About TCS HackQuest
Technology advancements and increased digital focus expose organizations to greater security challenges. Hacking is now more organized and pervasive, with cyber attackers using various techniques to gain unauthorized access, steal sensitive information, or disrupt digital operations. In the wake of a post-pandemic era, the role of a massive ethical hacking community has become imperative, requiring cyber sentinels to safeguard decentralized systems.
In response to this scenario of heightened cyber risks, it is crucial to set up a formidable and dedicated cyber army to protect digital ecosystem(s). This specialized focus should possess a holistic understanding of how data is stored, moved, and utilized across the digital landscape.
As we navigate this cybersecurity landscape, a crucial question emerges: How can we ensure confidentiality, integrity, and availability of data in the face of evolving challenges?
The TCS Cybersecurity Unit seeks students and enthusiasts passionate about ethical hacking, architecting a secure digital future, and confidently navigating an interconnected world. Join us in this mission for a resilient and trustworthy cyber landscape to shape a secure future, where each keystroke builds a shield against potential cyber risks.
TCS HackQuest 2024, Season 8 Details
|Cyber Security Team
|BE/ B.Tech/ B.Sc/ BCA/ ME/ M.Tech/ M.Sc/ MCA
|0 – 1 Years
TCS HackQuest 2024 Contest Details
TCS HackQuest started in 2016 to unearth talents who excel in playing their favorite game – Catch the Flag! Based on the popular ‘Catch the Flag’ (CTF) format, the contest presents challenges to be completed in 6 hours. The set of challenges will be presented in 3 categories- 1. Beginner, 2- Intermediate, 3-Expert. The participants are free to choose challenges from distinct categories and are encouraged to attempt all challenges across all categories and demonstrate their ability to handle different scenarios. In the end, associates are awarded special prizes and potential job offers from TCS in the cybersecurity unit.
TCS HackQuest 2024 Eligibility
- The Contest is open to students (enrolled in any recognized college /university / academic institute) in India who will be graduating in the academic year 2024 with any of the following degrees in any specialization:
- Bachelor of Technology (B. Tech)
- Bachelor of Engineering (B.E)
- Master of Technology (M. Tech)
- Master of Engineering (M.E.)
- Bachelor of Computer Applications (B.C.A.)
- Master of Computer Applications (M.C.A.)
- Bachelor of Science (B.Sc. – B.S.)
- Master of Science (M.Sc. – M.S.)
- TCS reserves the right to take necessary steps and seek any relevant documents to verify the eligibility of the participants mentioned above.
- The contest will be considered void if participation in the contest and/or conducting the contest is prohibited by law.
- Participants can take part in the contest only as an individual. Team/Group participation is NOT allowed.
- TCS HackQuest reserves the right to assess each participant’s eligibility and compliance with the rules at any point during the validity of the contest. Participants must promptly respond with any necessary evidence to verify their eligibility and/or compliance upon TCS’ request. TCS reserves the right to refuse entry to any participant and shall not be obliged to provide any explanations thereof.
- There are no participation/registration/submission/contest related fees. However, expenses, if any, arising from an individual’s participation in the contest shall be borne by that individual. TCS will not sponsor or reimburse any such expenses.
Contest Structure, Submission Shortlisting, Evaluation, Selection and Judging
TCS HackQuest 2024 Registration
- Once the registration window is open, the participants are required to register for the contest on the Site (https://www.hackquest.tcsapps.com) with a valid TCS NextStep reference ID (CT/DT number).
- To create a valid TCS NextStep reference ID (CT/DT number), participant needs to login to the TCS NextStep (https://nextstep.tcs.com/campus/) in the ‘IT’ section (Not BPS), fill the required fields, and submit. The participant will receive a pop-up with the TCS NextStep reference ID (CT/DT number). TCS NextStep reference ID (CT/DT number) is mandatory for participating in the contest.
- Apart from the TCS NextStep reference ID (CT/DT number) generated through TCS Next Step, the participant will receive a unique credential to take part in the contest. This credential is of utmost importance and should not be shared with any other participants.
- During registration, participants interested in the contest will register on the site along with the necessary profile details.
TCS HackQuest 2024 Selection Process
- The contest will be conducted in two rounds. The first round (“Round 1”) is an online ‘Catch the Flag’ competition where all participants can take part and they will be shortlisted for next rounds basis qualification.
- Participants shortlisted after ‘Round 1’ will move to the second round (“Round 2”), which will be conducted over (Microsoft TEAMS/Webex) and participants will have to keep their camera switched 'ON' during the entire period of the 'Round 2'
- Final round will be conducted in person. It will be a Jury evaluation round at TCS premises. The details of which will be intimated to the qualified participants.
- TCS HackQuest will arrange for remote modalities of evaluating a select list of participants from Round 1. Shortlisted participants are required to stay tuned for real-time updates on Round 2, dates, format etc. Participants shall be solely responsible for keeping track of the announcements and participating accordingly.
- This will be an online challenge-based test where the participants would be required to log on to an online application with a set of challenge statements. These tests will require the participants to demonstrate their ethical hacking skills and their specific competency in security challenges. The set of challenge statements will be presented in three (3) categories:
- Beginner level challenges: This category of challenges has been meticulously crafted for those with limited to no prior experience. These challenges will be based on the fundamentals of cybersecurity, know-how of fundamental tools and techniques. Challenges focus on basic concepts like (not necessarily limited to) password cracking, simple encryption, and basic network vulnerabilities.
- Intermediate level challenges: This set of challenges has been designed to test your problem-solving abilities and creative thinking. As you tackle these challenges, you will have to demonstrate your knowledge of advanced cybersecurity tools and methodologies. The challenges include more advanced topics (not necessarily limited to) such as web application security, SQL injection, and network analysis. Will require a deeper understanding of common vulnerabilities and exploitation techniques.
- Expert level challenges: This set of challenges has been categorically created to push you to the limits of knowledge and ingenuity. These challenges will demand resourcefulness, deep understanding of cybersecurity principles, and the ability to think out of the box. The challenges are complex and may involve topics (not necessarily limited to) like reverse engineering, advanced cryptography, and sophisticated penetration testing. Attempting these would require a comprehensive understanding of multiple cybersecurity domains.
- N.B. - The participants are free to choose challenges from distinct categories and are encouraged to attempt all challenges across all categories and demonstrate their ability to handle different scenarios. The URL of the application will be shared before the contest begins.
- Round 1 will be for six (6) hour duration during which all the participants are required to use their skills and solve the challenge statement(s) (according to the category chosen) and submit the flags captured in the online portal.
- Post solving a challenge statement, the participant needs to capture a screenshot of the flag with the timestamp visible and prepare a detailed report in the template provided on the site with a step-by-step approach for solving a particular challenge statement.
- The detailed report should be uploaded on the site before the deadline as mentioned on the site. Uploading the report on the site is mandatory and any participant failing to upload the report will NOT be considered for further evaluation. This will result in the automatic disqualification of the participant from the rest of the contest. Please also make sure that your report is original and does not match with any other participant’s report(s) in which case both the participants would be rendered ineligible for further rounds in the contest. The participant should maintain the maximum size requirement for a report provided on the site.
- Participants are free to use tools of their choice. However, usage of tools that send a huge amount of traffic or tools that tamper with the site and/or any of its application(s)/functionalities is strictly prohibited. If any participant is found violating this, he/she will be disqualified immediately from the contest. Participants are advised to take note of the recommended tools provided by TCS on the Site.
- The submissions will be evaluated based on the following criteria:
- Flags captured
- Quality of report submitted
- Approach followed for capturing the flags
- Participants selected from ‘Round 1’ will be eligible to participate in ‘Round 2.’ Round 2 will be conducted in a remote environment and will be proctored by the TCS HackQuest team.
- Activity 1: Penetration testing on hosted challenges
- The participant would be provided with the hosted challenge statements which he/she is expected to solve by using his/her intuitive skills. Challenge statements in this round might require expertise in the following areas as well:
- System exploitation
- Penetration testing of web applications
- Mobile Security
- Digital forensics
- Threat hunting
- Incident response
- Source code analysis
- Scoring will be based on the flags captured by the participants in above mentioned topics
- Activity 2: Case Explanation (3-4 hours) – Remotely
- Shortlisted participants will be invited for a case explanation round. In this round, participants will be required to explain their approach to solving challenge statement(s) and answer the queries posed by the jury panel.
Participants trained in the below security domains will have an added advantage while participating in the contest:
- Application Security
- Network security
- Java/J2EE, PHP, Python. GO
- Information security and risk management
- Ethical hacking
- Digital forensics
- Threat hunting
- Malware Analysis/Reverse Engineering
- Any security specific certification like Security+, CEH, ISO 27001, etc.
The participant represents and warrants that:
- the submission made/submitted is an original work or invention created solely by him/her;
- he/she owns all rights in the submission or otherwise have right to submit the submission;
- the submission does not violate any contractual obligation; and
- the submission does not (i) violate any applicable laws and/or (ii) cause any form of plagiarism/infringement whether in full or in part.
The submission must not contain content:
- that is inappropriate, indecent, obscene, violent, hateful, tortuous, defamatory, slanderous
- that promotes racism or hatred against any group or individual
- that promotes discrimination based on race, sex, religion, nationality, disability, sexual orientation or age
- that is unlawful, in violation of or contrary to the laws or regulations in the state or province or region where the submission is developed.
- the right to alter the duration of contest rounds at any time, without providing any justification. Such amendments will be communicated to the participants prior to such change.
- the right to reject all entries for a certain challenge statement that does not meet the judging and assessment criteria.
- the absolute right to disqualify a participant. If it considers that the participant/team has used improper means to participate in the contest; any information provided by the participant is found to be incorrect, inaccurate, false, misleading in any manner; or due to any other valid reason that may nullify the participant’s participation/win in the contest. TCS will be the sole authority to decide the winners of the contest and the decision of TCS HackQuest will be final and binding on all the participants.
- The submissions will be evaluated by a jury panel consisting of experts from the TCS Cybersecurity team.
- Participants agree that the evaluation criteria listed above are indicative, and the jury panel will be free to use their expertise, experience, and judgment to evaluate the submissions.
- Mere participation in the contest and sending/submitting the submissions do not entitle the participant to win the contest.
- The selection process may vary and shall be as per TCS HackQuest sole discretion.
- The participant or any third party shall have no right to question the process of selection.
- TCS HackQuest may determine the correctness, quality, and validity of the submissions at its sole discretion.
- The Participant hereby agrees and undertakes that mere announcement/declaration of being announced as a winner shall not entitle him/her to the prize/award/reward. Only upon complying with the Rules and fulfilling all conditions mentioned herein, to the satisfaction of TCS HackQuest, shall the winning be validated.
- The top 10 Participants from Round 2 will be invited to attend the award ceremony and interact with TCS leadership.
- The top performing Participants who clear Round 2 may stand a chance to receive ‘Ninja or Digital’ provisional job offers subject to interview process and other selection criteria as per TCS HackQuest sole discretion and policies in effect.
- Total prizes worth up to INR 5 Lakhs are given to the top-performing participants.
- Certification of merit will be awarded to all top performing Participants.
- Exceptional performers will be given a chance to work with the TCS Cybersecurity Centre of Excellence.
TCS may substitute the prizes/awards/rewards with others as determined by TCS in its sole discretion. Participants agree that no liability shall attach to TCS and/or its collaborating partners as a result thereof and that the exercise of such discretion shall not result in any compensation being payable or paid to any Participant or other person.