Helping Students During the Games

I want to start out by emphasizing that coaches cannot provide any help to students during the National Cyber League (NCL) Games. This includes the Preseason, Individual, and Team Games. Help can be provided before the Games for the Gymnasium challenges.

Here is a link to the rules of conduct.


The Gymnasium is available to all students and can be used as practice or as a way to learn more about the challenges or tools that are commonly used. Use the Gymnasium, Coach! Coaches can provide as much help as needed for all Gymnasium challenges, including solutions, how to get to the solutions, how to use certain tools, and so on.

The Gymnasium contains all the modules used in the actual Games. The challenges are also usually similar conceptually. Solving the Gymnasium challenges is the best way to prepare for the Games.

Even though help from coaches is not allowed during the Games, a brief overview of tools that are commonly used for each challenge can help students to do well.


I will list some commonly used tools, along with some hints, for each module. This is, by no means, an exhaustive list. Please comment to recommend more hints or tools to be added to this blog. You can also check out the blogs that correlate to each category of the Games for more detailed tutorials.

Open Source Intelligence (OSINT)

Some general tools I recommend to my students are:

  • Google
  • Wikipedia
  • Maps
  • Wiggle for wireless OSINT
  • exiftool for pictures metadata
  • dnsrecon, ngrecon, Harvester for some challenges that require more in-depth analysis

Click to find blog resources related to Open Source Intelligence.


Common ciphers/encodings to know are binary, hexadecimal, base64 (usually ends with =), Caesar cipher, Morse code, Vigenere cipher, Affine cipher, ROT-13, atbash, and railfence. There are some image-based ciphers. A Google reverse image search can help here. Some useful tools/websites to recommend to students are CyberChef and Rumkin.

Some useful tools to know for stenography are strings, steghide, Digital Invisible Ink Toolkit, binwalk, strace, stegsolve, and gimp (or your favorite photo editor).

Click to find blog resources related to Cryptography and Steganography.

Password Cracking

Common tools for password cracking are John the Ripper, Hashcat, crunch, ssh2john, pdf2john. The most common password list is the rockyou leaked password dataset.

Click to find blog resources related to Password Cracking.

Log Analysis

Some useful tools would be basic Linux commands such as cut/awk/grep/sort/uniq, Splunk (there is a free version; the paid version cannot be used during the Games), and using a spreadsheet. The spreadsheet can be tedious but useful for doing things like averages or sums. A simple shell script or program can also be written to answer the questions in the log analysis module. Any programming language such as Java or Python would do the trick.

Click to find blog resources related to Log Analysis.

Network Traffic Analysis

Wireshark is the leading software for network traffic analysis. The integrated web traffic analyzer is okay or even tcpdump for those more text-oriented. However, Wireshark makes answering this module much easier. To practice this module, spin up a virtual machine, record the network traffic of some application(s), then ask students to answer some specific questions about what happened.

Click to find blog resources related to Network Traffic Analysis and Wireless Access Exploitation.

Wireless Access Exploitation

Within the Games, Wireless Access Exploitation has been absorbed into Network Traffic Analysis, but it remains an independent module of the Gymnasium. Wireshark again comes to mind for this module. Aircrack-ng would also be another useful tool in this module to crack WEP passwords.

Click to find blog resources related to Network Traffic Analysis and Wireless Access Exploitation.


Some useful tools are gimp (for image forensics), Redline, Autopsy, and Volatility. Many of them are freely available.

Click to find blog resources related to Forensics.


Some useful tools here are knowledge of Linux commands, nmap, and dirb.

Click to find blog resources related to Scanning and Reconnaissance.

Web Application Exploitation

Use your typical web browser to solve this module. This involves using the “web inspector”. A text-based browser such as curl can also be very useful in this challenge. Knowledge of web protocol, such as cookies, SQL injection are helpful. Burp is another tool that allows manipulation of requests and responses.

Click to find blog resources related to Web Application Exploitation.

Enumeration and Exploitation

IDA Pro, Ghidra, and gdb are all useful tools for this module. This sometimes requires some reverse engineering which can be tedious but so rewarding when successful.

Click to find blog resources related to Enumeration and Exploitation.

General Help

It is still up to each student to understand each challenge in the Games and to solve them. The primary skills needed to solve most of the NCL Game challenges are general problem solving skills, the ability to work and think independently, and thinking outside the box to solve new, never-before-seen problems.

Overall, the NCL prepares students for a real-life cybersecurity career, since they will encounter things they have never seen before, will have to do or learn things on their own, and solve problems they have not been trained to solve. This is not to say that cybersecurity education or training is not adequate. It is just impossible to teach everything. For example, a class might cover HTTP and SSH log analysis using Splunk, but not SCADA logs. Students will have to figure out how to understand the structure of unfamiliar logs and use the tools provided to perform an accurate log analysis.

The linked section of this blog post outlines which resources are (and are not!) available to students while a Game is in progress: Everything You Need to Know About the NCL Preseason Game: Bookmark Resources.

Rules of Conduct

Make sure you, as the coach, read the rules of conduct. Also, make sure to instruct your students to read the rules of conduct carefully! Reread the rules of conduct every single season, no matter how many seasons you’ve been involved in, because new rules may be added in between seasons. You and your players should also be reading CryptoKait’s blog post about cheating to be absolutely certain of what constitutes cheating, as well as the Top 10 Dos and Don’ts. Please do not break the rules of conduct. This might mean a trip to student/academic affairs or the Dean of students, as this is a serious infraction. Most people, coaches included, do not like paperwork. In worst-case scenarios, schools found to be in repeated and systemic violation of NCL rules may be banned from the Games entirely.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.