I had recently had the opportunity to compete in the Collegiate Penetration Testing Competition, a competition where teams compete to hack networks. Then write a report detailing their findings to improve the network’s security. I was responsible for learning about the Windows ecosystem. Through learning about things like active directory, group policy, and network enumeration, I gained an understanding of how to attack and defend windows computers on a network. I also came up with a post-it note system that we used to keep track of who was working on which machine and the overall network topology. When the competition came, we all felt excited and nervous. Our target was a virtual bank called Dino Bank. Communication is a surprisingly large part of running an effective pen testing team, so every 2 hours, we would pause the team and have everyone check in on what they were working on and if they had encountered any blocks. I found several vulnerabilities on the windows machines, including misconfigured active directory, open FTP servers, as well as weak passwords for user accounts. We each kept detailed logs of what we found so that we could write an extensive report. We ended up placing second in the regional competition we competed at and have gone on to place highly in other pentesting competitions. Linked is our final report.