US Cyber Challenge: Cyber Quests March 2013

Welcome to the Cyber Quests portion of the US Cyber Challenge, sponsored by Cyber Aces!

Cyber Quests are a series of fun but challenging on-line competitions allowing participants to demonstrate their knowledge in a variety of information security realms. Each quest features an artifact for analysis, along with a series of quiz questions. Some quests focus on a potentially vulnerable sample web server as the artifact, challenging participants to identify its flaws using vulnerability analysis skills. Other quests are focused around forensic analysis, packet capture analysis, and more. The quests have varying levels of difficulty and complexity, with some quests geared toward beginners, while others include more intermediate and ultimately advanced material.

Live Web Application Analysis (March):

DateDescription
Mon. Feb. 4, 2013 10:00am ESTRegistration opens
Wed. Mar. 13, 2013 7:00am EDTQuiz opens
Mon. Mar. 25, 2013 9:00pm EDTRegistration closes
Tue. Mar. 26, 2013 11:59pm EDTQuiz closes

The second Cyber Quest of 2013 will feature a target website with numerous common vulnerabilities. Its associated quiz is designed for an intermediate skill level, and focuses on website and application configuration and implementation flaws, along with TCP/IP networking fundamentals.

The quiz is divided into the following three topics:

1) Networking Essentials
2) Web Application Security (Theoretical Questions)
3) Web Application Security (Live Vulnerability Assessment)

Registration will open on February 4, 2013, and will close on March 25, 2013. The quiz will be available from March 13, 2013 until March 26, 2013. Registered users will each have three attempts to take the quiz. For each of your three attempts, you will have 24 hours from the time you begin the quiz to complete it, and you may only submit your answers once per attempt. For each attempt, if you do not submit the answers within 24 hours of when you start, or by 11:59pm EDT on March 26, 2013 (whichever comes first), you will receive a zero score for that attempt. Winners will be determined based on who achieves the highest score in the shortest amount of time. In the event of a tie score, the shortest time is the winner.

Any user found to have registered for more than one account, or users found to have shared answers, will be disqualified and ineligible for any awards, prizes, scholarships or other opportunities presented as a result of Cyber Quests.

Registration will close on March 25, 2013 at 9:00pm EDT.
Visit us on Facebook, Twitter, and the Cyber Aces Website for updated information
on the competition and awards throughout the registration and competition period.

For more information about Cyber Quests, please contact Sonny Sandelius at ssandelius@sans.org.

Technical Support questions about the challenge should be directed to support@cyberquests.org. However, please keep in mind that we will not give answers to the quiz itself.

Packet Capture-based Web Vulnerability Analysis (April):

Registration for the USCC Cyber Camp qualifying round will be open March 29th through April 29th, 2013. Participants will be provided with a network packet capture file that they must analyze to identify and interpret various types of network and web application attacks, with a focus on web application traffic. Participants will have to answer questions about the network itself, as well as the activities of the users on the network. The quiz is designed for an intermediate skill level, and all questions can be answered using the Wireshark packet analysis tool. No live network sniffing is required for this challenge; all analysis is done on a provided capture file.

DateDescription
Fri. Mar. 29, 2013 10:00am EDTRegistration opens
Tue. Apr. 16, 2013 7:00am EDTQuiz opens
Mon. Apr. 29, 2013 9:00pm EDTRegistration closes
Tue. Apr. 30, 2013 11:59pm EDTQuiz closes

More details are available here.


PRIVACY STATEMENT:
All information will be used in connection with the activities associated with the US Cyber Challenge and the Cyber Aces Foundation, including statistical reporting for accounting of performance metrics regarding the participants.