This repository serves as the central training, documentation, and operations hub for the NCAE CyberGames competition. It contains all required materials for environment setup, service configuration, security hardening, recovery procedures, threat hunting, and role coordination.
This section explains the repository structure and where resources are located. A directory tree may be added later for visual reference.
Contains technical documentation and configuration references for technologies and services used throughout training and competition.
Examples include service configuration notes, architectural explanations, and reference material.
Contains documented problems and resolutions encountered during setup or training.
Each entry should include:
- Error messages or symptoms
- Root cause analysis
- Resolution steps
Holds week-by-week instructional content, including:
- Google Slides
weekX.mdlesson files- Cheatsheets and reference notes
Contains supplemental labs and exercises outside the official weekly curriculum.
These may include:
- Homework tasks
- Practice scenarios
- Skill reinforcement labs
Contains automation scripts and workflows, including:
- Backup scripts
- Recovery scripts
- Monitoring or detection scripts
- Helper utilities for setup and remediation
This section defines all required knowledge domains and technical objectives for NCAE CyberGames preparation.
- Debian vs RPM based distributions
- Operating system network configurations
- RPM-based service installation
- Debian-based service installation
- Web services with Apache / httpd
- SSH service configurations
- DNS service configurations
- PostgreSQL / MySQL configurations
- FTP service hardening and vulnerabilities
- SSH hardening configurations
- Firewall configurations (UFW / IPTables / firewall-cmd)
- Web service hardening
- DNS service hardening
- PostgreSQL / MySQL hardening
- FTP service hardening
rsyncservice configurationcronservice scheduling and intervals
- Backup data restoration
- Automated Bash scripts
- Researching issues
- Troubleshooting methodologies
- Redundancy concepts
- High availability technologies
- Log analysis (
/var/log)
- Unknown SSH keys
- Unknown user accounts
- Unknown login sessions
- Unknown software programs
- Modified files or system states
- Unusual or suspicious processes
| Week | Focus | Goals |
|---|---|---|
| 0 | Pre-Competition Setup | Create accounts (HackTheBox, GitHub); review NCAE rules, scoring, and structure |
| 1 | Base Configuration | Define roles; install services; complete host networking |
| 2 | Router | Understand router provisioning fundamentals |
| 3 | Hardening & Vulnerabilities (Part 1) | Apply SSH and service hardening; understand mitigated exploits; firewall configuration |
| 4 | Hardening & Vulnerabilities (Part 2) | Vulnerability identification and analysis |
| 5 | Recovery & Backups | Configure rsync; apply backup concepts; configure cron; understand recovery |
| 6 | Threat Hunting | Understand /var/log; identify indicators of compromise |
This section outlines the core operational roles required for success during NCAE CyberGames.
Responsible for all scored web services.
Mapped Scoring Areas:
- WWW content availability
- SSL & web content validation
- Apache/httpd uptime
- TLS certificate validity
Maintains internal and external DNS services.
Mapped Scoring Areas:
- Internal DNS resolution
- External DNS resolution
- Hostname validation for SSL and web services
Manages file transfer services.
Mapped Scoring Areas:
- FTP login
- FTP content download
- File integrity validation
- FTP write access
Maintains database reliability and integrity.
Mapped Scoring Areas:
- MySQL/PostgreSQL authentication
- Read/write access
- Application database dependencies
Ensures secure remote access.
Mapped Scoring Areas:
- SSH access for scoring users
- Key-based authentication
- Internal network access validation
Controls network-level access and routing.
Mapped Scoring Areas:
- Router ICMP reachability
- External access paths
- Firewall and port forwarding rules
Restores services during compromise.
Mapped Scoring Areas:
- Indirect impact on all infrastructure scoring
- Service restoration and stabilization
Some roles are not tied to a specific scoring line item, but are essential for competition success.
These include:
- SOC Analyst
- Backup Manager
- CTF Master (non-network responsibilities)
While these roles may not generate points directly, they enable faster detection, recovery, coordination, and strategic decision-making.
Estimated Time Range: Weeks 0–1
Success Criteria:
- All accounts created and accessible
- Hosts are reachable on the network
- Roles assigned and understood
- Base services install successfully
Estimated Time Range: Weeks 2–3
Success Criteria:
- Router responds to ICMP
- DNS resolves internally and externally
- SSH access works with keys
- Web, FTP, and database services are reachable
- Firewall rules enforce intended access
Estimated Time Range: Weeks 4–5
Success Criteria:
- Hardening does not break scoring
- Backups run on schedule
- Restoration procedures tested
- Common vulnerabilities mitigated
Estimated Time Range: Week 6 and Ongoing
Success Criteria:
- Logs actively monitored
- Indicators of compromise identified quickly
- Services restored rapidly after incidents
- Environment remains stable under attack