KU’s Information Security Club, the Jayhackers, participated in the 2016 Central Area Networking and Security Workshop at Fontbonne University in Clayton, Missouri (CANsec). The event brings together researchers and practitioners in network and security-related fields in the central U.S. This year’s CANsec workshop featured a full day of research related presentations and poster events, and a second day for the student cyber defense competition. The KU Information Security Club sent two teams of Jayhackers, each with eight students, to the competition this year, giving more interested students a chance to participate in a real-world scenario in order to strengthen their cyber-security skills.
The first team was comprised of many students who had previously competed in cyber defense competitions and the second team was mostly inexperienced students looking to learn. These two teams comprised a quarter of the blue teams at the event. Teams from Kansas State University, Fontbonne University and others also attended the event.
The competition started with a debriefing session for the competitors, which described the scenario, network infrastructure, scoring and documentation guidelines, and general rules. Once this session concluded, the teams had an hour and a half to setup and harden their networks before the red team (professional hackers) were allowed to begin attacking them. During this time, teams installed updates, patched vulnerable systems and implemented extra security measures in preparation.
After the prep-time had expired, the red team was let loose on the competitor’s networks. The attack phase started slow, as the red team had to run network scans and find vulnerabilities in the competitor’s systems. The teams really started feeling the heat after about three hours, as the red team had found a way in to most of their networks through a defective web application which hosted the web site for the company in the competition scenario.
Despite this major attack, both teams continued to prepare, mitigate, and recover from the red team’s attacks. Nearly seven hours after the beginning of the competition, it was over. The teams waited for a half hour while the final scores were calculated. These scores came as a result of service up-time, documentation, and completion of business-services called ‘injects’ during the competition. The first team of Jayhackers, comprised of club members Cyrus Duong, Jay Offerdahl, Adam Thompson, Alex Ramos, Grant Guillen, Alvin Cheung, Ben Davidson, and Michael Wang, placed second at the event. The second team of Jayhackers, comprised of members Tyler Michels, Ryan Alvarez, Zach Welk, Hayden Balduf, Ellis Springe, Wesley Adams, Noah Brabec, and Luke Dercher, took seventh place.
“I enjoyed learning about the format of the competition by actually getting hands on experience, as well as the fact that we were able to work as a team to bolster our defenses,” said Ben Davidson, a cyber-defense competition rookie.
The Jayhacker’s team captain, Cyrus Duong, is optimistic about the team’s future.
“We have gone from last place to second in a matter of months, and I’m looking forward to our competitions in the spring as we plan to keep preparing and training ourselves and our members as well as we can,” Duong said.
After the event, members from both teams shared their experiences with members of the club who couldn’t attend, as well as with each other. In the end, the competition was a learning experience for even the club’s most knowledgeable members.
The Information Security Club plans to send one team of Jayhackers to Iowa State University’s national cyber defense competition in the spring of 2017, as well as the regional qualifier competition later in the spring 2017 semester.