The Great British Hack Off, presented by the good folks at OWASP Reading, proved once again that when you deliver hands-on security challenges to a passionate community the results are unforgettable. OWASP chapters around the world share a mission: to improve the security of software through community-driven projects, education, and collaboration.
The Reading chapter showed just how powerful that mission becomes when put into practice inside a cyber range. Instead of slides and theory, participants were given access to CMD+CTRL’s cyber ranges -- realistic environments designed to mirror everyday web applications with flaws deliberately built in. The challenges may be simulated, but the exploits, techniques, and lessons are very real.
The event featured two ranges designed to meet players at different levels:
From the very start, the energy in the virtual room was infectious. Participants didn’t just poke around casually, they dove headfirst into the ranges, tampering with URL parameters, exploiting XSS vulnerabilities, dumping database tables, and modifying HTML to escalate privileges and gain unauthorized user access. What made the event so powerful wasn’t just the technical discoveries, but the shared moments of realization, camaraderie, and problem-solving. There’s something uniquely engaging about struggling with a vulnerability, finally cracking it, and knowing that dozens of others are experiencing that same rush of success at the same time. That is what makes cyber ranges more than just technical tools -- they help build communities.
The competition was fierce, with the scoreboard becoming a central character in its own right. For much of the evening, it was a tight race between adi105 and chris. adi105 racked up 5,560 points, while chris wasn’t far behind with 5,070. The two seemed destined for a photo finish, with participants cheering them on in the chat and speculating about who would come out on top. By the time the event wrapped up, it looked like adi105 had a slight edge. But one of the great features of CMD+CTRL ranges is that play doesn’t stop at the end of the scheduled event. With extended access, participants can come back after the official end time to continue working through the challenges, and even change the leaderboard. And that’s exactly what happened.
As the evening wore on, more stories began to emerge. One of the most notable came in the form of a returning player: FROSTEDMONOTONY. A familiar name from past ranges, this seasoned hacker dusted off his skills and dove straight into The Gold Standard. Despite being away from the action for a while, he solved an impressive 49% of the challenges. That statistic may sound modest if you don't know how advanced The Gold Standard vulnerabilities are. We’re not exaggerating when we say the expert ranges humble even the most experienced participants. The fact that FROSTEDMONOTONY managed to solve nearly half of them speaks volumes about his skill and determination. And it was a reminder to everyone else that even if you think you’ve “mastered” a skill set, The Gold Standard will have something new to teach you.
As the other participants were celebrating the evening’s highlights and perhaps getting some much-needed rest, one determined player returned to the range overnight. Peb quietly but powerfully stormed through both Shadow Bank and The Gold Standard, posting a jaw-dropping score of 12,002 points. Peb not only captured the top spot on the leaderboard, but also solved 70% of the Gold Standard challenges, a feat that instantly earned bragging rights and admiration across the community. It was the kind of experience that perfectly illustrates how cyber ranges are more than just games -- they provide opportunities for self-paced learning that pushes players beyond their limits and garner attention from the entire community.
The rest of the leaderboard was filled with a colorful cast of characters. MountainMonk, ZAMB, Chaoshead23, and MastaCrafta were among the names that etched themselves into the event’s history, each finding their own victories and struggles in the ranges. Part of the fun of these events is the mystery behind the usernames. Some players are open about their identities, while others maintain a level of anonymity, adding to the sense of intrigue. But perhaps the most puzzling handle of the night belonged to mj. Whispers quickly circulated among proctors. Was mj concealing their identity as an NBA Hall of Famer turned hacker? We may never know the truth, but it added a lighthearted mystery to the evening that matched the playful tone of the event.
What became clear through the evening is that while racking up points and ascending the leaderboard bring excitement, that's not the real prize. The true value of the cyber range event lies in the lessons learned, techniques practiced, and confidence gained. Tampering with URL parameters or modifying HTML to gain access may seem like small victories in a game environment, but in the real world, they represent the techniques attackers use every day. By practicing these attacks in a safe, controlled environment, participants not only improve their technical skills but build the mindset needed to anticipate and defend against real-world threats. It’s this combination of education and entertainment that makes cyber ranges such powerful tools, and why OWASP chapters are embracing them as part of their mission.
If you’re in the Reading, UK area, be sure to check out OWASP Reading’s upcoming events. Their commitment to hands-on, practical education is a model for how local chapters can make a global impact. If you’re considering hosting a cyber range event for your organization, now is the time -- CMD+CTRL is committed to supporting collaboration and knowledge-sharing across industry and community groups like local OWASP chapters, with immersive training experiences. You don’t need to be a large organization or have a massive budget. What you need is curiosity, community spirit, and a willingness to learn. If that sounds like you, reach out today through our Slack channel and we’ll help you get started.
Most importantly, the Great British Hack Off reminded us that cybersecurity doesn’t have to be intimidating or abstract. It can be fun, engaging, and collaborative. The skills participants gained will stick with them far longer than a slide deck ever could. They’ll remember the thrill of finding a vulnerability, the camaraderie of working alongside others, and the satisfaction of seeing their name climb the leaderboard. That’s the kind of learning experience that leaves a lasting impact.
And the fun isn’t over . . . the Summer of Cyber Ranges continues with our next big event:
Test your skills, learn something new and join a global community of security enthusiasts who are preparing for the future of security. Don’t miss your chance to be part of the action. Register now.