Empowering Cybersecurity Awareness: Looking back at Adobe HackWeek 2023
By Sai Kiran Battaluri, Product Security Engineer
Hosted by the Adobe Security team during Cybersecurity Awareness Month, Adobe HackWeek 2023 presented an opportunity not only to educate but also to infuse a culture of security across Adobe. HackWeek featured engaging activities, including Capture the Flag (CTF) challenges and a virtual hacking event tailored to involve every Adobe employee and nurture their understanding of crucial security concepts. In this blog, I’ll share how our team made Adobe’s HackWeek a success and describe some of the event’s top outcomes.
Preparation
The goal of HackWeek was to instill a deep-seated understanding of cybersecurity within the company. To realize this vision, we curated a custom-made CTF experience, offering 10 different cybersecurity challenges. Ranging from beginner-friendly to advanced levels, these challenges aimed to probe the depths of participants’ problem-solving skills, Open-Source Intelligence (OSINT) prowess, cryptography expertise, and overall cybersecurity acumen.
Alongside the CTF, HackWeek also introduced a virtual hacking event spanning five different Adobe products. This dual-benefit initiative helped security enthusiasts across Adobe uncover vulnerabilities in a real-world setting while providing product teams with proactive insights into potential threats.
To encourage further engagement and participation, the HackWeek team focused on gamifying the platform. Real-time leaderboards let participants see where they stood in relation to others and distinctive badges crafted using Adobe’s new Generative AI product, Firefly, were awarded to category winners. To generate excitement, the platform featured live updates on CTF completions and featured discovered vulnerabilities.
Acknowledging security risks associated with custom or open-source scripts, the team based the entire contest on a specially designed platform to pre-emptively address any concerns. Participants could access a sandbox environment provisioned with cloud machines (Kali Linux, Ubuntu, or Windows) embedded with necessary security tools. This helped to ensure a risk-free avenue for tackling challenges without jeopardizing Adobe’s production assets.
Mission Accomplished
HackWeek surpassed all expectations, achieving active participation across Adobe from both security and non-security domains. Of the participants, 169 individuals earned spots on the leaderboard and 10 participants conquered all challenges, showcasing their comprehensive grasp of a wide range of cybersecurity issues.
HackWeek Winners:
- Nitesh, Senior Staff Security Researcher, Document Cloud, United States
- Mathias, Senior Computer Scientist, Photoshop Web, Hamburg, Germany
- Marius, Threat Hunter, Legal, Security & Policy, Romania
Badges for HackWeek Winners –
Badge for CTF Wizard: Solving the Hardest CTF Challenge –
Looking ahead, we’re excited to continue planning and hosting our annual HackWeek events to raise awareness about cybersecurity. In future events, we aim to design challenges that make it easy for non-security professionals to understand common security issues. We’ll also have challenges focused on specific attacks we’ve seen in Adobe. The goal is to show developers how these attacks work, how easy they are to exploit, and help them learn to write more secure code in the future. Stay tuned for more impactful initiatives from Adobe’s cybersecurity endeavours.
What’s on Your Mind? We Want to Hear from You!
Your opinion matters to us. Help shape the future of our blog by sharing your ideas and preferences. Click the link below to take a quick survey and tell us what you’d like to read about next.
