Design and evaluation of competition-based hacking exercises

This paper describes the design and delivery of two competition-based small offensive security exercises in an undergraduate Computer and Information Security course at the Faculty of Computing and Information Technology, King Abdulaziz University. We designed competition scenarios for two small exercises based on known attacks. The first exercise aimed to break the Windows Server 2008 password, and the second sought to break the Wired Equivalent Privacy (WEP) wireless network key (password). We present the competition scenarios and design, including the required hardware and software in each exercise. In addition, we give an overview about the attacks and possible defenses against them. We also present the results of a survey conducted to determine students´ sentiments towards these types of exercises and to measure the effectiveness of these exercises in supporting the course´s theoretical concepts from the student perspective. The results strongly suggest that the exercises were informative, motivating, stimulating, and enjoyable. This work was only the first step for us. We look forward to creating more challenging competition-based exercises and rewarding the teams that put forth superior efforts.