of time (especially the Individual and Team Games).
I have personally done this, and students have generally liked the NCL as part of their grade. You can ask the students to pay for themselves (make sure to provide a link so you can be their Coach) instead of a textbook, or you can use any lab/technology fees from the college/university to cover the students’ registration fees.
Remember that you, as the Coach, cannot provide any help while any of the Games are underway. This includes the Preseason, Individual, and Team Games. The recommendation is to use the Gymnasium to prepare your students for the Games.
Rules of Conduct
Make sure you, as the Coach, read the Rules of Conduct. Also, make sure to inform your students to read the Rules of Conduct carefully! It may be beneficial to go over the Rules of Conduct with your group, especially if it will count towards their grades.