episec about episec services offered pricing of services press releases contact us people: public employee pages security: methods and methodologies learning: episec custom courses site map the episec challenge
 



The Episec Challenge


NOTE: Our dedicated Challenge host will come into existence shortly. After we receive the hardware and construct the operating environment, this page will be filled with useful information for cracking our system.


Are you itchy to test your skills?

Do you have doubts that a system can really be secure?

Do you need cash?

The episec challenge is as follows. We put a system on the 'net, and you hammer at it. You may be a "script kiddie" trying to get lucky, or you may be a seasoned exploit researcher and coder looking to test your skills and maybe even earn a little extra money. If you break in, you take the prize and you get the credit.

What's more, we don't log what you do. Sure, we keep some diagnostic messages for about a day, and we check through them regularly to look for hardware or software failures. We want to keep the system in tip-top shape, so you can hack at it without interruption. Don't be shy, though... ip addresses aren't recorded through our diagnostic messages. We also log extreme activity that can be considered dos attacks, and we may block hosts that deliver them. But even these logs will be gone in 24 hours' time. We make no log backups, and when we erase a logfile, we overwrite it with random characters multiple times to ensure it will never be recovered. If we need to keep specific logs past the 24-hour mark, we'll copy the problem lines to another file instead of keeping the whole thing. We appreciate anonymity, and we know our attackers feel the same.

So here's the deal. You break into our dedicated cracking host and let us know (you'll need to leave a file behind with your name or alias and a valid e-mail address in it), and we'll give you $500. Don't worry; we're working on adding to this amount significantly. You'll need to tell us how you did it, and we'll make sure it's reproduceable. If this ends up happening, we'll set up a new system and offer another reward. We'll post your name (or alias) here, along with how you did it, how long it took you, and how much you got for cracking the system.

Some people may have ideas other than ours as to what constitutes cracking a system. We'll post any information about disputes here.