The National Cyber League Fall 2016 Season has officially started! And I am way beyond excited to be competing this year, and to be testing my knowledge against thousands of college students across the nation.

For those that do not know what the National Cyber League is (or NCL for short), let me give you a brief breakdown before I jump into more details and the Preseason Write-ups.

About the NCL:

The NCL was founded in May 2011 to provide an ongoing virtual training ground for collegiate students to develop, practice, and validate their cybersecurity skills using next-generation high-fidelity simulation environments.

One of the distinguishing factors of the NCL is the integration of learning objectives in all its activities. One of the main ways this is accomplished is by aligning customized content available in NCL Gymnasiums with simulations and games. This allows players to use the Gym environment to develop knowledge and skills and then demonstrate these newly acquired skills in competitive individual and team play. It also allows the NCL to measure player’s game performance and produce individualized reports (NCL Scouting Report) on strengths and weakness amongst various learning objectives and industry-recognized competencies.

The NCL challenges students in the following cyber disciplines:

  • Open Source Intelligence
  • Scanning
  • Enumeration
  • Penetration Testing
  • Traffic Analysis
  • Log Analysis
  • Wireless Security
  • Cryptography
  • Web Application Security

Fall Season:

The 2016 Fall Season is broken down into 2 portions; the Preseason, and the Regular Season.


The Preseason Game challenges are based on CompTIA Security+ and EC-Council Certified Ethical Hacker (CEH) performance-based exam objectives and preparatory lab exercise content.

Skills being measured in the Preseason Game include:

  • Open Source Intelligence
  • Network Traffic Analysis
  • Log Analysis
  • Cryptography

Based on the results of this game, players will be placed in one of three brackets (Gold, Silver, and Bronze) in their conference, to facilitate season play amongst individual players with similar knowledge and skill levels.

Regular Season:

The regular season on the other hand is broken down into 2, 8 hour games - CTF Style. Top players are shown on the scoreboard available publicly on the site.

You can read more about the NCL here!

Preseason - Content Overview:

Now that we know more about what the NCL is, and what it includes - let’s jump into the more technical side of things.

Throughout the Season, and after each Regular Season Game, I will be posting write-ups of how I completed the challenges.

Please NOTE, that I will be posting everything after the challenge is closed - this is to prevent cheating!

This years NCL Preseason consisted of the following content.

Since we now have a better grasp of what we can expect, let’s jump into the first challenge - OSINT!

OSINT - Open Source Intelligence:

Our first OSINT challenge begins with the following questions.

These were all pretty easy to solve, but involved some Google Fu Skills! I’m not going to show where/how to Google the answers - I will just provide the answers with Google Links to where I found them.

1. What is the CVE of the original POODLE attack?

You can follow this link to find the answer.

Answer: CVE-2014-3566

2. What version of VSFTPD contained the smiley face backdoor?

You can follow this link to find the answer.

Answer: 2.3.4

3. What was the first 1.0.1 version of OpenSSL that was NOT vulnerable to heartbleed?

You can follow this link to find the answer.

Answer: 1.0.1g

4. What was the original RFC number that described Telnet?

You can follow this link to find the answer.

Answer: 15

5. How large (in bytes) was the SQL Slammer worm?

You can follow this link to find the answer.

Answer: 376

Email Analysis:

We are provided with the following email header to answer the questions.

Received: by with SMTP id c1234trf3719itc;
        Wed, 9 Sep 2015 11:29:09 -0700 (PDT)
Return-Path: <>
Received: from ( [])
        by with ESMTP id o66si4673783qhb.117.2015.
        for <>;
        Wed, 09 Sep 2015 11:29:08 -0700 (PDT)
Received: by ( with ESMTP id t89IT8Le023674
	for <>; Wed, 9 Sep 2015 14:29:08 -0400 (EDT)
From: <>
Message-Id: <>
Date: Wed, 09 Sep 2015 14:29:08 -0400
Subject: passphrase
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

The flood of revolution.

1. What is the recipient’s email address?

The answer is located in Line 1 of the header - Delivered-To:


2. What is the sender’s email address?

The Return Path in Line 4 provides us this answer - Return-Path:


3. What IP address retrieves the email?

Line 5 provides us this answer - Received: from ( [])


4. What is the content type of the message?

Line 18 provides us this answer - Content-Type: text/plain; charset=us-ascii

Answer: text/plain

5. What version of MIME is being used?

Just look for MIME in Line 17 - MIME-Version: 1.0.

Answer: 1.0

6. What day of the week was the message received?

Look for the date after Recieved in Line 3 - Wed, 9 Sep 2015 11:29:09 -0700 (PDT).

Answer: Wednesday

Alright, that’s all for now! Stay tuned for my next NCL post where we will be going over Cryptography.

Thanks for reading!


Leave a Comment