King of the Hill

King of the Hill


A real shooter for pentesters, which is as close to reality as possible. King of the Hill includes three information systems, which are exact duplicates of typical external perimeter of an average enterprise network. The perimeter of such an enterprise includes vulnerable web application and various services (administration interfaces, databases, etc.), and Microsoft Active Directory behind them (on the second level).




The aim of the participants of King of the Hill is to detect vulnerabilities of the systems, exploit them and, the most important of all, keep control over the systems as long as it is possible. The trick is in  regeneration of the sets of vulnerabilities in the systems. The participants encounter a dilemma — whether to try to attack the neighboring systems or to proceed with vulnerability detection on the systems which are under control already. As in real life, the largest number of points is given for keeping control over Active Directory, since attacking AD requires keeping control over first level systems.