Lockheed Martin CYBERQUEST™ Competition, Official Rules

Download the Challenges and Skills Overview

Teams

• Lockheed Martin CYBERQUEST is open to students in public, charter, or private, high schools, or of equivalent age/grade (for home schooled students).
• Each team consists of 3-5 students plus one coach.
• Students on the same team must be from the same school. (Exemption for home schools and case by case requests).
• Only 2 teams per school are allowed in the virtual and on-site events (4 total)
  • Waitlist will not be available in 2023.
• A team should be affiliated with and represent the High School under which they are registering.
• STEM programs are eligible to register a team.
  •  STEM program is a curriculum based on educating students in four specific disciplines — science, technology, engineering, and mathematics — in an interdisciplinary and applied approach. The program of study focuses on the application of the subjects in a challenging and rigorous manner. Courses and pathways cover preparation for post-secondary education and employment.
  • The STEM Program should be a recognized organization/club within the community and high school(s).
  • STEM programs are eligible to register a team with students from different schools if the students’ school cannot form a team.

Coaches

• A coach can be a teacher. A parent can be a coach if the teacher is unable to attend. Coaches will serve as chaperones at the event and participate in activities during the competition.
• Only one coach per team is allowed. If a school has more than one team participating , one coach for multiple teams is acceptable, however, coaches that are associated with on-site teams can't work with the virtual teams.

Additional

• Food allergies cannot be accommodated, teams may bring their own breakfast and lunches.
• Family members cannot be accommodated.
• UNDER NO CIRCUMSTANCES are ANY cell phones, smart watches, e-readers, broad-band network cards or recording devices allowed inside Lockheed Martin facilities.  Please leave ALL phones in your cars.  Since cell phones will not be allowed in any building, we will provide a number where family and friends can reach you in case of emergency. If you are observed in possession of any of these devices, your team is subject to immediate disqualification.

For a complete list of eligibility requirements, visit the pages for each individual location.
For clarifications or questions please contact cyberquest.info@lmco.com.

Technical Specifications

• In-person competition: Each team may bring up to three (3) laptop computers.
• Virtual competition: Each student competing will be able to access the competition network from their computer.
• Hardware / Software Requirements:
  • Microsoft Windows 10 or higher (64-bit operating system, x64 processor)
    • .NET Framework 4.7.2 or higher
    • Microsoft Remote Desktop Connection
  • o   macOS
    • 64-bit macOS Mojave (10.14), Catalina (10.15), or Big Sur (11.0)
    • Microsoft Remote Desktop
  • Linux
    • Ubuntu 18.04 LTS or Ubuntu 20.04 LTS (AMD64 only)
    • rdesktop (Remote Desktop Protocol client)
  • Must have an ssh client
    • Windows: Putty recommended (there are other options as well, any that support ssh connections will work)
    • macOS: Terminal (ssh is built-in)
    • Linux: Terminal, ensure an ssh client is installed such as openssh-client (typically installed by default)
  • Web browser
    • Must have a recently updated (last updated within 1 month prior to the competition day) version of the Mozilla Firefox or Google Chrome browser on each computer
  • Keyboards / mice permitted if desired
  • No printers
  • No Virtual Machines
  • Monitors permitted if desired
  • No thumb drives permitted
  • Reference books are permitted
  • Students participating onsite at a Lockheed Martin facility will be on the Lockheed Martin Guest Wi-Fi, therefore internet access for research via the corporate proxies is permitted
  • Tools / software needed to complete the competition will be provided on the systems within the challenge environment

What May You Encounter?
Challenges may include:

• Web-based attacks - Common vulnerabilities found within websites across the internet
• Windows & Linux privilege escalation - Find vulnerabilities to move from a user to an administrator
• Packet capture & log analysis - A network traffic capture or various application / server logs commonly analyzed by cyber incident responders to retrace an adversary’s steps
• Steganography - The practice of concealing a file, message, image, or video within another file, message, image, or video
• Reverse engineering - The processes of extracting knowledge or design information from anything man-made and reproducing it or reproducing anything based on the extracted information
• Cryptography - The construction and analysis of techniques that prevent eavesdroppers from reading private messages

What Would Be Good to Know

• Linux & bash (including common CLI tools)
• Common inter-computer communications
• Kali & Metasploit
• Network / Host recon (Nmap/ Wireshark)
• Intercepting proxies (Burp Suite)
• Scripting (python)

Common web application security vulnerabilities

• OWASP Top 10
•  Configuring a browser to use an intercepting proxy such as Burp Suite (and how to use that proxy)
• Port scanning tools such as Nmap
• How to use ssh
• Read / write basic bash & html
• Common tools in Kali Linux

A Few Handy Tools (each team will have these tools available on their Windows competition jumpbox system)

• OllyDbg1.10
• x64dbg (snapshot_2018-07-15_19-25) – Open source x64/x32 debugger for windows
• Portable App Platform 
• For Windows, these portable apps may be useful
• 7-ZipPortable
• DiffImgPortable
• DiffpdfPortable
• FileAlyzerPortable
• FirefoxPortable
• FrhedPortable
• GIMPPortable
• gVimPortable
• InkscapePortable
• JPEGViewPortable
• KeepNotePortable
• Notepad++Portable
• PortableApps.com
• winMd5SumPortable
• dotPeek (decompiler)
• aes decryption

Additional Resources

• Common web vulnerabilities
• Tools included in Kali Linux like webshells
• Bash — Search for “intro to bash programming” and read the first few pages of pretty much any result that you find interesting
• Burp Suite
• Nmap — Search for common scan syntax –know how to scan common ports, perform a service scan
• Common Linux commands — Your favorite search engine will answer all your questions
  • awk, cut, sed, wc, less, grep
• Wireshark
  •  Search for how to filter on IP address, port, HTTP request method
  • Search for how to follow streams, inspect packet fields
  • Search for how to carve files from Pcap, stream, specific packet

Encouraged and Forbidden Activities

We encourage you to enjoy and learn from the competition and to be positive and respectful to others.

During the competition, you agree to refrain from uploading any User Content that contains:

• False or misleading information 
• Malicious code, including without limitation viruses, malware, spyware, or ransomware
• Code deliberately intended to consume Website resources or deny the Website’s services to others (e.g., deliberate infinite loops, memory leaks, etc.)
• Code that attempts to employ network communications for any purpose
• Illegal content
• Hate content, defamation, and libel
• Intellectual property not owned by you
• Promotions, advertisements, and other notices relating to third-party activities, including competitions and other activities hosted by third parties
• Personal or third-party social media invitations, such as posting invitations or requests to be followed on Instagram®, Twitter®, Facebook® or other social media platforms
• If you are found to have uploaded any User Content that falls into one or more of the above categories, your team may be subject to corrective actions, up to and including immediate disqualification without further warning

Coaches Honor Code for Virtual Events

We would like to remind coaches that during the competition they should not confer with students to offer problem solving guidance or support. For those teams who will be competing physically together, we ask coaches and teachers to replicate the independent and fair competition environment we would have if the event were being held on site by leaving the competition space if possible. If not possible, we ask teachers to make a commitment to refrain from providing any support or guidance to teams during the competition. All coaches are invited to participate in a virtually hosted Coaches’ Corner while the students are competing. 

Additional rules, modifications, and information will be made available on the day of the event.

OFFICIAL RULES ACKNOWLEDGEMENT AND RELEASE OF LIABILTY

As a condition of my participation in the Lockheed Martin CYBERQUEST competition, I hereby: 

1. Acknowledge that I have read and agree to comply with the Official Rules for the CYBERQUEST competition; and
2. Agree to release and hold harmless Lockheed Martin, its subsidiaries, affiliates, and company’s officers, directors, employees, and agents from and against any claim or cause of action, including, but not limited to, personal injury, death, or damage to or loss of property, arising out of or relating to my participation in the CYBERQUEST competition.

This Agreement shall be governed by the laws of the State of Maryland, without reference to its choice of law rules.

If you have any questions, please contact cyberquest.info@lmco.com.