Panoply, a Network Security Competition, is a network assessment and network defense competition combined into a single event. Teams of students compete for control of common resources and the critical services on those resources. Once a team takes possession of a resource, they must secure that resource against attacks from other teams and maintain the critical services running on the resource. Teams accumulate points for controlling and operating critical services such as SMTP, DNS, HTTP, HTTPS, SSH, and so on.
Panoply is a timed competition event. At the beginning of the competition, common resources are available for teams to scan, assess, and penetrate. To claim ownership of a service, teams must plant their flag, an assigned hexadecimal string, inside the banner of the service. An automated scanner detects ownership changes and awards ownership of the service to the team whose flag appears in the service banner. At random intervals, an automated scoring engine checks the status and functionality of all critical services. If a team has ownership of a functional critical service during a successful service check, that team is awarded points for owning and maintaining a critical service. Teams accumulate points for each critical service they control and continue to accumulate points as long as they own and maintain those critical services. Teams that fail to secure resources and services they have captured may have them taken away by rival teams. Throughout the competition new resources are added to the common pool, forcing teams to choose between defending existing assets and going after new assets. The team with the highest point total at the end of the competition wins.