The Dragon Research Group (DRG) Challenges are designed to help develop security community expertise and bring practical security solutions to fruition for the public benefit. At select events our volunteers will construct and coordinate hands-on information security challenges that will inspire, educate and entertain attendees. In addition to hands-on, in-person events, the DRG also coordinates online challenges for the greater information security community that is open to anyone with an Internet connection, the interest and motivation to compete. Where possible, the DRG awards some prizes to winning contestants. Prizes vary by venue and challenge, but winners always receive heaps of praise and public recognition for their achievement.

A public, moderated challenges mailing list has been setup to help support DRG challenges and information security challenge-related discussion. Join the discussion today.

Upcoming DRG Challenges

Current DRG Challenges

Past DRG Challenges


The DRG wishes to acknowledge and thank Anthony Kasza for helping identify many of the references to other challenge-related resources.

US Cyber Challenge: Cyber Quest
"The USCC-sponsored Cyber Quests are a series of fun but challenging on-line competitions allowing participants to demonstrate their knowledge in a variety of information security realms. Each quest features an artifact for analysis, along with a series of quiz questions. Some quests focus on a potentially vulnerable sample web server as the artifact, challenging participants to identify its flaws using vulnerability analysis skills. Other quests are focused around forensic analysis, packet capture analysis, and more. The quests have varying levels of difficulty and complexity, with some quests geared toward beginners, while others include more intermediate and ultimately advanced material."
National Collegiate Defense Competition
"CCDC competitions ask student teams to assume administrative and protective duties for an existing "commercial" network - typically a small company with 50+ users, 7 to 10 servers, and common Internet services such as a web server, mail server, and e-commerce site. Each team begins the competition with an identical set of hardware and software and is scored on their ability to detect and respond to outside threats, maintain availability of existing services such as mail servers and web servers, respond to business requests such as the addition or removal of additional services, and balance security needs against business needs. Throughout the competition an automated scoring engine is used to verify the functionality and availability of each team’s services on a periodic basis and traffic generators continuously feed simulated user traffic into the competition network. A volunteer red team provides the 'external threat' all Internet-based services face and allows the teams to match their defensive skills against live opponents."
DC3 Cyber Crime Challenge
"The annual DC3 challenge is a call to the digital forensics community to pioneer new investigative tools, techniques, and methodologies. Players are challenged to complete a large array of scenario-driven progressive level challenges. The winning team receives an all expense paid trip to the DoD Cyber Crime Conference for community recognition.
Network Forensics Puzzle Contest
The Lake Missoula Group, LLC runs a number of network forensic puzzles online and at major security events such as Black Hat and DEF CON.
Honeynet Project Challenges
"The purpose of Honeynet Challenges is to take [... our findings ...] one step farther. Instead of having the Honeynet Project analyze attacks and share their findings, Challenges give the security community the opportunity to analyze these attacks and share their findings. The end results is not only do individuals and organizations learn about threats, but how to learn and analyze them. Even better, individuals can see the write-ups from other individuals, learning new tools and technique for analyzing attacks. Best of all, these attacks are from the wild, real hacks."
CSAW Security Competition
Polytechnic Institute of New York University hosted yearly competition for high school to Ph.D students.
SANS: NetWars Competition
"SANS NetWars is a hands-on, interactive learning environment that enables information security professionals to develop and master the skills they need to excel in their field."
The CFReDS Project
"NIST is developing Computer Forensic Reference Data Sets (CFReDS) for digital evidence. These reference data sets (CFReDS) provide to an investigator documented sets of simulated digital evidence for examination. Since CFReDS would have documented contents, such as target search strings seeded in known locations of CFReDS, investigators could compare the results of searches for the target strings with the known placement of the strings. Investigators could use CFReDS in several ways including validating the software tools used in their investigations, equipment check out, training investigators, and proficiency testing of investigators as part of laboratory accreditation. The CFReDS site is a repository of images. Some images are produced by NIST, often from the CFTT (tool testing) project, and some are contributed by other organizations."
Digital Forensic Research Workshop
DFRWS regularly conducts a forensic challenge at their yearly conference and currently hosts a MD5 and SHA1 hash collision challenge.
Cyber Security Challenge UK
"Cyber Security Challenge runs national online competitions and raises awareness of cyber learning opportunities and careers. It is designed to excite, inspire and help talented people, of any age, to follow a career in cyber security."
Forgotten Security's CTF Wiki
Links and information about various capture the flag and infosec competitions.
OverTheWire wargames
"The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of funfilled games."

Last updated: $Date: 2016/01/07 14:27:13 $

Back to DRG