#Attackers#
Attackers have complete freedom of action, so long as they do not disturb the infrastructure needed for holding the contest. Their job: to achieve their objectives by any means possible. Objectives are of a high-level nature (for example, “Get client list from company HiPower”). Objectives vary based on target and can be accomplished in different ways.
Most objectives will be known to attackers in advance. However, some objectives are hidden and can be triggered by certain actions or events. Some objectives can be accomplished only during a certain period of time and only by a single team. Information about teams’ successes and accomplishments will be available throughout the game on the team profiles as well as on the leaderboard.
Attackers may use any tools they like so long as they do not break the core rules. At the start, all teams have basic information about the attackable targets; this information will be available on the forum of The Standoff. All other information must be found by the teams themselves. Attackers are free to exchange information with each other.
At The Standoff, attackers will have the opportunity to create a botnet for mining cryptocurrency. The organizers will provide relevant details to teams by request during The Standoff.
During the game, participants may choose to give short reports on what they have done.
The winner is the attacker team with the highest score (total number of points earned for completed tasks).
#Defenders#
All defenders will be protecting companies in the virtual city. Each team will be assigned a different company to defend. Each team is responsible for monitoring security tools, as well as ensuring the security and integrity of the assets of “their” company.
Teams receive a list of allowed security tools; this list must be strictly followed. All infrastructure and protection systems will be pre-configured by the vendors for maximum transparency of infrastructure-related events.
During the game, teams should periodically give short reports on incidents and events of interest.
Defender teams are scored based on quickness of incident detection and the completeness of the evidence they collect.
Defender teams may be corporate (consist of employees of a single real-world company).