CfIA Student Team won 2017 Cyber Defense Competition
A team of undergraduate students at the Center for Information Assurance (CfIA), recently formed a student Organization (RSO) open to all U of M students. Nu11t3st3r (pronounced "Nulltester") won 1st place in the CANSec Student Cyber-Defense Competition on October 29, 2017 at the Missouri University of Science and Technology in Rolla, Missouri. The team from Nu11t3st3r, who named themselves Johnson & Johnson, was comprised of six Computer Science majors (Berkeley Willis, McKittrick Swindle, Jon Walter Cobb, Robert Edstrom, Carrie Atkins and Craig Miller). While the core members have participated in several competitions in the past, this is their first year competing as an official RSO.
This competition focused on cyber defense and was divided into three major stages. In the first stage, which can be described as the Preparation Stage, each team was given a one-hour time limit and a vulnerable virtual machine. Within the given time frame, each team was tasked with repairing as many weaknesses as they could find and reactivating services. Once the initial time limit expired, the competition moved into its second stage.
During this stage, which could be described as an Active Defense/Offense Stage, teams were allowed to continue working on the defense of their machines; however, a new element called the Red Team was added to the competition. The Red Team was essentially a team of hackers who attempted to breach each of the competing team's defenses in an effort to "Capture the Flag." Flags, which are akin to unique files, are hidden within the services that the competing teams are defending. Losing flags meant that a hacker had accessed a high enough privilege that they could disrupt services or steal sensitive information, which would ultimately result in the loss of points. The red team remained active until the end of the competition.
The final stage began during the final 30 minutes of the competition. At this point, teams were allowed to attack each other in what can only be described as a free-for-all. Competing teams were tasked with not only fending off the attacks of their fellow competitors, but also the attacks of the previously mentioned Red Team. In addition, each team could only attack another team once they received permission to do so from their CEO, who was assigned to them from amongst the University's staff. By this point, Johnson & Johnson had received a lot of points for both completing extra anomaly challenges and maintaining their service connections, so they were target number one for the other teams. Unfortunately for one opposing team, one of our observant students noticed that they had made the fatal error of having their username and password posted as their image. Johnson & Johnson was able to use this login information to later delete the other team's virtual machines. Maintaining their services led Johnson & Johnson to the win, with a combined score of 597 points, leaving their next closest competitor, the Louisiana Hot Snakes, behind with a score of 582.5, a result of only having a few of their services running throughout the competition.
"Our student team is very hardworking and knowledgeable in cyber defense; they are continually doing well in such competitions and making us proud," said the Director of the Center, Professor Dipankar Dasgupta.
For more information about the CfIA, visit https://www.memphis.edu/cfia/. If you would like to learn more about this student organization, then please contact Berkeley Willis for more information at firstname.lastname@example.org