What is Hack Warz®?

WRITTEN BY lclark 4 years ago

Read Time
  • 5,243 VISITS

Hack Warz Logo Final

Contact Therese Gordon at 843.805.3007 to sign up for the Friday, October 3 Competition.

What is Hack Warz®?

Hack Warz® is a capture the flag event that Life Cycle Engineering (LCE) created in 2012 to help train/educate LCE employees on security and help hone their skills. As of 2013 LCE has conducted the competition at various conferences and summits (MilOss, Charleston Chamber of Commerce Cyber Security Conference, etc.) opening it up to the industry to participate. The event was designed to stretch competitors’ security muscle and have FUN! Competitors have several systems to compromise and gain valuable tokens (flags) for points. Tokens are valued by difficulty and skillset required. To close the event, there is a lessons learned in which each team/competitor demonstrates how they compromised a system and explain how they would have hardened/secured the systems to make it harder to be compromised. No matter the skill level, Hack Warz® is a great event to test skills and have a blast!

How does the competition work?

The event is comprised of a network of vulnerable virtual machines that have tokens (flags) to be found. The competition was designed to have tokens that could be found if the competitors follow any standard Pen Testing Methodology. As competitors go thru the pen testing phases (Planning, Discovery, Exploitation, Reporting) they will find tokens for points. Setting up the competition in this way reinforces the idea of following a structured process for a successful pen test. The competition allows for 8 teams of 3 competitors per team. Laptops with the allowed pen testing tools are provided so that all competitors start on a level playing field making the skill and knowledge of the competitors the advantage. Competitors are given Rules of Engagements that will explain what they are allowed and not allowed to do in the competition.

How does scoring work?

LCE created a scoring engine that allows competitors to enter a token (16 digit hexadecimal number) to gain points. These tokens are found in the compromised systems. Some are found easily and some require more work with a bigger point reward.

Description provided by:
Michael A. Hoyt
Life Cycle Engineering
Program Manager
CISSP, RHCE, GPEN, GSEC, GCIH, GCIA, Security+, Fully Qualified Navy Validator

Read Full Artice