Attack/Defense is a standardized format of cyber competition involving real-time offense and defense:

• Teams receive identical custom services
• Secure your services while exploiting others'
• Maintain service uptime
• Balance between attack and defense strategies

Each team is provided with custom-built services:

• Dockerized environments
• Various programming languages and frameworks
• Contain intentional vulnerabilities (e.g., SQL injection)
• Exploit vulnerabilities to extract flags

The central system managing the competition:

• SLA checker runs every tick (usually 30-120 seconds)
• Places flags, retrieves previous flags, validates service operation
• Publishes list of flag IDs for live flags
• Flag IDs are unique identifiers (e.g., username, post ID)

Points are awarded based on attack and defense success:

• Gain points by stealing and submitting flags
• Lose points when your flags are stolen
• Earn points for passing service availability checks
• Balance offensive and defensive actions for maximum score

Effective strategies for success:

• Automation is key in this fast-paced environment
• Use "throwers" to automate flag stealing and submission
• Query scoreboard API for new flag IDs
• Execute exploits against all other teams
• Collect and analyze network traffic on your services
• Identify and counter exploits used by other teams

Attack/Defense competitions enhance various cybersecurity skills:

• Source code analysis
• Incident response
• Exploit development
• Automation and scripting
• Network security controls
• Teamwork and rapid communication
• Balancing offensive and defensive actions