Where was this idea for Pathwar born ? πŸ΄β€β˜ οΈ

The Pathwar project is a platform that was born out of the ECS (Epitech Security Lab) under the name of Thot Project in 2010, the platform was intended as an anarchic hub for learning cyber … anarchic & free because it was allowed to do anything within reason, such as leading opponents down false trails or worse, removing access to a level to block their path.

A special feature of this project was the Hall of Deface: when a user validated a challenge, he could activate the deface option to display a screenshot of his work of art in the Hall of Deface!

Other features included the Hall of Ownage

A new journey 🦜

Pathwar is taken over by Manfred Touron, with the aim of creating a hub for learning about cybersecurity, with several objectives in mind:

  • Enable challenges/courses to discover new vulnerabilities
  • Develop an anti-cheating randomization system for challenges
  • Enable anyone to easily create their own challenges
  • Allow anyone to host their own Pathwar
  • Competition system with seasons based on the e-sport model
  • Build a CV through actions performed on Pathwar

With this in mind, the project was developed from scratch, drawing inspiration from existing features

The current state βš“

I’m currently in charge of project development. The project is still under development, but already boasts a number of features

  • Script injection system for challenge initialization
  • Competition system with seasons based on the e-sport model
  • Event Driven Architecture for high resilience
  • An organizational system for team play
  • CV building through the completion of various challenges
  • The project is totally open source, and anyone can easily create challenges.

Here are a few images of the user interface:

… Coming soon

The technical side of the stage πŸ‘·

More than just an interface, pathwar features an ingenious back-end that overcomes many of the problems encountered by competing platforms. Pathwar was built to support strong growth while offering an exceptional user experience.

Pathwar is developed in Golang, and has a gRPC API for its microservices to communicate, as well as an HTTP gateway to communicate with the web client.

Everything has been designed as an Event-Driven Architecture, meaning that every action is recorded before being processed, making it possible to roll-back the state of Pathwar at any time, a significant advantage in terms of resilience for a hacking platform.

Pathwar-standard containerized challenges are made available via a Nginx reverse proxy. When a challenge is started, the Pathwar magic happens and an initialization script is injected to randomize the challenge.

The pwsso module enables Pathwar to plug into any authentication provider, the default being auth0, and the public key is retrieved from the iss claim to verify tokens.

On the web platform side, we’re using JS/React/Tabler with Redux to manage states.

We use postgreSQL for the database.

What does tomorrow hold? β›΅

Tomorrow, Pathwar will support challenges of all kinds, and will be the platform for building a cyber-security CV, through an unprecedented applied skills tracking system.

Pathwar aims to become the benchmark platform for serious cyber-security training, so don’t hesitate to follow the project.

Github

Discord

Twitter