Educational Events
This section seems to primarily be scored in the final round and essentially involves scoring a team's ability to be responsible when pentesting.
When pentesting for CPTC, you can't treat the network like any random HackTheBox. This means no changing a user's password, no brute-forcing, no exfiltrating sensitive data, etc.
Here are some things that have been scored (as negative points) in the past:
- Running dangerous exploits without knowing what they do
- Brute-forcing accounts and causing account lockout
- Sending an inappropriate phishing email
- Overloading ICS or other systems to cause a denial of service
Some things to keep in mind:
- If you make a mistake, own up to it ASAP.
- When you are told about a mistake, make sure to react appropriately and professionally.