Download the Challenges and Skills Overview

What May You Encounter?

Challenges may include:

  • Web-based attacks
  • Common vulnerabilities found within websites across the internet
  • Windows & Linux privilege escalation
  • Find vulnerabilities to move from a user to an administrator
  • Packet capture & log analysis
  • A network traffic capture or various application / server logs commonly analyzed by cyber incident responders to retrace an adversary’s steps
  • Steganography
  • The practice of concealing a file, message, image, or video within another file, message, image, or video
  • Reverse engineering
  • The processes of extracting knowledge or design information from anything man-made and reproducing it or reproducing anything based on the extracted information
  • Cryptography
  • The construction and analysis of techniques that prevent eavesdroppers from reading private messages

What Would Be Good to Know

  • Linux & bash (including common CLI tools)
  • Common inter-computer communications
  • Kali & Metasploit
  • Network / Host recon (nmap/ wireshark)
  • Intercepting proxies (Burp Suite)
  • Scripting (python)

Common web application security vulnerabilities

  • OWASP Top 10
  • Configuring a browser to use an intercepting proxy such as Burp Suite (and how to use that proxy)
  • Port scanning tools such as nmap
  • How to use ssh
  • Read / write basic bash & html
  • Common tools in Kali Linux

A Few Handy Tools

  • OllyDbg1.10
  • x64dbg (snapshot_2018-07-15_19-25)
  • Portable App Platform
  • For Windows, these portable apps may be useful
  • 7-ZipPortable
  • DiffImgPortable
  • DiffpdfPortable
  • FileAlyzerPortable
  • FirefoxPortable
  • FrhedPortable
  • GIMPPortable
  • gVimPortable
  • InkscapePortable
  • JPEGViewPortable
  • KeepNotePortable
  • Notepad++Portable
  • winMd5SumPortable

Additional Resources

  • Common web vulnerabilities
  • Tools included in Kali Linux like webshells
  • Bash — Search for “intro to bash programming” and read the first few pages of pretty much any result that you find interesting
  • Burp Suite
  • Nmap — Search for common scan syntax –know how to scan common ports, perform a service scan
  • Common Linux commands — Your favorite search engine will answer all your questions
    awk, cut, sed, wc, less, grep
  • Wireshark
    • Search for how to filter on IP address, port, HTTP request method
    • Search for how to follow streams, inspect packet fields
    • Search for how to carve files from Pcap, stream, specific packet

Eligibility Requirements

  • One team can represent a school unless otherwise stated on the site-specific pages. Schools may register up to 3 teams. Second and Third teams will be waitlisted until registration is opened to them Tuesday, September 17th. From the waitlist, teams will be accepted on a first come, first served basis or other criteria determined by the planning committee. If a second team is accepted, the school will be notified via email on or after September 17th.
  • 2 – 5 High School students per team allowed
  • Up to two coaches per team is allowed.
  • Students on the same team must be from the same school. (Exemption for home schools and case by case requests)
  • A team should be affiliated with and represent the High School under which they are registering.
  • STEM programs are eligible to register a team
    • STEM program is a curriculum based on educating students in four specific disciplines — science, technology, engineering and mathematics — in an interdisciplinary and applied approach. The program of study focuses on the application of the subjects in a challenging and rigorous manner. Courses and pathways cover preparation for post-secondary education and employment.
    • The STEM Program should be a recognized organization/club within the community and high school(s).
    • STEM programs are eligible to register a team with students from different schools if the students’ school cannot form a team.
  • For clarifications or questions please contact
  • Family members cannot be accommodated.
  • Each team is allowed to bring up to 3 computers per team unless otherwise stated on the site-specific pages
    • Must have Wifi connectivity; there will be no provisions for wired connections
      • Must have a Microsoft RDP client
      • Windows: Microsoft Remote Desktop Connection
      • Mac / OS X: Microsoft RDP
      • Linux: rdesktop
      • Must have an ssh client
      • Windows: Putty recommended (there are other options as well, any that support ssh connections will work)
      • Mac / OS X: Terminal (built-in)
      • Linux: Terminal, ensure an ssh client is installed such as openssh-client (typically installed by default)
      • Must have a recently updated (last updated within 1 month prior to the competition day) version of the Mozilla Firefox or Google Chrome browser on each computer
      • Keyboards / mice permitted if desired
      • No printers
      • No VMs
      • Monitors permitted if desired
      • No thumb drives
      • Reference books are permitted
      • Students will be on Lockheed Martin Guest Wifi, therefore internet access for research via the proxies is permitted
      • Tools / software needed to complete the competition will be provided on the systems within the challenge environment
  • UNDER NO CIRCUMSTANCES are ANY cell phones, smart watches, e-readers, broad-band network cards or recording devices allowed inside the facility.  Please leave ALL phones in your cars.  Since cell phones will not be allowed in any building, we will provide a number where family and friends can reach you in case of emergency. If you are observed in possession of any of these devices, your team is subject to immediate disqualification.

Lockheed Martin CYBERQUEST™ Competition Events

Competition date for 2021 will be Saturday, February 6th.

2021 Virtual  Locations

Bethesda, MD
Canberra, AUS
Denver, CO
Fort Worth, TX
Hanover, MD
Herndon, VA
King of Prussia, PA
Orlando, FL
Stratford, CT
Whiteley, UK

Contact Cyber Quest:
For additional information,
please email the