Previous experiences thought us that you don't have to be an experienced hacker to successfully compete at Hâck The Hague. You definitely don’t have to know everything about all the tools and technologies, a basic knowledge can suffice. What's most important is to play on your strengths. Every person has a unique way of looking at things and can find vulnerabilities that others overlook. Rely on your own skills and creativity and use the tricks you know well.
Participating in hack events like Hâck The Hague is an excellent opportunity to enhance your hacking skills. We have selected 6 tips that will help both students and professionals prepare for this year's Hâck The Hague:
1. Update your laptop
Make sure you come with a laptop that is fully updated with the latest versions of all the tools you might need. Think for example of Kali, the most extensive package or Parrot. And make sure you have everything at your fingertips.
2. Team participation
If you participate with a team, make the most of the individual skills of your team members. We recommend to have a generalist who can keep an overview of the entire playing field, someone who knows all the ins and outs of specific tools, and someone who can dive deeper into certain areas that need further exploring. Task management is key in team collaborations. Every individual has his/her own way of looking at things and will therefore find vulnerabilities that others might overlook. Together you know more than on your own, so make sure to use each other as sparring partner during the event.
3. Role of team captain
The biggest challenge a team captain faces is to make sure that team members focus on the tasks where they add most value. Keep in touch with your team members and their efforts whilst focusing on your own job - so a bit of multitasking skills might come in handy too. Other important aspects for team captains to be aware of is that you are responsible for a timely submission of the proof of concept of your team, that you are required to be (digitally) present at the award ceremony with your camera turned on, and that you are the spokesperson for the entire team before, during and after the event.
You might prepare for Hâck The Hague last minute (or not at all), but when you participate with a team it’s worthwhile to start earlier. Discuss strategy, who will be responsible for what, and how you plan to keep track of each other’s activities.
5. Refresh your skills
- Practice by means of Capture the Flag events like the OWASP Juice Shop.
- Another place where you can find plenty of training material to help you come well prepared is Hack the Box Academy.
- Check out the OWASP Top Ten, a description of ten common security risks of web applications.
- Tryhackme also offers challenges to practice your skills.
- Certified Secure also offers all kinds of challenges, including theoretical knowledge that might come in handy. They also offer companies checklists so they can verify the digital security of their apps and systems.
6. Rules of engagement
Make sure you review the rules of engagement carefully. The rules of engagement outlines the scope of what can be hacked during the competition. Please make sure to prevent data leaks from happening, disrupting systems or websites and ensure you don't break anything. Needless to say brute-forcing and ‘flood based’ attacks are not allowed. Also, excessive generating of traffic with automatic tools such as Dirbuster, Nmap, Skipfish and so on to scan the environment broadly, must therefore be limited (non-intrusive).
Tips for students
As a student you might find these following tips from fellow students helpful:
- 2019 Student winners Marius and Robin tell you all about their (lack of) preparation in this video and how they came to their winning hacks.
- Check out 2019 Student winner Michael de Klein’s preparation and experience here.
- Download the student information leaflet here.
Last but not least, keep an eye out for the Hâck The Hague website where we regularly post tips and tricks and explain how submitted vulnerabilities of past events were being resolved.