How a Hacker Compromised a Server in Under Four Hours

In September 2013, we ran a live server exploitation exercise to see how long an unpatched and minimally configured cloud server instance could survive against financially motivated attackers when connected directly to the Internet. The exercise, referred to as The Gauntlet throughout the capture-the-flag-style contest, ran for 23 days across a collection of Microsoft Windows and Linux-based servers with varying combinations of applications and application frameworks installed. Facilitated by our friends at Bugcrowd, the Gauntlet saw the capture of a total of 35 flags across the pool of targets and the successful capture of two flags in under 4 hours.