Yesterday our Ethical Hacking Team from Deloitte succesfully defended their world championship title. Below you find a full report from the team captain.
Well done boys !
I’m happy to inform you that we did it! After our win in March today we became global CyberLympics champion again!
This year the CyberLympics organization setup was a King of the Hill competition. Meaning that you have to hack a system, plant your flag (A hash in a text file) and secure that system so that no other teams can compromise the system where you just put the flag. Next planting a flag you also received points for securing the system and keeping the services running.
We spent the last month preparing for this final and made sure everyone had a role. The tasks were divided as follows:
Gijs & Thijs (*ijs): attack, try to hack as many systems as quickly as possible
PJ & Henri: defense, make sure existing vulnerabilities are quickly resolved to retain control over the systems and gain points for fixing vulnerabilities.
Jochem: Cracking passwords and performing Nessus scans.
Steven: Team leader, making sure roles are divided and handing out tasks to everyone and discussing issues with the organization.
During the prequels 248 teams participated from all over the world out of 52 countries. From these only 7 teams made it to the finals. In the final we played against teams from Australia, Europe, North America, South America, Africa and Asia.
When the game started we (Hack.ERS) were in the lead within a few seconds. Gijs’ script compromised the first server automatically as soon as we hit “enter”. Soon after we compromised that server, the PRauditors from Hungary compromised another server, so it was a draw. We reacted quickly and compromised two more systems. Then the score was full in favor of Hack.ERS.
However the other Hungarian team Gula.sh was able to steal 2 systems from us. So gula.sh was in in first place for 5 minutes. Because 5 minutes after that they lost the systems again to other teams. After 30 minutes we were able to compromise another system what gave us the lead again(2 Systems for Hack.ERS).
From that point on we were able to retain our lead and slowly improve the score towards a stable lead of 5 compromised system, while the other teams had no more than 1 or 2. On some of the systems we had to battle fiercely since we both had access, however they were so old it was nearly impossible to prevent the other teams from gaining access. These kept going back and forth until the end of the game. On many other systems Henri and PJ had successfully installed patches which not only kept the other teams out, but also provided us with extra points resulting in a good lead.
After 3 hours 4 additional servers were added. Hack.ERS *ijs were able to compromise 2 of those new systems quite quickly and we managed to retain these systems for almost the entire remaining time. Soon after that Hack.ERS had compromised 5 systems, while the other teams only had 1 or 0. This remained until the last 1,5 hour, then the organization decided to add 15 new systems to the game, making it anyone’s game. The *ijs tandem compromised some of these systems swiftly and we added five new systems to our Hack.ERS score, making the total of compromised systems 10.
The last hour this score of compromised systems changed from 10 to 9 to 8 and back to 9. The last 45 minutes the exact scores were hidden (the attached screenshot was taken 45 minutes before the end of the game), however when the game ended we had 9 systems under our control, while the other teams had only 1 or 2.
With this score we received the gold medal and defended the title of Global CyberLympics Champions with a good lead!
All the best from Miami and regards,
Gijs, Thijs, Henri, PJ, Jochem, Dirk, Derk and Steven