The CTF Cluster had a fantastic time delivering a marathon, 3-day long Capture the Flag (CTF) event during the Wales Tech Week symposium at the International Convention Center in Newport.

 

The CTF was open to all attendees of the event.  Laptops were set up on work-benches by the award-winning SudoCyber team and attendees were invited to demonstrate their cyber knowledge and skill in a 15 minute 'sprint' competition. 

 

Competitors had to tackle a series of cyber challenges, running in safe, sandboxed virtual machines and successfully achieve the sort of tasks normally carried out by hackers and malicious actors in cyberspace.  Each task achieved won the participant a 'flag'.

 

The person who won the most flags, regardless of how many flags they attempted and failed, during the 3-day event was the overall Red Team winner.

The person who achieved the highest 'success rate', by succeeding at the highest percentage of flags they attempted, was the overall Blue Team winner.

 

Avril Lewis MBE, the Managing Director of 'Technology Connected', the organisers of the Wales Tech Week event alongside Marc Del-Valle, the CEO of SudoCyber and the North Wales Cyber Security Cluster lead were delighted to congratulate the red and blue team winners who each walked away with a limited edition trophy made from engraved slate from North Wales.

 

The CTF Cluster is honoured to welcome Jim Manico, a Global Board Member for the OWASP foundation, to join our July meeting.

Jim is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for Nucleus Security, BitDiscovery, Secure Circle and Inspectiv. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press.

Jim also volunteers for the OWASP foundation as the project lead for the OWASP Application Security Verification Standard and the OWASP Cheatsheet Series. For more information, see https://www.linkedin.com/in/jmanico.

Title: Request Forgery on the Web - SSRF, CSRF and Clickjacking
This technical talk on various forms of request forgery is meant for the software developer who needs to build secure software. Cross-Site Request Forgery, or CSRF, will allow an attacker to trick a user into submitting a transaction they never intended to submit. This attack-type requires very specialized defense.

We will discuss various historical CSRF attacks and investigate a wide range of defensive strategies such as nonce tokens, SameSite cookies, and the double-cookie submit pattern. SSFF is a direct attacker category meant to trick your servers into making additional requests than never intended to.

Clickjacking is a way to trick users into taking actions and entering data into one site while another is collecting those events. We will be helping developers stop forgery on the web in this talk!

If you'd like to learn more about this truly inspiring cyber leader then have a listen to this interview with Jim for The Secure Developer Podcast published on HeavyBit. He is described in this interview as "definitely one of the more noise-making well-known figures in the world of application security".

If you'd like a better idea of Jim's courageaous and outspoken approach to cyber security, then have a read of this amazing open letter that Jim wrote to President Obama in 2015!

We are obviously chuffed to bits that Jim is being so supportive of our efforts to provide a welcoming environment for all abilities to come and learn more about cyber. Rather than our usual high-level overviews, this meeting is an opportunity to learn more detailed techniques and approaches from one of our industry's top international educators.

See you all there!

Link to the event - https://global.gotomeeting.com/join/935027925

We cannot possibly compete with the virtual running of Europe's pre-eminent cyber security event - InfoSec - so we urge you all to attend their You Tube sessions and we will see you next month.

We cannot possibly compete with the NCSC's Flagship Event - CYBERUK - so we urge you all to attend their You Tube sessions and we will see you next month.

In an effort to put our CTF'ing skills to good use, we are currently on a bit of a journey through the treasure trove of skills and techniques that are required to gain the internationally recognised Offensive Security Certified Professional (OSCP) certification.

The OCSP training and exam typically covers the below topics:

• Kali Linux Intro (inc command line, common tools and bash scripting)
• Passive and active recon methods
• Finding and understanding vulnerabilities
• Web application attacks (inc OWASP Top 10)
• Buffer overflow attacks
• Client-side attacks
• Working with exploits
• Defence evasion
• Privilege escalation
• Password attacks (inc cracking and brute forcing)
• Port redirection and tunnelling
• Exploitation frameworks

For more information on the OSCP certification and the type of content we will be covering visit this link: https://www.offensive-security.com/pwk-oscp/

In our March meeting we explored Injection Attacks. Explaining and demonstrating exactly what SQL Injection is, how it works and showing how easy it is to prevent, which raised some discussion about why so few web site developers actually take the time to protect sites from this critical weakness.

For our April meeting we will be deep-diving into the dark art of Cross Site Scripting, which is a branch of injection but definitely one worth exploring in detail.

So, if you are thinking of using your CTF skills and knowledge to gain some industry qualifications, such as OSCP, then feel free to join in with the next Cyber Wales CTF Cluster session.

Link to the event - https://global.gotomeeting.com/join/696820405

In an effort to put our CTF'ing skills to good use, we are currently on a bit of a journey through the treasure trove of skills and techniques that are required to gain the internationally recognised Offensive Security Certified Professional (OSCP) certification.

The OCSP training and exam typically covers the below topics:

• Kali Linux Intro (inc command line, common tools and bash scripting)
• Passive and active recon methods
• Finding and understanding vulnerabilities
• Web application attacks (inc OWASP Top 10)
• Buffer overflow attacks
• Client-side attacks
• Working with exploits
• Defence evasion
• Privilege escalation
• Password attacks (inc cracking and brute forcing)
• Port redirection and tunnelling
• Exploitation frameworks

For more information on the OSCP certification and the type of content we will be covering visit this link: https://www.offensive-security.com/pwk-oscp/

In our February meeting we rattled through the OWASP Top 10 and had a lively discussion about Web Hacking. We all agreed that two of the Top 10 stand out above the others, not necessarily because of the criticality but because they are so common both in the real world and in CTF competitions.

For our March meeting we will be deep-diving into the all-encomapassing world of Injection Attacks. If there is time we will also cover the dark art of Cross Site Scripting, which is a branch of injection but definitely one worth exploring in detail. If we run out of time before covering XSS we will revisit it again in April. Exciting couple of meetings ahead!

So, if you are thinking of using your CTF skills and knowledge to gain some industry qualifications, such as OSCP, then feel free to join in with the next Cyber Wales CTF Cluster session.

Link to the event - https://global.gotomeeting.com/join/830194253

In an effort to put our CTF'ing skills to good use, we are currently on a bit of a journey through the treasure trove of skills and techniques that are required to gain the internationally recognised Offensive Security Certified Professional (OSCP) certification.

The OCSP training and exam typically covers the below topics:

• Kali Linux Intro (inc command line, common tools and bash scripting)
• Passive and active recon methods
• Finding and understanding vulnerabilities
• Web application attacks (inc OWASP Top 10)
• Buffer overflow attacks
• Client-side attacks
• Working with exploits
• Defence evasion
• Privilege escalation
• Password attacks (inc cracking and brute forcing)
• Port redirection and tunnelling
• Exploitation frameworks

For more information on the OSCP certification and the type of content we will be covering visit this link: https://www.offensive-security.com/pwk-oscp/

In our December meeting we picked up where we left off exploring the active aspects of Reconnaisance and then continue into the next topic, which was finding and understanding vulnerabilities using scanners like NMAP NSE, Nessus and Nikto.

So, if you are thinking of using your CTF skills and knowledge to gain some industry qualifications, such as OSCP, then feel free to join in with the next Cyber Wales CTF Cluster session.

Here is the slide deck used on the event OWASP Top Ten

For our first meeting of this New Year we are going to merge the CTF Cluster meeting with the All Wales Cyber Security Cluster meeting to run a really unusual joint session.

"That was the year that was" - those of you of a certain age will know what year Tom Lehrer was describing in his famous album but I'm sure he would agree that 2020 was a strange year for everyone. It has been a challenge for many people and a growth opportunity for others. There are some great examples of people pulling together during the year along with some heart-warming success stories in the Cyber Wales Ecosystem and indeed, Cyber Wales istelf has grown and developed in ways we could not have predicted.

We are going to have a positive and good-natured look back on 2020. We will canter through the year looking at it from the perspective of both the Oldest Cyber Cluster in Wales and the Newest Cyber Cluster in Wales and chat about the speakers, the venues and the things that were going on around us as the year progressed.

For example:-

• British Cyber Ambassador to the USA
• CIISEC and the doomed 6 Nations
• NHS Call to Arms
• Cyber in the British Armed Forces
• HackTheBox, VulnHub & Immersive Labs
• HARMA Virus and SMBGhost
• GlobalWelsh
• Germany, the Middle East and Japan
• Launch of Cyber Coleg Cymru
• Wrexham and Cardiff and USW CTFs
• Digital Wales, NDEC
• UK National Police Cyber
• Digital Leaders
• Cyber Innovation Showcase
• Finding missing persons in the USA
• Learning to pass OCSP from OWASP
• and of course the NCSC who saved us all 100 times over and we didn't event know it!

For those of you who were at the meetings, this will be a wonderful reminder of the fun we had.

For those of you who didn't manage to get to all the meetings, this will be a chance to see all of the amazing things that have happened to the people and the organisations that make up the Cyber Wales Ecosystem in all our crazy diversity.

So, if you are wondering what to do next Tuesday afternoon that will make you smile, then feel free to join in this open and interactive homage to the year that never was at the next Cyber Wales Cluster session.

Link to the event - https://global.gotomeeting.com/join/332102381

Last month, we resumed our journey through the treasure trove of skills and techniques that are required to gain the internationally recognised Offensive Security Certified Professional (OSCP) certification.

The OCSP training and exam typically covers the below topics:

• Kali Linux Intro (inc command line, common tools and bash scripting)
• Passive and active recon methods
• Finding and understanding vulnerabilities
• Web application attacks (inc OWASP Top 10)
• Buffer overflow attacks
• Client-side attacks
• Working with exploits
• Defence evasion
• Privilege escalation
• Password attacks (inc cracking and brute forcing)
• Port redirection and tunnelling
• Exploitation frameworks

For more information on the OSCP certification and the type of content we will be covering visit this link: https://www.offensive-security.com/pwk-oscp/

In our November meeting we explored Reconnaisance in all its forms and looked at some typical vunerabilities that can be easily identified. Our cunning plan was to cover both the Passive forms of recon and the more Active forms. However, we were having so much fun and the group was so interactive that we didn't really have a chance to do as much as we wanted.

This month, we will pick up where we left off with active recon and continue into the next topic, which is finding and understanding vulnerabilities.

So, if you are thinking of using your CTF skills and knowledge to gain some industry qualifications, such as OSCP, then feel free to join in with the next Cyber Wales CTF Cluster session.

Link to the event - https://global.gotomeeting.com/join/361623893

Last month, our meeting formed part of the UK National Digital Leaders Week of events and so we reverted back to the content of our inaugural meeting to explain all about CTFs, why the Cluster exists and show some examples of the challenges, labs and 'flags' that are used in CTF competitions.

We also discussed that whilst this wonderful 'gamification' of cyber can be fun and rewarding it is also the most effective form of accelerated learning and a great way for Blue Team people (cyber security teams) in organisations to learn more about the mindset and capabilities of the Red Team (hackers) which helps them to grow and develop better defences against cyber threats.

With this in mind, in our meeting this month, we resuming our journey through the treasure trove of skills and techniques that are required to gain the internationally recognised Offensive Security Certified Professional (OSCP) certification.

The OCSP training and exam typically covers the below topics:

• Kali Linux Intro (inc command line, common tools and bash scripting)
• Passive and active recon methods
• Finding and understanding vulnerabilities
• Web application attacks (inc OWASP Top 10)
• Buffer overflow attacks
• Client-side attacks
• Working with exploits
• Defence evasion
• Privilege escalation
• Password attacks (inc cracking and brute forcing)
• Port redirection and tunnelling
• Exploitation frameworks

For more information on the OSCP certification and the type of content we will be covering visit this link: https://www.offensive-security.com/pwk-oscp/

In our September meeting we ran through an introduction to Kali Linux which included discussions about the plethora of tools and a quick demonstration of the power of bash scripting.

This time we explored Reconnaisance in all its forms and looked at some typical Vunerabilities that can be easily identified. The slides we used can be downloaded here

So, if you are thinking of using your CTF skills and knowledge to gain some industry qualifications, such as OSCP, then feel free to join in with the next Cyber Wales CTF Cluster session.

This event is being run as part of Digital Leaders Week 2020
With the title "Capture the Flag - just a game or genuine accelerated learning for all".

“Hackathon”, “Cyber Challenge”, “Code Fest”, “Red Team vs Blue Team”, “Black-hatting” and “Capture the Flag”

These are all words that are very familiar to people who have been involved in competitive computer gaming or hacking but they are relatively new to the 'main stream' and have really come to the fore along with the rise of the cyber threat and need for everyone to become more cyber-savvy.

For the un-initiated, these words may also conjure up some scary images of rooms full of very knowledgeable computer geeks with lots of experience of hacking who could undoubtedly run rings around anyone who would not be considered an “expert”.

But... are you curious? Have you ever wondered:- • What it's all about? • What actually happens at one of these events? • Just how much knowledge and/or experience do you need in order to take part? • Is it just fun or are there hidden benefits to the 'gamification' of the hacker vs the SOC contest? • Can this 'game' really help to accelerate learning in cyber for anyone? • Does being a skilled hacker also make you a much better defender?

If so, then welcome to The Cyber Wales Capture the Flag Cluster This cluster is designed to provide a welcoming environment for all abilities to come and learn about the techniques required for participating in CTFs, whether you are looking to actually join in or you just want to know more about how it all works.

Members of the Cluster will be walking through a selection of 'typical' capture the flag challenges, exactly the kind of things that appear on real competitions and explaining what is needed to tackle them, what a 'flag' is and showing how to find it.

You won't need a laptop to just sit and watch the action but the information will be available if you want to follow-along and/or have a crack at the flags yourself. It will also be available after the event if you want have a go in your own time.

If we have peaked your curiosity, then we look forward to welcoming you to this relaxed and chatty web-session where we will shine some spotlights in this dark art.

This month marks the beginning of a new series of sessions for the Cyber Wales CTF Cluster basing the themes of the Cluster meetings around the requirements for the internationally recognised Offensive Security Certified Professional (OSCP) certificate.

The OSCP Certification is designed for those who want to take a serious and meaningful step into the world of professional penetration testing but is a great framework for those looking to enhance their offensive skills for both red teaming and capture the flag (CTF) competitions. As has been said so many times before, better understanding of offensive tactics (red teamers) also make for better defenders (blue teamers).

The OCSP training and exam typically covers the below topics:

• Kali Linux Intro (inc command line, common tools and bash scripting)
• Passive and active recon methods
• Finding and understanding vulnerabilities
• Web application attacks (inc OWASP Top 10)
• Buffer overflow attacks
• Client-side attacks
• Working with exploits
• Defence evasion
• Privilege escalation
• Password attacks (inc cracking and brute forcing)
• Port redirection and tunnelling
• Exploitation frameworks

For more information on the OSCP certification and the type of content we will be covering visit this link: https://www.offensive-security.com/pwk-oscp/

During this series of CTF Cluster meetings we will be delivering a combination of learning, challenges, walk-through sessions and discussions to provide an overview of the topics required to achieve the OSCP certification.

So, if you are thinking of using your CTF skills and knowledge to gain some industry qualifications, such as OSCP, then feel free to join in with the next batch of Cyber Wales CTF Cluster sessions.

Here is a link to the first of these sessions which will cover an introduction to Kali Linux including the command line, common tools and bash scripting – woo hoo!

Link to the event - https://global.gotomeeting.com/join/676731741

This month, we had a crack at a CTF that has been built by the USWCTF gang at the University of South Wales.

Our Master of Ceremonies for this very active playtime session was Mat Rollings.

Mat (stealthcopter) has been an Android developer for about 10 years and has played and organised lots of CTFs in his time. He is just finishing a part time Master in Cyber Security at USW and will be ramping up his work at Immersive Labs at the end of the Summer.

Mat started the session by exploring how to exploit and escape from container environments such as Docker - followed by a very brief demonstration of this using tools developed for his masters thesis. A virtual machine was made available to download and try online at tryhackme.com to walk-through some of the exploits seen and also some of the metasploit modules that he's developed.

Then we shifted over to the USW CTF. Originally this CTF ran internally at USW for 2 weeks in March, and was well received. It was designed by Mat and Will Roberts (willpr) and has 75 challenges across a range of categories including Web, Crypto, Forensic, Stego, Priv Esc, Reverse Engineering, PWN, Programming and there are even a few "Lecturers' Specials".

The team had taken a selection of the best challenges to throw at us at our CTF Cluster meeting and after introducing the platform they ran through some of the easier and more interesting challenges. Then they opened it up and make things more interactive - answering questions we had and demonstrating requested challenges and sharing a few stories about some cool challenges from the metasploit CTFs they've done.

More than this... following the meeting the Challenges will stay online on uswctf.net for 1 week allowing people to complete them at their own pace and the source code is also available for specific challenges upon request.

A fantastic Cluster meeting I'm sure you will agree.

We were delighted to have an opportunity to learn more about the Cyber Detective CTF in this meeting.

This amazing CTF is a set of OSINT-focussed challenges created by the Cyber Society at Cardiff University, cunningly called the CyberSoc (I see what they did there - very clever!).

There are 40 challenges across 3 streams:-
* General Knowledge
* Life Online
* Evidence Investigation

We learnt more about the CyberSoc and the Cyber Detective CTF from the President of the Society, Jack Tilson.

This is what the University Societies pages says about them - "Join CyberSoc today, and you'll be rubbing shoulders with tremendously passionate students and industry players who are serious about cyber and want to make a difference. Employers frequently cite demonstration of passion for your field and a willingness to learn as top factors in the recruitment decision-making process. This could be a way for you to strengthen in these areas, and learn lots along the way too, helping to create a solid position for yourself in the job market!

In addition, this meeting included an open frame discussion on two voracious new threats which emerged in the previous few weeks. One a re-engineered ransomware and the other a fiendish stringing together of two exploits to create something more dangerous.

Both of these threats had been targeted at the NHS during these trying times and this warranted a similar (not-so-technical) discussion at the All Wales Cyber Security Cluster meeting and we will be taking this oportunity to dive a bit deeper into these dastardly attacks.

We had a very special guest speaker this month! Richard Bloxam-Rose is a skilled cyber security specialist having worked with the US DoD in Iraq as well as in cyber teams of global organisations like Commerzbank and Merrill Lynch and is currently in a Threat & Vulnerability operation. He has also served 10 years in the British Army as a Communications Systems & Cyber Operator in the Royal Corps of Signals on deployments with 32 Signal Regiment in the North and with 39 Signal Regiment in the South and currently with the Specialist Group Information Services Squadron (SGIS) based in the Corps HQ in Blandford.

The co-founder of a new learning group in the Armed Forces called "TriHacking" which is aimed at Army, Navy & Air Force cyberists, Richard spends his spare time teaching & coaching cyber security to Regulars and Reservists alike and at our CTF Cluster meeting this week, he gave a walk-through of a "Boot-to-Root Challenge" from the hacking platform VulnHub. Below is a recording of the walk-through session for those of you that missed it.

Over the years, people have been creating cyber learning resources and a lot of time has been put into them, creating 'hidden gems' of training material. However, unless you know of them, its hard to discover them. So, VulnHub was born to capture and share as many of these as possible, creating a catalogue of 'stuff' that is (legally) 'breakable, hackable & exploitable' - allowing you to learn in a safe environment and practise 'stuff' out.

Up to this point, at CTF Cluster meetings, we had explored home-grown Flags, HackTheBox and Immersive Labs Challenges but this is the first time we delved into the treasure-trove that is VulnHub - and Richard ("Bloxy" to his friends) was our guide.

This meeting also had a very international flavour with special guests joining, including the head of the Ras Al Khaimah Cyber Cluster in the UAE, a Colonel from the Dubai Police Cyber Team, the head of the Austrian Cyber Cluster and two guys from a Cyber Cluster and Hackathon Club in Kenya and we are speaking with all of them about future collaborations.

This meeting was run as a Webinar which was combined with the official launch of the amazing new Cyber College Cymru initiative.

Bridgend College, in partnership with Coleg Gwent and the University of South Wales, were launching a scheme which will start in September 2020 that will form a new qualification in cyber security. The initiative will offer learners hundreds of hours of industry input with big-name industry partners and members of the Cyber Wales Ecosystem(that means you!).

The Cyber College Cymru launch started at 17:30 and there were introductory talks by Admiral, Thales and Fujitsu and, to provide an example of cyber learning in action, there was a follow-along walk-through of the infamous WannaCry Randsomware by Leanne Davies from Cyber Wales, Cyber Security Lecturer at Glyndwr University (using Immersive Labs).

After a Q&A the Launch event closed and the web-session flowed seamlessly into the CTF Cluster meeting where we continued the WannaCry theme with a walk-through of another Immersive Lab on how to find and trip the Kill Switch in the WannaCry source code delivered by Jason from Cyber Wales and the North Wales CYber Cyber Securoty Cluster.

We were also treated to a session from Cyber Wales member Nick Lambe from Gordalex, who is ex-military intelligence who talked about how getting the basics of OSINT right can be a lot more powerful that you might think - especially around associations and the wider OSINT environment - and he used a real live example to illustrate his points.

This meeting was run over Webinar an online 'follow-along hack' walk-through and we walked through the steps required to register for an account on HackTheBox.

Hack The Box was formed in 2017 by James Hooker and Haris Pylarinos and the UK-based platform has become a very popular online platform for individuals, universities & colleges and corporate organisations all over the world.

It is described as "A massive playground for you to learn and improve your pen-testing skills" and there are plenty of labs to get stuck into as well as forums and competitions.

However there is a catch! In order to register you will need a Token and to get that token you will need to actually "hack the box" - yes, you need to hack the platform in order to get an account on the platform (absolute genius!)

In this month's Cyber Wales CTF Cluster meeting we walked through some of the aspects of this mulit-part hack in a webinar and all of the attendees were able to follow along. Those who paid attention and were good enough ended up with an account on the platform.

Here is a slide deck showing the HackTheBox Entry Flag Run-through

One of our members, Neil from Gower College was on the Webinar and streamed it over his Twitch channel to over 40 of this students. Here is a link to the recording of that stream - https://www.twitch.tv/videos/586557422 - Thank you Neil!

The inaugural meeting of the Cyber Wales Capture the Flag Cluster last month was a huge success and we were really keen to run the second instalment.

This new Cluster is designed to provide a welcoming and safe environment for folks of all abilities to come and learn about the techniques required for participating in CTFs and Hackathons.

Whether you just want to know more about the gamification of the cyber threat (and how gaining Red Team skills can enhance Blue Team capability), whether you want to try this fun way to accelerate knowledge and skill, or whether you want to get involved in CTF events, this new cluster and its members are here to help.

At each meeting, we work with samples of real CTF challenges and this month the discipline we focused on was Forensics and we once again turned to a PCAP File, a favourite at most CTFs.

Here is a copy of the PCAP File we used

One of our members, Toby Jackson (Cyber Security Student at USW), has provided a walk-through for the February PCAP Challenge - https://0xskunk.github.io/Cyber-Wales-CTF-Cluster-Forensics-Challenge/ - Thank you Toby!

And Neil Griffiths, IT Lecturer at Gower College Swansea, ran a Walk-through of the PCAP on the GCS Owl's Twitch Channel for his students in lockdown.

The challenges in this PCAP ranged from Straightforward to more Technical and Specialised levels of difficulty so there was something for everyone to try.

For those in the room who didn't fancy having go themselves we also did a complete walk-through of the sample challenges so everyone could see how they are done and had the chance to discuss them with other attendees.

The meeting ran in both North and South Wales simultaneously and was connected via video and audio, allowing attendees to gain the maximum benefit from speakers at both locations.

Prior to this event, we sent out the following description of what the CTF Cluster is all about...

“Hackathon”, “Cyber Challenge”, “Code Fest”, “Red Team vs Blue Team”, “Black-hatting”, “Capture the Flag”

These are all words that are very familiar to people who have been involved in competitive computer gaming, coding and hacking but they are relatively new to the 'main stream' and have really come to the fore along with the rise of the cyber threat and need for everyone to become more cyber-savvy.

For the un-initiated, these words may also conjure up some scary images of rooms full of very knowledgeable computer geeks with lots of experience of hacking, able to use their computers with as much ease as kids seem to use computer game controllers, who could undoubtedly run rings around anyone who would not be considered an “expert”.

But... are you curious? Have you ever wondered:-
* What it's all about?
* What actually happens at one of these events?
* Just how much knowledge and/or experience do you need in order to take part?
* How much do you need to know to not look like a muppet? (after all, the gaming community are pretty famous for being brutal in their verbal haranguing of new people in their midst - ”nubes”).
* What is the point of doing a hackathon?
* Is it just a game or is there a hidden benefit to the 'gamification' of the hacker vs the SOC contest (or Red Team vs Blue Team)?

Or... have you been to these events and now you are looking for additional places where you can learn more about the tools and techniques, gain more knowledge and build your experience to be better at it?

If so, then welcome to The Cyber Wales Capture the Flag Cluster

This new cluster is designed to provide a welcoming environment for all abilities to come and learn about the techniques required for participating in CTFs, whether you are looking to just know more about how these competitions work, looking to enter your first event or are and experienced CTF participant, this new cluster is here to help.

Each month, attendees will experience samples of real CTF challenges including complete walk-throughs for the sample challenges and the ability to network and discuss topics of interest with other attendees.

The Cluster will also be 'Ground Zero' for a brand new Cyber Wales National Capture the Flag Competition which will run every year (starting now!) and the meetings will provide coaching and advice for members who want to take part.


This description piqued the interest of more than 80 people from all walks of life including CISOs, IT staff, Red Team Operators, Risk Consultants, Students and Faculty members from universities and colleges who all turned up to the launch of this new cluster.

The meeting ran in both North and South Wales simultaneously and people at Glyndwr University were connected via video and audio to people in the University of South Wales, allowing attendees to gain the maximum benefit from speakers at both locations.

After an introductory presentation there were demonstrations given of 4 key types of CTF challenge:-

* OSINT - a typical Level 1 social engineering challenge
* Forensics - a typical Level 1-2 PCAP analysis challenge (PCAP File)
* Offensive - a typical Level 1 web-site penetration challenge
* Knowledge - a typical Level 1 technical knowledge challenge


These were not interactive challenges, they were walk-throughs from a slide deck which can be downloaded here.