Being a security analyst at Compass Security is an interesting thing, no doubt. Besides interesting projects, there is plenty of know-how transfer and interactions between the employees. For example, each year, all security analysts come together for an event called Come’n’Hack Day. During this year’s event, they had the pleasure to perform an attack/defense hacking contest against each other.
Hacking-Lab‘s new Capture The Flag (CTF) system was used for this purpose. It was only the second time this system was used for an event, after the premiere at the European Cyber Security Challenge final last October in Lucerne.
The participants were spread on three teams: Proxy Foxes, Lucky Bucks and Chunky Monkeys. Each team owned servers with running applications, and had different tasks to perform in order to get points:
- ATTACK – Attack the other team’s applications, and steal a gold nugget.
- DEFENSE – Protect its own applications.
- CODE-PATCHING – Find and patch vulnerabilities in its own applications.
- AVAILABILITY – Keep the own applications up and running.
- JEOPARDY – Solve hacking challenges (cryptography, networking, etc.).
- POWNED – Try to exploit the other teams’ servers.
After a hard fight, the Chunky Monkeys grabbed the first place, closely followed by the Lucky Bucks:
All attendees enjoyed the highly eventful day. With six different ways to score points, each participant could contribute to its team’s success. This makes such a CTF occasion not only a great social event idea for security analysts but potentially for any organization having technical skilled employees (IT security officers, sysadmins and/or developers)!