I completely realise that the CTF is far from perfect, so any feedback on areas that should be improved, please let me know. As with all CTFs, the infrastructure did require a reboot to restore sanity to the machines at two points, which is really the challenge of running everything as VMs in the one physical box, under a finite amount of memory and CPU. However, I always feel that this is a great thing because the reboot typically only takes 5 minutes and it forces the attendees to actually talk to each other and communicate as opposed to ploughing straight in :)
The challenge had four elements that involved
- known old vulnerabilities on that machine in the corner that couldn't be patched
- two web applications with a load of various vulnerabilities, some hard and some easy
where a range of skills were required
- network scanning
- tcp understanding
- http and application knowledge
- database awareness
- the ability to "google" the odd time for those things you've forgotten
- some lateral thinking
- common sense and the ability to step back and reason with oneself :)
Thanks to Marc Wickenden (of 7 Elements) for completing the tweaks that I made to his superb BSides web application challenge and being awesome; Securityninja for being so innovative and backing the CTF idea; and a huge thanks Realex Payments for supporting our original idea and putting on an excellent show as the host (great facilities, so welcoming, delicious food and a constant supply of refreshments). Some more pictures from the event can be found here. In my experience, it is truly rare that a company will support such an event on-premise, however, I believe that's another reason why Realex Payments are ahead of the game!!!
If you feel like you'd like to run a mini version of HackEire in your company to help educate your team and/or give back to the community, just like Realex have, let me know (mark [AT] kybeire [DOT] com).