Last month, our meeting formed part of the UK National Digital Leaders Week of events and so we reverted back to the content of our inaugural meeting to explain all about CTFs, why the Cluster exists and show some examples of the challenges, labs and 'flags' that are used in CTF competitions.
We also discussed that whilst this wonderful 'gamification' of cyber can be fun and rewarding it is also the most effective form of accelerated learning and a great way for Blue Team people (cyber security teams) in organisations to learn more about the mindset and capabilities of the Red Team (hackers) which helps them to grow and develop better defences against cyber threats.
With this in mind, in our meeting this month, we resuming our journey through the treasure trove of skills and techniques that are required to gain the internationally recognised Offensive Security Certified Professional (OSCP) certification.
The OCSP training and exam typically covers the below topics:
- Kali Linux Intro (inc command line, common tools and bash scripting)
- Passive and active recon methods
- Finding and understanding vulnerabilities
- Web application attacks (inc OWASP Top 10)
- Buffer overflow attacks
- Client-side attacks
- Working with exploits
- Defence evasion
- Privilege escalation
- Password attacks (inc cracking and brute forcing)
- Port redirection and tunnelling
- Exploitation frameworks
In our September meeting we ran through an introduction to Kali Linux which included discussions about the plethora of tools and a quick demonstration of the power of bash scripting.
This time we explored Reconnaisance in all its forms and looked at some typical Vunerabilities that can be easily identified. The slides we used can be downloaded here
So, if you are thinking of using your CTF skills and knowledge to gain some industry qualifications, such as OSCP, then feel free to join in with the next Cyber Wales CTF Cluster session.