KotH participants are divided into teams, and each team must work
together to attack, control, and defend as many computers on a target
network as they can.
Gameplay occurs over a large, complex, isolated virtual environment,
comprised of vulnerable Linux and Windows virtual machines of various
builds that are spread across multiple partially interconnected subnet-
works. Below is an example network we used in a recent competition:
Here, there are four teams — Blue, Green, Orange, and Red —
each of these teams must pivot repeatedly in order to reach many of the
machines in the virtual environment.
Each team's goal is to exploit as many vulnerable machines on the
network as they can, claim them by calling out to the global scorebot,
defend them from other teams, and protect their critical services.
Teams earn points keeping critical services up-and-running on the
machines they control. They therefore have to consider the real-world
trade-offs between keeping a vulnerable service up or shutting it down
to help keep the rest of their network safe from attack.
For detailed information, please view our
ASE 2018 paper.