Hacker Challenge Reporting Template

This guide shows the required sections of the report write-up and the point value for each section. In order to qualify for a valid submission, a report must earn at least 27 points. In addition, minimum points must be earned in each section as listed below. Those which do not earn the minimum points for the report will not earn $100 or be eligible for bonuses, even if the protections were successfully defeated.

Reports will be scored based on:

• Background (5 points, 2 minimum)
• Attack Narrative (20 points, 14 minimum)
• Time to break (5 points, 3 minimum)
• Tools used (5 points, 3 minimum)
• Conclusions and suggestions for improvement (5 points, 3 minimum)
• Format and readability (5 points, 2 points minimum)

Reports must be in English. Please submit reports in a Microsoft Office compatible format (DOC, RTF, TXT, etc.) or PDF. Reports must be relatively easy to understand, so very poorly written reports will not receive as high marks. Points are awarded for thoroughness, accuracy, and depth of analysis. For instance, simply stating that a protection was located and defeated will earn minimal points; saying how it was located and defeated will earn more points. Maximum points are earned by providing correct and full technical details (memory addresses, function calls, etc.) on how protections were defeated or circumvented.

Following are detailed descriptions of the sections that should appear in a final report. Sections should use the specified names (i.e. "Background", "Attack Narrative", etc.), and should appear in the final report in the order given below.

Background: 5 points

Provide a summary of the overall challenge process. Describe the goals of the testing, whether or not the protection was defeated, lessons learned during the testing, etc.

Attack Narrative: 20 points

This section is a step-by-step narrative describing how the protection was successfully defeated. Ideally, a reverse engineer should be able to use this section to replay your attack. It should be relatively succinct and easy to read. It should include information on all protections that were observed and all actions taken to defeat the protections. It should not be too low level (i.e. don't have steps like "Click on 'File' and choose 'Open'", etc.).

Time to break: 5 points

State how much time was required for this attack. How much time was required understanding the various protections, developing scripts or tools, researching on the internet, etc.

Tools used: 5 points

List and briefly describe the tools used (software, and hardware other than the testing computer) for this attack. Why were these tools used? Describe any tools developed specifically to solve this problem; if a script was written include the source code with this report.

Conclusion: 5 points

Summarize the outcomes of this effort. Describe how effective the protection was, and any improvements that could be made to the protection that would make it more difficult to defeat.