Developing “Hack The Box” presented at Voxed Days Ticino 2016


What is Hack The Box?

Hack The Box is a game for coders! By hacking into an application with security flaws you earn a flag for each security level you crack. Your score increases as you earn flags as quickly as you can. The more flags you collect, the harder it gets.
To play Hack The Box you only need to be connected to the internet and be able to execute Java code.

Ex Machina first presented Hack The Box at Voxxed Days Ticino 2016 sponsored by us. Voxxed Days is a series of local events focused on Java, web, mobile and JVM languages. Run by groups of senior developers and user group leaders, Voxxed Days brings together internationally renowned and local speakers.

The Development Challenge

The most difficult part of developing a hacking game is to define a set of functionalities that can carry one or more flaws, in increasing degrees of difficulty. The Hack The Box application must be has to be simple and robust, and still work with all flawed functionalities.
The different degrees of difficulty must be appropriate for an event lasting 1-2 days: feasible, not excessively distracting, and not too easy either. The first levels should encourage the n00bs to participate and learn, while the last level should be close to digital Mordor. Each flaw must be hidden, but not too much: Something that could reasonably slip in, and has limited impact. According to the type of event, different kinds of hints or snippets are left in place to adapt the difficulty to the audience and event type. After each functionality is written and tested, the description provides an additional, soft spot to adapt the difficulty of the level.

Fun & Games

Developing a hacking game is fun because it allows looking into the latest versions of various tools and technologies. Hack The Box makes use of java8, spring-boot, bootstrap, thymeleaf, and aws. For many engineers, devs, coders, craftsmen is a great excuse to go back and revisit the basics with a wide breadth, wise hindsight, …and reminisce about the hacking challenges during university!

Lessons Learned

  • Not everyone comes to an event with a laptop. A mobile version is however a bad compromise because it wouldn’t allow for a realistic use case.
  • A hacking game leads to higher quality networking and discussions during events.
  • Technical discussions about the application can lead to new projects because a proof-of-concept can be derived in a very short time.
  • Monkey Island is still one of the best games of all time.

By Marco Celeri and Matteo Piazza

Share on linkedin
Share on whatsapp
Share on facebook
Share on twitter
Share on xing