Q: What is a “Scope”?
A: The pentest scope defines and details exactly what is to be tested. What targets are to be tested and which are not to be touched.
Q: What is a ROE?
A: Rules of Engagement. It is a document that describes how the tests are to be conducted. It can include limitations on times, tools, and techniques that can be employed. It can also detail any restrictions imposed by the client.
Q: So what does the pen test system look like?
A: You will be provided access to the hosting environment in advance to the event so that you and your team can become familiar. You will NOT get early access to the pen testing targets but you will get access to a representative target environment for practice.
Q: If our team or member gets disqualified, is there an appeals process?
A: No. During an actual engagement your company can be cut from a contact as a result of your behavior. This event will mirror real life as closely as possible.
Q: Will we get any feedback on what we did well or not so well besides the final score?
A: Yes. Feedback about potential vulnerabilities and other considerations is intended to be provided after the event.
Q: If we own legitimate licenses for commercial pen testing software, can we bring it with us to use in the competition?
A: No. Selected commercial packages will be provided for each team at the event.
Q: What things might disqualify members our team or members?
A: Unprofessional, rude or offensive behavior at or during the competition. Cheating, rule violations, or illegal activities.