Empathy List Archives

websecurity@lists.webappsec.org

The Web Security Mailing List

The most realistic hacking contest

Dmitry Evteev

Mon, Aug 20, 2012 1:38 PM

Everybody is welcome to try on the crown during the King of the Hill contest
from the 20 August to 2 of September.

To try to repeat the feats of the CTF battle participants and fight for the
prizes provided by Positive Technologies, please register at the official
web site http://www.phdays.com/ctf/king/

During the Capture The Flag hacking contest at PHDays 2012 twelve teams from
ten countries have been attacking the networks of other teams and protecting
their own networks for two days and one night non-stop. The conditions were
as close to real life as possible - no invented vulnerabilities, only those
that occur in real contemporary information systems.

The infrastructure for the hacking battle was organized according to the
principle of the King of the Hill game: the points were given not only for
successful attacks against the systems, but also for keeping control over
the systems, which made the contest more intriguing.

The contest became the highlight of the forum program, that is why an idea
came to our minds... Why not to repeat the "royal battle" separately for the
Internet community, let us say, in the second half of August?

What is King of the Hill?

Following the principle maximum authenticity, the contest infrastructure
imitates typical infrastructure of enterprise networks: its external
perimeter includes web applications, DBMS servers and various directories
(LDAP), taking control of which allows reaching the internal perimeter -
Microsoft Active Directory. Everything is like in real life.

The task of the participants of King of the Hill is to detect
vulnerabilities of the systems, exploit them and, the most important of all,
keep control over the systems as long as it is possible. The trick is in
regeneration of the sets of vulnerabilities in the systems. The participants
face a dilemma - whether to try to attack the neighboring systems or to
proceed with vulnerability detection on the systems which are under control
already

As in real life, the largest number of points is given for keeping control
over Active Directory, since attacking AD requires keeping control over
first level systems.

The King of the Hill contest was developed by the Positive Technologies
experts and was presented for the first time at PHDays CTF 2012 as part of
the hacking contest.

Everybody is welcome to try on the crown during the King of the Hill contest from the 20 August to 2 of September. To try to repeat the feats of the CTF battle participants and fight for the prizes provided by Positive Technologies, please register at the official web site http://www.phdays.com/ctf/king/ During the Capture The Flag hacking contest at PHDays 2012 twelve teams from ten countries have been attacking the networks of other teams and protecting their own networks for two days and one night non-stop. The conditions were as close to real life as possible - no invented vulnerabilities, only those that occur in real contemporary information systems. The infrastructure for the hacking battle was organized according to the principle of the King of the Hill game: the points were given not only for successful attacks against the systems, but also for keeping control over the systems, which made the contest more intriguing. The contest became the highlight of the forum program, that is why an idea came to our minds... Why not to repeat the "royal battle" separately for the Internet community, let us say, in the second half of August? What is King of the Hill? Following the principle maximum authenticity, the contest infrastructure imitates typical infrastructure of enterprise networks: its external perimeter includes web applications, DBMS servers and various directories (LDAP), taking control of which allows reaching the internal perimeter - Microsoft Active Directory. Everything is like in real life. The task of the participants of King of the Hill is to detect vulnerabilities of the systems, exploit them and, the most important of all, keep control over the systems as long as it is possible. The trick is in regeneration of the sets of vulnerabilities in the systems. The participants face a dilemma - whether to try to attack the neighboring systems or to proceed with vulnerability detection on the systems which are under control already As in real life, the largest number of points is given for keeping control over Active Directory, since attacking AD requires keeping control over first level systems. The King of the Hill contest was developed by the Positive Technologies experts and was presented for the first time at PHDays CTF 2012 as part of the hacking contest.