On November 12th, MobileIron and Hack the Valley are excited to announce that they're teaming up to host the first annual MobileIron — Hack the Valley Security Challenge. This cybersecurity competition is open to all comers, and pits Silicon Valley’s top security professionals against each other to determine who are Silicon Valley’s Top Security Ninjas. Come for the title, the prize, and the street cred.
The contest will be using a standard Jeopardy style Capture the Flag (CTF) format which has become the format of choice at security events (conferences, meetups, university tournaments, etc). For those who have never seen or participated in a CTF, it is an event where points are scored for hacking into various systems, which are intentionally vulnerable to various types of attacks. This gives you experience on a variety of security issues. Successfully retrieving the flag (a secret answer) will reward your team points! Categories such as reverse engineering, cryptography, reconnaissance, forensics, OWASP Top 10, mobile security, and security trivia require teams to have strong cross-disciplinary cybersecurity skills. We're here to challenge and learn, so you can be sure that answering that 500 point cryptography question will require a crypto guru.
The ultimate prize is knowledge, but we've thrown in a $1,000 prize pool to keep things interesting. CTF contests are designed to give security professionals a glimpse inside the heads of the black hat. Through this they gain first-hand experience in how attackers go about attacking systems, and in turn how to protect against such attacks. This is accomplished by offering security problems of increasing complexity, which mimic real world scenarios. For example, one clue may be that there is something funny on 18.104.22.168. The player may start by running a vulnerability scan on the system in question only to discover that the system is unpatched and vulnerable to CVE-2003-0352. From there, the player fires up her remote exploit kit, which has a module to exploit that vulnerability to gain access to the system. Once on the system, she quickly discovers a file named “secret answer” (aka the flag). In the secret answer file is the text “Magilla Gorilla.” The player types “Magilla Gorilla” into the online scoring system, and the team is awarded 200 points. The team pulls into first place, and the player now knows the value of keeping system patches up to date.
The MobileIron Security Challenge will offer both advanced and beginner contests. In the spirit of education, plenty of security experts from both the MobileIron Security Team and the Hack the Valley organization will be around to give hints, but never enough to propel a team to first place. Come be a part of the opposition for the day, and challenge the depths of your skills and knowledge.
Check your Twitter feed for up to the minute details during and after the event.