Course Outline & Schedule

Call +44 207 620 0033

Cyber Defender Foundation (CTF)

Course Code QACYDEFF

Duration 2 Day Course

Price Available on request

Course Description
The cyber defender foundation capture the flag (CTF) has been designed to test and teach those responsible for detecting
and defending an organisation against a cyber-attack. The QA cyber lab offers a safe environment for IT and security teams
to develop their cyber defence skills and put to them to the test against the clock.

This is not for your elite 'hackathon# champions, this foundation CTF provides a learning platform for your multi-discipline
technical teams to work together collaborating as they would do in a real cyber-attack. During the event challenges are
released which requires the participants to navigate through systems, seeking vulnerabilities, exploiting, decrypting,
whatever it takes to find the flag. Talented individuals working in isolation can't defend an organisation successfully. Learn
the necessary cyber defence 'trade craft' skills, in our state of the art cyber lab, a fully immersive learning experience,
harnessing the talent within your teams to solve the challenges together before you have to do it for real.

Objectives
Delegates will be able to demonstrate the following:

How to work as a team during complex technical tasking

Use numerous Penetration testing tools such as; Wireshark, SQLMap, ZAP, NMAP, Metasploit and more to perform
tasks and gain flags.
Cyber defence 'tradecraft' problem solving activity
System, network and service enumeration
Application enumeration and profiling
How data is encoded, decoded, encrypted and decrypted using various algorithms as a means of evading detection

Course Modules
Day One

Round 1 - General Linux Capabilities (1 topic)

◾ Delegates will learn the commands needed to navigate around a Linux System, from being able to locate a specific file

© Perpetual Solutions Ltd 2020 - Page 1 of 3

 Course Outline & Schedule
Call +44 207 620 0033

to killing running processes. Gaining the necessary skills and knowledge to not only know how to look but were to look
for signs of an attack, which will come in very useful as they progress through the rounds and are able to respond
swiftly to an incident. Knowing where to look is a key element in finding a flag for your team and delegates will be
shown the key places that a hacker may leave clues behind.

Round 2 - Kali Linux Defensive Skills (1 topic)

◾ Delegates will be taught the foundation elements of the Kali Linux environment and will be taught a subset of the many
tools available within the Kali Linux suite. Including the more advanced tools of Kali Linux distribution which will form
the building blocks for later modules.

Round 3 - Encoding and Decoding (1 topic)

◾ Malware and other types of backdoors use encoding and encryption to hide what they do and to help avoid detection.
Delegates will be taught how strings and data can be encoded and decoded using Base64, Hexadecimal and Binary
and how this data can be decoded. Delegates will also be taught ways in which data can be encrypted and decrypted
using various cryptographic algorithms and ciphers. This will teach each of the learners the foundation skills and
knowledge needed to reverse engineer malware and backdoors which use these types of tricks to avoid detection.

Round 4 - Incident Response (1 topic)

◾ After a cyber-attack it is important to determine how a cyber breach occurred, what the attacker did and what
information the attacker managed to access. Delegates will be taught some of the ways in which systems can be
compromised and the purpose of log files and how to analyse those log files for signs of breach allowing them to build
a picture of how the attack happened and what the attacker achieved during the compromise. Delegates will be shown
how to find backdoors installed by attackers and how to safely remove these backdoors.

Round 5 - Penetration Testing (1 topic)

◾ Penetration tests allow system administrators and security professionals to identify vulnerabilities and weaknesses in
their systems and platforms which could be exploited by an attacker. Delegates will be taught how to conduct a
penetration test, testing for weak authentication, scanning remote services for vulnerabilities, exploitation of
vulnerabilities and patching those vulnerabilities.

Day Two

Round 1 - General Linux Capabilities – CTF Challenge (1 topic)

◾ Round one will require the delegates to use the commands learnt on the first day to navigate their way through a Linux
system finding all the flags in question, they will need to remember the command line to use to find what they are
looking for. This could be anything from the architecture to the operating system or even more specific hardware and
software elements to form a level of confidence when using Linux Command Line.

Round 2 - Kali Linux Defensive Skills – CTF Challenge (1 topic)

◾ Round two will cover the various aspects of Kali Linux where delegates will be asked to perform a number of tasks, in

© Perpetual Solutions Ltd 2020 - Page 2 of 3

 Course Outline & Schedule
Call +44 207 620 0033

their team, all of which can be found using the expansive suite of tools with the Kali Linux environment. This round
engages both novices and experts covering tasks with varied difficulty. Each task requires the submission of a flag, the
goal being to submit maximum number of flags in the allocated time.

Round 3 - Encoding and Decoding – CTF Challenge (1 topic)

◾ Round three will cover various types of encoding, decoding, encryption and decryption where delegates will be asked to
encode/decode messages and solve a number of cryptographic puzzles which include alphabetical and numerical shift
ciphers and transpositions. Delegates score flags for entering the correct encoded/decoded message in each of the
tasks. This simulates the ability to detect and respond quickly to an insider attack and gain an understanding on an
attacker's covert communication mind set.

Round 4 - Incident Response – CTF Challenge (1 topic)

◾ Round four will require each delegate to perform a number of tasks to clean up after a cyber breach. This requires
delegates to find backdoors installed by an attacker, identify compromised systems and services and modified user
accounts allowing the attacker to regain access to the environment. Establish a timeline of the cyber-attack and
determine how the system was compromised.

Round 5 - Penetration Testing – CTF Challenge (1 topic)

◾ Round five explores the detail behind a penetration test of a compromised system where delegates will be asked to
identify vulnerabilities and exploit those vulnerabilities ranging from weak authentication all the way to remote
command execution in both web and system applications. Delegates will be able to review the more basic SQL
injection to the more complex process of privilege escalation by exploiting buffer overflows.

CTF Scoring (1 topic)

◾ Each of the five CTF challenge rounds will cover a number of tasks ranging in difficulty engaging both novices and the
more able delegate, in various aspects of Linux, networking, cryptography, incident response, penetration testing and
exploitation of various types of vulnerabilities. Flags are awarded for successfully completing each task in each round.
Each task is worth one flag and the team at the end of the five rounds with the most flags wins. Time will be used as
the tiebreaker.

Prerequisites
There are no explicit predefined prerequisites required for the challenge event as the instructor will lead the delegates
through the event from the introductory modules to the more advanced tasks. However we recommend that delegates have
experience of Windows and Linux operating systems in a networked environment. CLI skills, which include the navigation of
file directories for both Windows and Linux. The ability to interrogate network systems for basic information such as IP
address and MAC address. Knowledge of network fundamentals (IP addressing, subnets, routing). Familiarity with TCP/IP
stack and the OSI Model and knowledge of common internet protocols.

© Perpetual Solutions Ltd 2020 - Page 3 of 3