Scoring systems
There are multiple approaches that can be taken to scoring. The intention in all scoring systems should be to encourage good behavior for real-life engagements. Emphasis should be put on accuracy, completion, reporting, and breadth of knowledge. Yes, being 1337 is important, and smashing everything tooth and nail is admirable, but that's not the point of the exercise. If you're already into bending systems over your knee, perhaps you should seek a greater challenge (or take on a new skillset; teach yourself malware development, and go work for some shady people—they pay better anyway). So, here are some suggestions for scoring methods:
- Fixed point exploits: This is super simple. There are x number of exploits out there in the network. y of them are pretty simple, so they are worth 10 points. z of them are moderate, so they are worth 20 points. The last one is impossible, so it's worth 100 points. This kind of arrangement is good for someone to quickly...