US Cyber Challenge: Cyber Quests November 2012

Welcome to the Cyber Quests portion of the US Cyber Challenge! To participate, please click the Question Engine link on the left and log in with the account that you created when you registered.

Cyber Quests are a series of fun but challenging on-line competitions allowing participants to demonstrate their knowledge in a variety of information security realms. Each quest features an artifact for analysis, along with a series of quiz questions. Some quests focus on a potentially vulnerable sample web server as the artifact, challenging participants to identify its flaws using vulnerability analysis skills. Other quests are focused around forensic analysis, packet capture analysis, and more. The quests have varying levels of difficulty and complexity, with some quests geared toward beginners, while others include more intermediate and ultimately advanced material.

Infrastructure Security (November):

DateDescription
Tue. Oct. 30, 2012 10:00am EDTRegistration opens
Wed. Nov. 7, 2012 7:00am ESTQuiz opens
Mon. Nov. 19, 2012 9:00pm ESTRegistration closes
Tue. Nov. 20, 2012 11:59pm ESTQuiz closes

Securing a real environment against hackers is challenging because of the huge surface area of different systems, technologies and platforms you need to understand to protect. In this challenge you can pit your wits against a wide range of different attacks, vulnerabilities and forensic artifacts that span everything from wireless infrastructure to VoIP systems. You will face cyber criminals' methods of obfuscated command and control, attempts to shred evidence and configuration failures that leave services open to attack. This challenge has a range of questions at different difficulty levels making it accessible to both beginners and more experienced players.

Prerequisites:
i) Basic use of tools for analysis and forensics such as those that are provided in Backtrack
ii) A working copy of Backtrack 5 (recommended) or a similar set of analysis tools
iii) A basic understanding of scripting languages such as PHP and Javascript
iiii) Familiarity with common daemon configuration such as mail servers, web servers and databases.

Important Note: Many questions in this quiz require you to generate a SHA1 hash (sometimes referred to as a flag) and submit it as the answer. When generating the SHA1 hash, be sure not to include any trailing spaces or newlines! There are many ways to generate a SHA1 hash, including online and offline tools. To generate a SHA1 hash at the command line in Backtrack, you can use the following command:
$ echo -n 'text goes here' | sha1sum
For example, the SHA1 hash of the word "test" is "a94a8fe5ccb19ba61c4c0873d391e987982fbbd3". If you come up with a different value, you are calculating the hash wrong!

Also, the ZIP file contains evidence of attacks, but is not malicious in any way. Some anti-virus tools may alert based on the presence of the attack evidence, but none of the files contained within are harmful to your computer.

Registration will open on October 30, 2012, and will close on November 19, 2012. The quiz will be available from November 7, 2012 until November 20, 2012. Registered users will each have three attempts to take the quiz. For each of your three attempts, you will have 24 hours from the time you begin the quiz to complete it, and you may only submit your answers once per attempt. For each attempt, if you do not submit the answers within 24 hours of when you start, or by 11:59pm EST on November 20, 2012 (whichever comes first), you will receive a zero score for that attempt. Winners will be determined based on who achieves the highest score in the shortest amount of time. In the event of a tie score, the shortest time is the winner.

Any user found to have registered for more than one account, or users found to have shared answers, will be disqualified and ineligible for any awards, prizes, scholarships or other opportunities presented as a result of Cyber Quests.

Registration will close on November 19, 2012 at 9:00pm EST.
Visit us on Facebook or Twitter for updated information
on the competition and awards throughout the registration and competition period.

For more information about Cyber Quests, please contact Sonny Sandelius at ssandelius@sans.org.

Technical Support questions about the challenge should be directed to support@cyberquests.org. However, please keep in mind that we will not give answers to the quiz itself.


PRIVACY STATEMENT:
All information will be used in connection with the activities associated with the US Cyber Challenge and the ACES Foundation, including statistical reporting for accounting of performance metrics regarding the participants.