Hackers Challenge | SAINTCON 2019

About the Hackers Challenge Contest

The Hackers Challenge contest is an event held annually during the SAINTCON conference to challenge your skills as a security professional by presenting players with technology, logical, and security related puzzles and challenges.

Roughly defined, the Hackers Challenge contest is a Jeopardy-like progressive game where players are presented with puzzles that require various security and technical skills to solve. Attendees work on these challenges and submit keys collected from solving them in order to earn points. The person with the highest score at the end of the contest wins.

What you need to know about Hackers Challenge

Josh Galvez, the current game maker gives some insight on how to play the game, skills and knowledge you might needs, and tips and tricks for being successful in this talk from 2016.


GAMEPLAY

Points in the Hackers Challenge contest are awarded for successfully solving the challenges presented during the contest.

This years game will host 2 game boards, each with their own URL and credentials.

First) A beginners board, that will be lab driven in collaboration with the SAINTCON Hacker Labs. These challenges will encourage you to learn new methods of hacking. You will be able to engage the lab systems and walk through step by step. Scoring for this board will be static points values. (eg: 100, 100, 200, 300, etc.). There will be no first solve or holding time bonus on these puzzles. All puzzles will be open to all players from the beginning. There will be prizes to the top scoring players. All points earned on this board will be ineligible for scoring of the dominating hacker to win the SAINTCON Hackers Challenge Black Badge.

Second) An Intermediate to Advanced difficulty board. These puzzles will be for our seasoned Hackers Challenge players and those wanting to try something self guided. It will host puzzles across a wide array of disciplines, we expect no single person will be able to solve all puzzles on this board. This is the Black Badge contest. Scoring will occur based on the algorithm in the Scoring section below.

PLAY THE GAME

The Gameboard Server is located at www.hackerschallenge.org and is available at the start of the conference. The Gameboard Server is out of scope. Do not attack the Gameboard Server. Doing so will result in disqualification. We monitor these types of things closely.

REGISTRATION

In order to play in this contest, you need to register with an account. For this year, the registration process is:

KEYS

Each challenge will provide you with a “KEY”. A key is roughly defined as a string of alphanumeric characters less than 255 characters in length. They will usually be found wrapped in “flag{ }” brackets. When they are not, they should be obvious that you have completed a puzzle and must submit the final answer as the key. Although this is the standard, keys can vary and may be something you do not expect. To score points for the challenge, you will need to submit the key to the game server while you are logged in.

SCORING

All challenges within the contest are worth the same number of points initially, however points for the game are divided across the scores for each person who has solved them. This means that if a 1000 point challenge has been solved by two people, each person would hold 500 points for the challenge. If a third person solves the challenge the value of the challenge will become 333 points for all solvers, and so on.

This scoring method provides the a lot of fliudity in the game, and can have a large impact on scores throughout the entire contest. Its design is multi-purpose:

The first person to solve the challenge gets extra points. They will also continue to accrue bonus points each hour until someone new has solved the challenge. This gives an advantage of being first to solve, and also discourages them from sharing keys with others.

API INSTRUCTIONS

You may build a script or other interface using the game API. The API URL is: https://www.hackerschallenge.org/play/api/{API KEY}/{Flag Being Submitted}

This should make scripting submissions to the game easier. Remember, brute force guessing of flags is not allowed.

CONTEST SUPPORT

If you need help completing a challenge, you can visit the Hacker Lounge or ask for assistance on the #HackersChallenge channel in Slack. The Hacker Lounge is a great place to hang out and work collaboratively on the game.

Hints may be given for some challenges during the course of the game, and only if we feel that a hint is needed or justified. Hints will appear on the individual challenge screen for all to see. Most hints will also be announced via the Twitter Feed.

The game also features an Incident Reporting System. In the event you suspect that a challenge is not functioning properly, you can alert the game administrators directly in the game. We will respond quickly, verify it, and confirm it is working or not. This will allow all to know if they are working on a broken challenge.

GAME CHANGE ALERTS

Live updates about the game can be monitored by following the @SAINTCONHC twitter feed. All major changes in the game, and progress will be updated automatically using this feed. Following this feed will help you in keeping up with the game.

CATEGORIES

The following categories will be featured in the Hackers Challenge Contest this year:

CONTEST RULES

The rules for the Hackers Challenge are loosly defined, but strictly include the following:

DISCLOSURES

The SAINTCON Hacker's Challenge admins reserve the right to disqualify and/or change scores for participants who violate the game rules or participate in unprofessional conduct. We reserve this right without right of dispute or for any other reason we feel is appropriate or prudent. Also be warned: We have ways of monitoring cheating, sharing of flags, and other shenanigans that might go on. Get away with it... Good for you! Get caught, your score will suffer.