This website contains a series of security challenges. We do not expect people to finish all of them (although it's great if you do!), they are to gauge strengths/weaknesses as well as interest in security. You can get started by carefully examining the website.
Challengers are permitted to attack the server instance of the canyouhack.us domain and any ip addresses that this domain is pointed to. This includes anything explicitly called out in the challenges, including port scanning. Prohibited activities include denial-of-service attacks, port flooding, social engineering attacks, or DNS service attacks.
Please do not post public write-ups, we use this site as a way to vet potential new hires and provide exercises for those who want to learn more about security. Creating and hosting challenges takes a fair bit of work and we don't want it to go to waste. If you do feel compelled to do a writeup feel free to send it our way and maybe score an interview.
If you are working on these challenges and are interested in applying for a position at Security Innovation (full time or intern) we would suggest staying away from write-ups. You will miss out on the learning that comes from trial and error and will have a more difficult time in the interview process. Take your time, enjoy the challenges, and best of all, have fun!
We look forward to hearing from you!debug