Does the use of automated tools include software like nessus, nmap and hydra?
In a way: yes. But then you’ll probably don’t need them anyway (see point 3 below). In the rare opportunities where you might find them useful, you can apply them in your local network without any restrictions but you shoudln’t use them extensively on other team’s network. If you do, limit their bandwidth and aggresiveness so that you don’t DoS other parties or the VPN-server (as it’s the routing bottleneck). A rule of thumb(!) is, that you may use them as long as you don’t start more than 10 TCP/Connections per second and don’t waste the VPN-server’s bandwidth (bottleneck), i.e. try to use less than 1MBit/s for scanning and such. But again: you’ll most probably don’t need scanning because experience says that hacking into other team’s workstations and routers is typically impossible unless you own an unpublished zero-day exploit. In addition, hacking into those machines doesn’t get awarded with scores. Anyway, you’re free to do that if you want to. • Is password cracking allowed? Yes.
