# Exam Info

#### **60 points**

1. 3 independent targets
   1. 2-step targets (low and high privileges)
   2. Buffer Overflow may (or may not) be included as a low-privilege attack vector
   3. 20 points per machine
   4. 10 points for low-privilege
   5. 10 points for privilege escalation

#### **40 points (Active Directory)**

1. 2 clients
2. 1 domain controller
   1. Active Directory set
   2. Points are awarded only for the full exploit chain of the domain
   3. No partial points will be awarded