News

5 min read

Sherlocks Submissions Process: A Step-by-Step Guide

Sherlocks are quickly gaining popularity! Read below to learn more about the steps to submit your own Sherlock and be rewarded.

JXoaT avatar

JXoaT,
Apr 23
2024

In the spirit of creation, we are now opening Sherlocks to community submissions! Hack The Box history of user-created content continues with a blue team twist. Sherlocks gives platform members the experience of diving into an incident in multiple engaging scenarios. 

Solve your first Sherlock

Our content is being played by SOC Engineers looking to stay up-to-date with current trends/threats and beginners getting their first glance at how a security incident plays out. We are even seeing a shift in interest from players who traditionally enjoyed our red-centric content!

There will always be new threats to find, each telling a different story of how compromise can happen in the wild. We’d like you to join us in crafting those stories.  

If you’re interested in creating your own Sherlock and get rewarded for that, here's what you need to know!

How do we differentiate levels? 

Each Sherlock’s story and content should focus on how a user will play through the scenario. All difficulties will contain a list of questions that will guide the user through the investigation process. 

Here’s a high level overview on how we’d differentiate each difficulty:

Very Easy and Easy 🟪🟩

  • Extremely beginner-friendly and concise investigation.

  • The attack life cycle is straightforward; the tools used are easily detectable.

  • High granularity in endpoint logs.

  • No complex reverse engineering is required.

  • Very Easy Typically completed within 1 hour, depending on experience.

  • Easy typically completed within 2-4 hours, depending on experience. 

Medium 🟨

  • Requires intermediate knowledge in defensive security.

  • Complex attack life cycle with multi-step processes and harder detection.

  • Endpoint log granularity varies by attack vector, set by the creator.

  • Expected duration: 4-8 hours, experience-dependent.

Hard 🟥

  • Requires advanced knowledge in defensive security.

  • Extremely complex attack life cycle with advanced/state nation actor tactics.

  • Diverse data types across various OSs and applications.

  • Endpoint log granularity varies by attack vector, set by the creator.

  • Expected duration: Up to 2 days, experience-dependent.

Insane ⬜

  • Requires expert knowledge in defensive security.

  • Highly complex attack life cycle with very difficult to detect/find attacker activity.

  • If malware is involved, it must be unique (not on VirusTotal) and require reverse engineering.

  • Expected duration: Up to 5 days, experience-dependent.

Payment scale 

We want to make your hard work well worth the effort! So here’s a quick breakdown of compensation based on difficulty:

Very Easy  - up to $125 ( 100$ guaranteed, 25$ quality bonus)

Easy  - up to $250 ( 200$ guaranteed, 50$ quality bonus)

Medium - up to $500 (400$ guaranteed, 100$ quality bonus)

Hard - up to $800 ( 650$ guaranteed, 150$ quality bonus)

Insane - up to $1250 ( 1000$ guaranteed, 250$ quality bonus)

Important documents

Terms of Service - It's essential to comprehend what rights you retain and what you transfer to Hack The Box upon content acceptance. By familiarizing yourself with these terms, you ensure that your submissions align with Hack The Box'sBox's requirements and policies, safeguarding both your work and your rights as a content creator.

Sherlock Requirements - Adhering to these guidelines ensures your content is engaging, realistic, and meets HTB's high standards, enhancing users' learning experience. Familiarize yourself with the structured approach to content creation, evidence handling, detailed documentation, and more. 

By following these guidelines, you not only streamline your submission process but also enhance your reputation as a valued contributor to the cybersecurity community. Your adherence to these standards is a testament to your commitment and expertise, earning you respect among your peers. 

Sherlock Writeup Template - Quite possibly the most useful document on this page is the writeup template. This Github repository will show you detailed examples of how your Sherlock questions and write up should look.  

Step-by-Step process and timeline

Sherlocks submitted by our community will be used in HTB for Free, VIP, VIP+ as well as various community or private business CTFs that Hack The Box may organize. New Terms and Conditions will apply that will govern the relationship between the User and HTB, aiming to ensure compliance, security, and integrity in our operations. In brief, the process and timelines will be as follows:

  1. You submit your Sherlock on this page and you accept our General TOS. (more info below)
  2. Our team will do an initial review of your writeup. You will receive an email once this is complete. Once the writeup is accepted, your content will show as provisionally accepted on the site.
  3. The team will conduct testing of your content looking for stability, realism, playability and unintended paths. We may reach out to you if we run into issues. The time from provisional acceptance to the start of testing can range from a few weeks to many months, depending on the queue of submissions.
  4. Once your submission passes through the testing process, if the team wants to release the submission, it will show as Accepted on the site, and you will be asked to sign an SOW with HTB.
  5. Upon signing the SOW, your reward will be paid.
  6. You will be able to track the process of your submission from the platform. The time from acceptance to release is typically a few weeks, but can be up to a few months.
  7. If eligible and dependent on ratings, you may qualify for an additional quality bonus.

Submit your first Sherlock today!

New Challenge & Machine submission process  

The payment options for Machines and Challenges submissions have also been updated! 

For content providers in the US, UK, and EU, you can now choose between regular bank transfer, Wise a Wise(balance/transfer), or PayPal transfer. For content providers elsewhere: You can use Wise (balance/transfer) or PayPal for payments.

Plus, we've increased the payment amounts and made the process smoother, so you get more for your submissions in only one payment! 💸

If you’re a fan of creating these challenges or would like to learn more, please visit here for Machine information and here for Challenges. In the end, we look forward to seeing where your creativity takes you. 


 

Hack The Blog

The latest news and updates, direct from Hack The Box