King of the Hill (KotH) is a cybersecurity competition that combines network assessment and defense strategies into a single event.
Compete for control over infrastructure and the critical services hosted on them.
Secure points by planting your team flag on the machines. Harden the machine to secure your team's presence. You and up to 3 others must decide how best to use your time.
Overview: There are two main tasks in KotH: plant your flag; secure your foothold. The team with the most points at the end wins!
Establishing Foothold: You will be given a range of IP addresses to scan and attack. Each machine will be vulnerable in a different way. Attacks range from anonymous credentials and CVEs, to web application vulnerabilities and brute forcing. Once in, find the flag file and replace it with your own.
Securing your Position: Any machine you have a foothold on is vulnerable to being taken over. Secure the machines you can to remain on top.
In SWIFT's Red vs. Blue (RvB), you and up to 3 teammates battle for control of your own network.
Configure firewalls, patch software, and implement other security measures to block an active red team from taking down your servers and services.
SWIFT's RvB teaches skills in IT, system administration, business, and much more. In RvB, participants take the seat of an incident response team responsible for defending a company's network of computers against a real-time threat.
Overview: There are two ways to earn points in RvB: keeping your servers operational and completing various business tasks from management. After sign-ups close, all teams will receive a briefing packet that includes important details about a fictional business and the network you are responsible for. The team with the most points at the end wins!
Service Uptime: RvB mocks a real business. Keeping your business servers (and the services they host) up and operational is important. Your team earns points every few minutes for each service you keep functional. An automated scoring engine will automatically poll the core functionallity of each of your business-critical services. The scoring engine will have a scoring portal for you to view the status of your teams services. But be careful! If you accidentally cause a service to become unoperational or if the red team takes makes a service no longer fit for business, that service won't earn you points!
Injects: Your main business task is to keep your services operational. However, throughout the competition, your team will receive additional business tasks, called injects. The business that hired you may ask you to complete technical tasks like setting up a new service, or ask for business documents like an inventory report of the network. Completing injects will reward you with lots of points, but make sure to do it before the deadline or no points for you.
Originating from a partnership between SWIFT, CPP's CCDC/CPTC teams, and Troy High School, RvB has always been designed to be a learn-by-doing opportunity. SWIFT aims to expand this opportunity for SWIFT members and give the competition experience into everyone's hands.
Since its inception, past competitors, alumni, and other volunteers have joined the team to share their professional experiences with participants and continue to make RvB better.
The goal of the competition is to provide participants with practical experience in identifying and defending against cyber threats, and to help improve incident response and incident management skills.