Educational Events

This section seems to only be scored in the final round and essentially involves scoring a team's ability to be responsible when pentesting.

When pentesting for CPTC, you can't treat the network like any random HackTheBox. This means no changing a user's password, no brute-forcing, no exfiltrating sensitive data, etc.

Here are some things that have been scored (as negative points) in the past:

  • Running dangerous exploits without knowing what they do
  • Brute-forcing accounts and causing account lockout
  • Sending an inappropriate phishing email
  • Overloading ICS or other systems to cause a denial of service

Some things to keep in mind:

  • If you make a mistake, own up to it ASAP.
  • When you are told about a mistake, make sure to react appropriately and professionally.

results matching ""

    No results matching ""