Download the Challenges and Skills Overview

What May You Encounter?

Challenges may include:

  •  Web-based attacks
  • Common vulnerabilities found within websites across the internet
  •  Windows & Linux privilege escalation
  •  Find vulnerabilities to move from a user to an administrator
  •  Packet capture & log analysis
  • A network traffic capture or various application / server logs commonly analyzed by cyber incident responders to retrace an adversary’s steps
  • Steganography
  • The practice of concealing a file, message, image, or video within another file, message, image, or video
  • Reverse engineering
  • The processes of extracting knowledge or design information from anything man-made and reproducing it or reproducing anything based on the extracted information
  • Cryptography
  • The construction and analysis of techniques that prevent eavesdroppers from reading private messages

What Would Be Good to Know

  • Linux & bash (including common CLI tools)
  • Common inter-computer communications
  • Kali & Metasploit
  • Network / Host recon (nmap/ wireshark)
  • Intercepting proxies (Burp Suite)
  • Scripting (python)

Common web application security vulnerabilities

  • OWASP Top 10
  • Configuring a browser to use an intercepting proxy such as Burp Suite (and how to use that proxy)
  • Port scanning tools such as nmap
  • How to use ssh
  • Read / write basic bash & html
  • Common tools in Kali Linux

A Few Handy Tools

  • OllyDbg1.10
  • x64dbg (snapshot_2018-07-15_19-25)
  • Portable App Platform
  • For Windows, these portable apps may be useful
  •  7-ZipPortable
  • DiffImgPortable
  • DiffpdfPortable
  • FileAlyzerPortable
  • FirefoxPortable
  •  FrhedPortable
  • GIMPPortable
  • gVimPortable
  • InkscapePortable
  • JPEGViewPortable
  • KeepNotePortable
  • Notepad++Portable
  • PortableApps.com
  • winMd5SumPortable

Additional Resources

  • Common web vulnerabilities
  • Tools included in Kali Linux like webshells
  • Bash — Search for “intro to bash programming” and read the first few pages of pretty much any result that you find interesting
  • Burp Suite
  • Nmap — Search for common scan syntax –know how to scan common ports, perform a service scan
  • Common Linux commands — Your favorite search engine will answer all your questions
    awk, cut, sed, wc, less, grep
  • Wireshark
    • Search for how to filter on IP address, port, HTTP request method
    • Search for how to follow streams, inspect packet fields
    • Search for how to carve files from Pcap, stream, specific packet

Eligibility Requirements

  • Two teams can represent a school. Schools may register up to 3 teams. Third teams will be waitlisted until registration is opened to them on Monday January 18th. From the waitlist, teams will be accepted on a first come, first served basis or other criteria determined by the planning committee. If a third team is accepted, the school will be notified via email on or after January 18th.
  • 2 – 5 High School students per team allowed
  • One Coach per team. One coach for multiple teams is acceptable.
  • Students on the same team must be from the same school. (Exemption for home schools and case by case requests)
  • A team should be affiliated with and represent the High School under which they are registering.
  • STEM programs are eligible to register a team
    • STEM program is a curriculum based on educating students in four specific disciplines — science, technology, engineering and mathematics — in an interdisciplinary and applied approach. The program of study focuses on the application of the subjects in a challenging and rigorous manner. Courses and pathways cover preparation for post-secondary education and employment.
    • The STEM Program should be a recognized organization/club within the community and high school(s).
    • STEM programs are eligible to register a team with students from different schools if the students’ school cannot form a team.
  • Virtual competition: each student that is competing is allowed to access a computer
    • Must have a Microsoft RDP clientindows: Microsoft Remote Desktop Connection
    • Mac / OS X: Microsoft RDP
    • Linux: rdesktop
    • Must have an ssh client
    • Windows: Putty recommended (there are other options as well, any that support ssh connections will work)
    • Mac / OS X: Terminal (built-in)
    • Linux: Terminal, ensure an ssh client is installed such as openssh-client (typically installed by default)
    • Must have a recently updated (last updated within 1 month prior to the competition day) version of the Mozilla Firefox or Google Chrome browser on each computer
    • Keyboards / mice permitted if desired
    • No printers
    • No VMs
    • Monitors permitted if desired
    • No thumb drives
    • Reference books are permitted
    • Students will be on Lockheed Martin Guest Wifi, therefore internet access for research via the proxies is permitted
    • Tools / software needed to complete the competition will be provided on the systems within the challenge environment

Encouraged and Forbidden Activities

We encourage you to enjoy and learn from the competition and to be positive and respectful to others.

During the competition, you agree to refrain from uploading any User Content that contains:

  •  False or misleading information 
  •  Malicious code, including without limitation viruses, malware, spyware or ransomware,
  •  Code deliberately intended to consume Website resources or deny the Website’s services to others (e.g. deliberate infinite loops, memory leaks, etc.)
  •  Code that attempts to employ network communications for any purpose
  •  Illegal content
  •  Hate content, defamation, and libel
  •  Intellectual property not owned by you
  •  Promotions, advertisements and other notices relating to third-party activities, including competitions and other activities hosted by third parties
  • Personal or third-party social media invitations, such as posting invitations or requests to be followed on Instagram®, Twitter®, Facebook® or other social media platforms
  • If you are found to have uploaded any User Content that falls into one or more of the above categories, your team may be subject to corrective actions, up to and including immediate disqualification without further warning. 


Lockheed Martin CYBERQUEST™ Competition Event

Competition 2.0 date for 2021 will be Saturday, March 20th.

2021 Virtual  Locations

Bethesda, MD
Denver, CO
Fort Worth, TX
Hanover, MD
Herndon, VA
King of Prussia, PA
Orlando, FL
Stratford, CT
Whiteley, UK

Contact CYBERQUEST:
For additional information,
please email the cyberquest.info@lmco.com

2021 CYBERQUEST® Registration