Network Security

Contestants launch nearly 39,000 attacks in Radware Hacker’s Challenge competition

The first-ever U.S.-based Radware Hacker's Challenge took place in New York City last week, daring pentesters, bug bounty hunters, and other security pros to launch attacks on a simulated network and website in a head-to-head race against the clock.

Designed to evoke the feel of real-world threats, the competition challenged participants to infiltrate an infrastructure composed of Cisco Systems and Radware solutions, completing a series of tasks worth varying amounts of points. For instance, launching a denial of serial attack was worth 500 points, while changing or deleting website content was worth 1,000 points. At stake: a cash prize or a trip to the Black Hat conference in Vegas.

The contest was divided into four rounds. In the first round, the network was configured at its highest level of security –  and with each ensuing round, protections were subsequently loosened. While the contestants were relatively few in number, they still managed to launch nearly 39,000 attacks against the network in a two-hour span. (Ultimately, the winner was a man using the handle Dark Vader, who required that his identity not be revealed.)

Among the most common attacks: “SQL injections seemed to be the prominent thing that everybody was going after,” said Joel Esler, open source manager and threat intelligence team lead at Cisco's Talos division.

“It's usually a popular attack because at the end of the day, they can get customer data and client data. These are things that they can go on the dark net and sell for profit,” said Daniel Smith, head of security research at Radware's emergency response team, noting that they can also hold the data for ransom.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.