NCAE Mapping Hub
Overview Scoreboard Data Roles Exercised Checklists Lessons Skill Drills Practice Terminal Progress

Lessons

Each lesson is a self-contained skill drill with objectives, a quick-reference command table, common pitfalls, worked examples, and a drill gallery. Lessons are tagged to DCWF work roles and NCAE scored services so you can find what develops what. Lessons marked "published" are ready to study; "draft" has partial content; "stub" is a catalog entry awaiting content.

published priority 1 30 min. 50 XP. ncae-defense.

Samba Share Basics. Keep SMB Login Green

The #1 scoring check by weight is SMB Login (3× points). This lesson teaches you to verify Samba is running, add the scoring users, define the `files` share, and prove external access. all in under 10 minutes.
published priority 2 25 min. 60 XP. ncae-defense.

MikroTik NAT. The Port-Forwarding Rules That Unblock Everything

At the 2026-03-14 regional, the #1 most frequent error (5752 occurrences) was 'DNS EXT FWD can't contact DNS server'. and 90% of the time the root cause is a missing MikroTik DNAT rule, NOT a DNS problem. This lesson co.
published priority 3 40 min. 70 XP. ncae-defense.

BIND Zone Files. Forward, Reverse, and Serial Numbers

Internal DNS (DNS INT FWD/REV) requires BIND to serve two kinds of records: forward (nameIP) and reverse (IPname). Both are needed. the scoring engine checks them separately. This lesson walks through a minimal named.co.
published priority 4 20 min. 40 XP. ncae-defense.

SSH Hardening Without Locking Yourself Out

Classic mistake: team hardens sshd_config, restarts sshd, and promptly loses access. This lesson covers the safe sequence. test in a second terminal before closing your first session, preserve scoring-engine keys, and u.
published priority 5 25 min. 45 XP. ncae-defense.

PostgreSQL. listen_addresses and pg_hba.conf

Postgres Access was the #2 most frequent failure at regional (5144 occurrences). The two config knobs that drive 95% of failures are `listen_addresses` (can clients reach Postgres at all?) and `pg_hba.conf` (is this spe.
published priority 6 30 min. 60 XP. ncae-defense.

Backups + Cron = Self-Healing Configs

Even a basic 60-second cron that restores critical configs from a known-good tarball will undo most red-team tampering automatically. This lesson covers the 3 parts: capturing the golden snapshot, writing the restore sc.
published priority 7 35 min. 70 XP. ncae-defense.

Backdoor Hunt. The 10 Places to Look

The competition image arrives pre-compromised. Before the scoring engine even gets involved, you need to find and remove the planted backdoors. Ten locations cover 95% of persistence mechanisms used in past competitions.
published priority 8 10 min. 30 XP. ncae-defense.

The addict_with_a_pen.data Trick. A Free-Points Exercise

At the 2026-03-14 regional, ZERO teams scored any SMB Read uptime. The reason: the scoring engine looks for a file called `addict_with_a_pen.data` on the `files` share, and the competition image doesn't ship with it. Cr.
published priority 10 25 min. 40 XP. linux.

Linux Service Management. systemctl, journalctl, sysvinit

Every NCAE service is managed by systemd. You will type `systemctl restart <service>` at least once per minute during competition. This lesson is the foundation. without it, nothing in the other lessons makes sense. It .
published priority 11 20 min. 30 XP. linux.

TCP Ports & Services. ss, netstat, lsof, nmap

Half of all NCAE debugging is 'is this port open and if so who has it?'. `ss` has replaced `netstat` on modern Linux; this lesson covers both plus the view-from-outside (nmap) and who-owns-what (lsof). Students will dia.
published priority 12 30 min. 50 XP. networking.

DNS Fundamentals. Records, Resolvers, Zones

DNS lookups power four of the 13 scored NCAE services. This lesson teaches the vocabulary you need. what a record is, what a zone is, the difference between authoritative and recursive. so when you read `named.conf` lat.
published priority 13 20 min. 30 XP. linux.

Linux Users, Groups, Sudoers

Everything on Linux is either a file or a process, and everything has an owner. This lesson covers how users and groups work, how to add/modify/remove them, and how sudo rules are configured. because half of 'backdoor h.
published priority 14 30 min. 50 XP. shell.

Basic Shell Scripting. The 80% That Gets Things Done

You will write small bash scripts during the competition. backup-and-restore, health checks, config-diff alerts. This lesson covers the 80% of bash you need: shebangs, quoting, conditionals, loops, exit codes, and the p.
published priority 15 35 min. 55 XP. ncae-defense.

Apache VirtualHosts + SSL. Serving WWW Content and WWW SSL

Three NCAE services score against your web server: WWW Port 80 (is HTTP alive), WWW Content (does the admin login work), WWW SSL (is HTTPS + valid cert up). This lesson covers Apache2's module + sites-enabled model, how.
published priority 16 20 min. 30 XP. ncae-defense.

fail2ban. Automatic Banning of Brute-Force IPs

fail2ban is the single easiest way to shut down SSH brute-force attacks during NCAE. Install enable done. This lesson covers the three config files you care about, the one crucial whitelist entry (scoring engine), and.
stub priority 20 35 min. 60 XP. networking.

Packet Capture Analysis with tshark

Reading PCAPs on the CLI: filters, flows, credentials in cleartext. Useful for CTF forensics.
stub priority 21 40 min. 70 XP. ctf.

CTF Crypto Toolkit

Classical ciphers, hash ID, RSA, CyberChef, hashcat. CTF category tools. Comprehensive version in the NCL April 2026 field guide.
stub priority 22 35 min. 65 XP. ctf.

CTF Forensics Toolkit

exiftool, binwalk, steghide, volatility, file carving. Comprehensive version in the NCL April 2026 field guide.