Do hacking competitions exist?

573    Asked by ankurDwivedi in Cyber Security , Asked on Apr 18, 2022

 I have always enjoyed trying to gain access to things I'm not really supposed to play around with. I found Hack This Site a long time ago and I learned a lot from it. The issue I have with HTS is that they haven't updated their content in a very long time and the challenges are very similar. I'm no longer 13 and I want bigger and more complex challenges.


I was thinking about challenges like Cyber Security Challenge and US Cyber Challenge (@sjp wrote about these on the meta) Also, are there any big social engineering competitions besides the one at DefCon?

Answered by Ankit yadav

In the following I will allow myself to differentiate between various styles of hacking competitions. I don't know if this is a canonical approach, but it will probably help explaining the differences between the ones I know:


Wargames These games take place on a given server, where you start with an ssh login and try to exploit setuid-binaries to gain higher permissions. These games are usually available 24/7 and you can join whenever you want.

Over The Wire
Smash The Stack
Intruded
Challenge based competitions

These games will present you numerous tasks that you can solve separately. The challenges mostly vary from exploitation, CrackMes, crypto, forensic, web security and more. These games are usually limited to a few days and the team with the most tasks solved is announced the winner. I will list my favourites, since I am quite convinced that you will easily find more of them. Some of the listed have just taken place and others will take place in the following months.

Defcon Quals
Codegate Quals
CSAW CTF (usually during summer)
Hack.lu CTF 2011 (end of September this year) and Hack.lu CTF 2010
PlaidCTF
Capture The Flag

These actually require you to capture and protect "flags". The best known is probably iCTF, which underwent some rule changes within the last few years. This game is also limited to a certain time frame. Contestants are typically equipped with a Virtual Machine that they are to connect to a VPN. Your task is to analyse the presented machine, find security bugs, patch them and exploit the bugs on other machines in your VPN. The "flags" are stored and retrieved by a central game-server that checks a team's availability and whether previously stored flags have not been stolen.

iCTF (typically in December)
CIPHER CTF (will be renewed by new organisers this year)
RuCTF and RuCTFe (a Russian CTF and its international version)
Other

There are also a bunch of downloadable virtual machines available to play offline, which is some kind of mix between 3) and 2) I suppose.

Damn Vulnerable Web Application
Damn Vulnerable Linux
Google Jarlsberg
Edit:
Tag

I have just come across a fifth game-type that I have not seen anywhere else. All teams compete with each other during several rounds and each round is a match between two teams. Phase 1: Both teams get root on a Linux System and try to hide as many back-doors within 15 minutes as possible. After these 15 minutes, the teams swap PCs and try to discover and remove as many back-doors as possible (also with root access). In the third phase, each team gets its server back (without root access) and is supposed to exploit as many back-doors to gain root access again. Remotely exploitable back-doors get bonus points :smile:

It appears that games like this have been carried out during the LinuxTag Linux Conventions in Germany in the last years.

Unordered list of lists of Hacking competitions:


Your Answer

Interviews

Parent Categories