From the Winter 2015 Issue


Nikolas Roby
Security/Defense Research Analyst | Parrot Labs - KEYW Corporation

I meet a variety of people trying to enter into the information security and forensics fields. Many of them come straight out of college and have a great deal of theoretical knowledge, but often lack any real world skills. Unfortunately, to gain these skills you need to work real world scenarios, which are hard to come by outside of the cybersecurity field.

When it comes to the field of cybersecurity, the old sailor motto still applies, “Smooth seas do not make skillful sailors.”

The reason is simple. You must weather obstacles to gain experience and achieve goals. You can study the “theory” of penetration testing for months, and still have no useful skills when it comes to actually gaining access to a system. You can fully understand all elements of a forensic investigation and how to find forensic artifacts, but unless you tackle an actual case with a set goal in mind, any useful skills you gain will be lacking. Challenges, obstacles, and experience are what elevates a person from a novice to an expert. One of the best ways to gain this experience for yourself or your employees is to work on Capture the Flag (CTF) events, or other similar challenges. CTF events are fun challenges for individuals or groups to solve cyber puzzles and gain points for each successful challenge. The group or individual at the end of the CTF with the most points wins, but everybody has a good time and develops reverse engineering skills.

For someone looking for interesting challenges to help build their skillsets, these are a few places to start.



Every few months, the folks at produce a free competition focusing on finding vulnerabilities in programs, writing exploits, and generally abusing the base operating system. In the challenge you must download a Virtual Machine (VM) and power it on, typically trying to gain access to a file called /root.flag.txt. These kinds of challenges are called boot2root, because you must download the VM, power it on, find the IP address and then take the next steps to go from remote access to local access, to privileged access. In one challenge (Tr0ll), the user scans a website, finds a secret URL, opens a network packet capture, extracts an executable, and uses hints within it to gain access to the system as a regular user. From there, the challenge is to gain root privileges and finally gain access to the “flag.” These kinds of challenges are great for beginners and veterans alike because at the end of the competition, organizers and participants release detailed write-ups on how to complete each phase. If you have a problem figuring out how to exploit a service, seeing how somebody else did it can help you improve.



Metasploitable are premade vulnerable Virtual Machines which are freely downloadable from Rapid 7 to help learning Metasploit. These VMs have a number of different weaknesses, from insecure web applications, old FTP servers, an unusual program running or poor security configurations. Metasploitable offers a variety of ways to practice many skills that students will need to know to enter the field. You not only need to know WHY a network scan is performed, but HOW to do it. In classes students learn that it is important to patch software because of potential vulnerabilities. Within Metasploitable there is an old IRC server running, which is vulnerable to a specific exploit, forcing you to demonstrate the vulnerability of old software with hands on practice. Cyber challenges are important in tying conceptual knowledge with practical experience.



Kioptrix is a set of challenge VMs that are designed for the person to discover and learn about security concepts. These challenges are designed specifically for the beginner cybersecurity geek. The challenges range from finding a valid database attack (SQL injection), to creating web backdoors with PHP, among other interesting vulnerabilities.




DC3 is a yearly computer forensic challenge (since 2006) which is designed to help cultivate new cyber professionals, as well as build new investigative tools and techniques. These challenges are a good way to provide practical skills. For example, there are challenges on finding hidden data, cracking passwords, and querying the windows registry. More advanced forensic challenges involve finding new methods for recovering corrupt files, steganography, and communications parsing. For a person interested in forensics and incident response, these challenges are a great place to start before interviewing for that first job, or developing new skills to change fields.



DFRWS holds a competition each year to help practitioners or researchers practice their skills on a wide variety of new topics in the forensics field. For example, in 2014 there is a forensic challenge involving the development of tools to perform analysis on Graphics Card (GPU) malware and dumping the RAM from these systems. They even have a simple proof of concept GPU-based keylogger to examine. Each year you can find new and novel forensic challenges to deal with modern forensic problems.

URLs: Html


David Cowen, author of Hacking Exposed: Computer Forensics, maintains a blog and publishes forensic challenges on a regular basis. Many of the challenges pose questions such as “In searching for a bank account number you find a fragment of a file but not the file it came from. How can you re-associate the fragment to the file it originally came from?” For someone new to digital forensics, these prodding questions are important to answer. Solving these challenges is often a matter of research into specific artifacts. The ability to provide support for your answer is key to solving the puzzle.

URL: http://hackingexposedcomputerforensicsblog.


When it comes to developing useful forensic or offensive skills, there are hundreds of great training courses to help. However, there are also free resources with modern material for motivated individuals. Developing skills in forensics is not something that you can read about and be productive. It takes time. It takes looking at timestamps and developing a deeper understanding of what events cause certain outcomes. Beating your head against the wall looking for a vulnerability is a part of the learning process. Using online resources, you can be exposed to a variety of interesting problems to solve for yourself, and if you are just learning, the post challenge write-ups are a great resource to learn tips and tricks that others used to solve the same problem.

Leave a Comment