Hack & Shield is a live attack-and-defence cybersecurity competition. Teams receive intentionally vulnerable web services and earn points by securing their own services while exploiting others. Scores depend on both successful attacks and service uptime.
Guidelines:
Each team is assigned a VM with a unique IP.
Vulnerable services contain flags.
Flags must be submitted to the scoring server.
Services must remain functional after patching.
Live leaderboard displays scores and IPs
Inter-college team members are allowed.
Please bring your own devices and extension box
Requirements:
One laptop per team with Ethernet support
USB-to-Ethernet adapter if required
Minimum 8 GB RAM (16 GB recommended)
25 GB free disk space
VirtualBox or VMware installed
Scoring
Teams receive points for capturing valid flags.
Teams lose points for service downtime.
Further negative points for patching services in illegal ways (eg. Stoppingthe service, changing the flag)
Allowed Actions
Modify code and configuration of own services
Restart or reboot own VM (downtime penalties apply)
Reconnaissance and exploitation on allowed ports
Use standard security tools (nmap, Burp, sqlmap, Metasploit, curl)
Prohibited Actions
Attacking scoring infrastructure or event network
Physical interference with other teams
Sharing or publishing flags or exploits during the event
Changing the firewall settings of the host system or the virtual machines.
