TCS HackQuest Season 8 | Apply Now

Registration

1. Once the registration window is open, the participants are required to register for the contest on the Site (https://www.hackquest.tcsapps.com) with a valid TCS NextStep reference ID (CT/DT number).
   • To create a valid TCS NextStep reference ID (CT/DT number), participant needs to login to the TCS NextStep (https://nextstep.tcs.com/campus/) in the ‘IT’ section (Not BPS), fill the required fields, and submit. The participant will receive a pop-up with the TCS NextStep reference ID (CT/DT number). TCS NextStep reference ID (CT/DT number) is mandatory for participating in the contest.
   • Apart from the TCS NextStep reference ID (CT/DT number) generated through TCS Next Step, the participant will receive a unique credential to take part in the contest. This credential is of utmost importance and should not be shared with any other participants.
2. During registration, participants interested in the contest will register on the site along with the necessary profile details.

Structure

1. The contest will be conducted in two rounds. The first round (“Round 1”) is an online ‘Catch the Flag’ competition where all participants can take part and they will be shortlisted for next rounds basis qualification.
2. Participants shortlisted after ‘Round 1’ will move to the second round (“Round 2”), which will be conducted over (Microsoft TEAMS/Webex) and participants will have to keep their camera switched ‘ON’ during the entire period of the ‘Round 2’
3. Final round will be conducted in person. It will be a Jury evaluation round at TCS premises. The details of which will be intimated to the qualified participants.
4. TCS will arrange for remote modalities of evaluating a select list of participants from Round 1. Shortlisted participants are required to stay tuned for real-time updates on Round 2, dates, format etc. Participants shall be solely responsible for keeping track of the announcements and participating accordingly.

Round 1

• This will be an online challenge-based test where the participants would be required to log on to an online application with a set of challenge statements. These tests will require the participants to demonstrate their ethical hacking skills and their specific competency in security challenges. The set of challenge statements will be presented in three (3) categories:
  • Beginner level challenges: This category of challenges has been meticulously crafted for those with limited to no prior experience. These challenges will be based on the fundamentals of cybersecurity, know-how of fundamental tools and techniques. Challenges focus on basic concepts like (not necessarily limited to) password cracking, simple encryption, and basic network vulnerabilities.
  • Intermediate level challenges: This set of challenges has been designed to test your problem-solving abilities and creative thinking. As you tackle these challenges, you will have to demonstrate your knowledge of advanced cybersecurity tools and methodologies. The challenges include more advanced topics (not necessarily limited to) such as web application security, SQL injection, and network analysis. Will require a deeper understanding of common vulnerabilities and exploitation techniques.
  • Expert level challenges: This set of challenges has been categorically created to push you to the limits of knowledge and ingenuity. These challenges will demand resourcefulness, deep understanding of cybersecurity principles, and the ability to think out of the box. The challenges are complex and may involve topics (not necessarily limited to) like reverse engineering, advanced cryptography, and sophisticated penetration testing. Attempting these would require a comprehensive understanding of multiple cybersecurity domains.
• N.B. – The participants are free to choose challenges from distinct categories and are encouraged to attempt all challenges across all categories and demonstrate their ability to handle different scenarios. The URL of the application will be shared before the contest begins.
• Round 1 will be for six (6) hour duration during which all the participants are required to use their skills and solve the challenge statement(s) (according to the category chosen) and submit the flags captured in the online portal.
• Post solving a challenge statement, the participant needs to capture a screenshot of the flag with the timestamp visible and prepare a detailed report in the template provided on the site with a step-by-step approach for solving a particular challenge statement.
• The detailed report should be uploaded on the site before the deadline as mentioned on the site. Uploading the report on the site is mandatory and any participant failing to upload the report will NOT be considered for further evaluation. This will result in the automatic disqualification of the participant from the rest of the contest. Please also make sure that your report is original and does not match with any other participant’s report(s) in which case both the participants would be rendered ineligible for further rounds in the contest. The participant should maintain the maximum size requirement for a report provided on the site.
• Participants are free to use tools of their choice. However, usage of tools that send a huge amount of traffic or tools that tamper with the site and/or any of its application(s)/functionalities is strictly prohibited. If any participant is found violating this, he/she will be disqualified immediately from the contest. Participants are advised to take note of the recommended tools provided by TCS on the Site.
• The submissions will be evaluated based on the following criteria:
  • Flags captured
  • Quality of report submitted
  • Approach followed for capturing the flags

Round 2

• Participants selected from ‘Round 1’ will be eligible to participate in ‘Round 2.’ Round 2 will be conducted in a remote environment and will be proctored by the TCS team.
• Activity 1: Penetration testing on hosted challenges
• The participant would be provided with the hosted challenge statements which he/she is expected to solve by using his/her intuitive skills. Challenge statements in this round might require expertise in the following areas as well: 
  • System exploitation
  • Penetration testing of web applications
  • Mobile Security
  • Digital forensics
  • Threat hunting
  • Incident response
  • Source code analysis
  • Scoring will be based on the flags captured by the participants in above mentioned topics                   
• Activity 2: Case Explanation (3-4 hours) – Remotely
• Shortlisted participants will be invited for a case explanation round. In this round, participants will be required to explain their approach to solving challenge statement(s) and answer the queries posed by the jury panel.

Domains

Participants trained in the below security domains will have an added advantage while participating in the contest:

• Application Security
• Network security
• Java/J2EE, PHP, Python. GO
• Information security and risk management
• Ethical hacking
• Digital forensics
• Threat hunting 
• Malware Analysis/Reverse Engineering 
• Any security specific certification like Security+, CEH, ISO 27001, etc.

The participant represents and warrants that:

• the submission made/submitted is an original work or invention created solely by him/her;
• he/she owns all rights in the submission or otherwise have right to submit the submission;
• the submission does not violate any contractual obligation; and
• the submission does not (i) violate any applicable laws and/or (ii) cause any form of plagiarism/infringement whether in full or in part.

The submission must not contain content:

• that is inappropriate, indecent, obscene, violent, hateful, tortuous, defamatory, slanderous
• that promotes racism or hatred against any group or individual
• that promotes discrimination based on race, sex, religion, nationality, disability, sexual orientation or age
• that is unlawful, in violation of or contrary to the laws or regulations in the state or province or region where the submission is developed.