Core NetWars returned in July with a new storyline set in Rust Haven, but the real headline is under the hood: every challenge is now shipped as a reproducible container pack. No licence keys, no black-box binaries — just pull, run and audit. Below is a field-tested walk-through of the new AI and OT tracks, plus the free repo that lets you host a mini-tournament in your own lab.
- What Arrived in the Box
- 102 challenges spanning 14 domains (AI abuse, OT logic, cloud IAM, mobile app pinning)
- All services wrapped in Docker Compose with pre-built ARM/AMD images
- Single YAML file controls scoring, hints and network isolation — edit one variable and you have a custom range
- AI Abuse Track — Prompt Injection in the Wild
Scenario: Echo of Yesterday jukebox runs an LLM DJ that leaks the map to Emerald Hollow unless you jail-break it.
Skill Path: Craft a prompt that bypasses system instructions → retrieve a hidden API key → pivot to cloud storage.
Container: github.com/sans-netwars/v11-ai-prompt
Defence Lesson: Output encoding and strict instruction hierarchy mitigate the same attack vector hitting help-desk chatbots today. - OT/ICS Village — From PLC to Pay-load
Hardware: No physical kit needed. Challenge uses OpenPLC on a Debian container emulating a lift station.
Goal: Modify ladder logic to over-fill a tank without triggering the high-level alarm.
Open Gear: github.com/sans-netwars/v11-ot-lift
Take-home: .L5X file you exploited can be dropped into a real Rockwell PLC; the same checksum bypass works if safety relays are not hard-wired. - Scoring Engine You Can Actually Read
Language: Go 1.23 — MIT licence
API: REST + WebSocket for real-time scoreboard
Extensibility: Add a challenge by writing a Dockerfile and a 10-line metadata YAML; no recompile needed
Deploy:docker compose upspins up the entire range in under four minutes on a laptop with 16 GB RAM - Public Debut Stats (SANSFIRE 2025)
- 312 players finished at least one track
- Median completion time: 6 h 12 m
- First blood on AI challenge: 19 minutes
- Most completed domain: Cloud IAM (84 % success)
- Least completed: OT logic (31 % success) — confirming the skills gap
- Host Your Own Mini-Tournament — Fast Recipe
a) Clone:git clone https://github.com/sans-netwars/v11-pack
b) Editenv.yml— setEXTERNAL_IPto your lab subnet
c)docker compose up -d
d) Hand participants the printed QR code that links to the scoreboard
Cost: zero software; electricity only - Educational Licence — What You Can and Cannot Do
- Can: run internally, modify challenges, brand the scoreboard
- Cannot: resell the pack, use SANS trademarks in commercial marketing
- Must: retain original licence file in any derivative work
- Bottom Line
NetWars 11 proves a commercial-grade cyber range can ship like open-source software. Pull the repo, run a lunch-time showdown, and see which colleague cracks the juke-box first — no vendor call, no licence quote, just containers and curiosity.
正文完
