On March 4th and 5th, KU’s Information Security Club, the Jayhackers, hosted the second annual CyberBlitz cyber defense competition in Eaton Hall. Students from the Edwards Campus, Olathe Northwest and Lawrence High competed alongside members of Fort Riley’s First Infantry Division in a virtual capture-the-flag type event. In this two-day event, teams learned the basics of attacking vulnerable machines to capture other team’s flags, while using their skills and knowledge to defend their own flags. A typical cyber defense competition consists of Blue Teams, Red Teams, White Teams and Green Teams. Blue teams are the competitors, hardening their systems and defending their network. The Red Team is generally composed of professional penetration testers or security enthusiasts. The White Team is the organizers of the competition, and in this case, the judges as well. The Green Team simulates users in a business environment. Blue Teams defend networks from Red Teams while providing services and support to members of the Green Team. At the start of the competition, attendees were randomly placed onto teams with students from other schools and at least one member of the First Infantry Division. “We wanted to give the students a way to network with the people doing this for a living,” said Chris Seasholtz, lead member of the White Team. “It also gave us an opportunity to show high school students what the collegiate version of these competitions look like.” Students spent the majority of their time during the first day of the competition figuring out the layout of their network, creating a plan of attack, hardening their systems and configuring services, such as hosting a website or a file share server. “I enjoyed the fact that the teams were mixed, which really leveled the playing field (with slight differences in skill based on luck) and the injects were insanely fun,” said Daniel Ogran, Vice President of the Edwards Campus Information Security Club. On day two of the competition, things heated up. More teams got services up and went on the offensive. Early in the morning, a team consisting of Lawrence High and Olathe Northwest students led by sophomore Ellis Springe took a large lead over the rest of the competitors by performing a bit of social engineering. Social engineering is the process of manipulating or tricking people, instead of attacking their virtual machines. Ellis and his teammates had successfully taken passwords from other teams in an effort to capture their flags, a typical Red Team tactic. Due to a combination of their services being up for the longest period of time and capturing other team's flags, they were catapulted into first place, where they remained for the rest of the competition. The remaining teams battled it out fiercely for the remaining top spots, specializing their scores to gain points; Service uptime, capturing and defending flags and completing injects. At the end of the day, competitors and members of the club hosting the event were happy with the experience. “As much as this is an event focused at teaching competitors about cyber security, it also teaches us how to host these events better every time,” said Cyrus Duong, the chief technical officer of the Lawrence Information Security Club.
EECS Professors Bo Luo and Fungjun Li and BSIT program director Annette Tetmeyer are the faculty coordinators of the cyber defense competition activities. The department also provides support for the Information Security Club and will be acquiring additional computer servers to support cyber defense classes and competitions like this. These resources will enable the department to host larger events in the future. Anyone interested in joining the club or obtaining more information should send an email to firstname.lastname@example.org