Today, I participated on Symantec Cyber Readiness challenge. These are my thoughts about competition.
Why is it cool?
As I am not allowed to disclose any competition questions and flags (competition is organised like capture the flag game) I will say only few brief informations.
Cool thing about this competition is that someone (thanks Symantec) created real hands-on hacking environment for relative wide audience. This kind of testing was domain of security certifications like CEH or privately provided trainings.
You will learn stuff about your tools – there is always a space for improvement. And – it is always good thing, knowing where are your limits. We all should master our tools.
Where it fails
Does not matter what people thing, this is not penetration testing nor hacking simulation. Real world compares with competition same way that ocean compares with pool. Yes, you can drown in both but swimming in pool is a lot simpler than swimming in ocean. Take it as a bootcamp testing environment.
Conclusion
If you have opportunity go for this event. You will learn something new, and you will have great fun. Do not come unprepared. I came only with MacBook Air and some old Backtrack (I did not done my homework). My recommendation: test if your tools are working (my Metasploit was broken – usual Ruby, Gem lib stuff), test if you can use your tools (fcrackzip and nmap has segfaulted few times). Make sure your clipboard is working. It is really annoying to rewrite hashes from screen.
Oh btw: I’m glad I finished first. It means I’m going to Nice for next round. I am still worth something as security person. :)