Please note that this is not a beginner’s pentesting course. You will need experience with Windows AD pentesting for the Enterprise Cup, as well as Linux and OT skills for the OT Cup. While our focus is on evasion by introducing multiple high-severity vulnerabilities and therefore (hopefully making it “easy”), solid technical skills in these areas are essential for achieving the objectives and securing a solid evasion score. You will have access to both your score and the detection events triggered by your team, allowing you to adapt accordingly.
Your main objectives:
- Enterprise Cup: Own the Enterprise Active Directory.
- OT Cup: Modify the control flow of the PLC.
Scoring & Detection
During the engagement, you will connect to a Kali Linux VM within the Enterprise Client network, which you will use for hacking. The network will resemble the one displayed on the front page of the Stealth Cup homepage.
Each team will have its own dedicated infrastructure. As you engage with the environment, you will trigger alerts from various Intrusion Detection Systems (host- and network-based) and an Endpoint Detection & Response (EDR) solution.
Once you reach one of the objectives and verify it through our backend, your current score (based on the severity of detected alerts) will freeze. The team with the lowest score wins! You can reset your score, but this will trigger an infrastructure reset (up to 15 minutes) and will increase your total score at the end (acting as a penalty for multiple resets). For any final score, we will require a short write-up from you on how you tricked the detection. This is to verify that no cheating occurred and for scientific purposes. We don’t need your super-secret, super-fancy hacking tools, just a brief walk-through of your approach. We will provide you with a template for this submission.
Still here?
We invite you to arrive at the T-Center (Google Maps link) no later than 08:30 to ensure enough time for Wi-Fi setup. There may also be an option to connect via Ethernet. All relevant information, including an SSH key for infrastructure access, the scoring, and some details about the infrastructure, will be sent out shortly before the event. So if you are only attacking from remote, this wont be a problem as long as your outgoing network firewall does not block tcp ports 2020-2040.
Attacking the backend, DoS or manipulation of any open source IDS scoring results in disqualification. High-severity vulnerabilities in our backend or our open source IDS configurations reported back to us will earn you street cred.