CyberSquire: Symantec HigherEd Cyber Competition Challenge

CyberSquire was proud to serve as the host facility for Syracuse University’s involvement in the Symantec Higher Ed Cyber Competition Skills Challenge -- a two-day event – that ran from October 19 @ 8:00AM until October 20, 2017 at 5:00PM.

The Syracuse team was comprised of four professionals currently in the M.S. Cybersecurity program: Vishtasp Jokhi; Sirisha Prakash; Shatadiya Saha; and Priyank Thavai.  For this competition, the team had to progress through three levels, each with varying degrees of difficulty:

  • Level One:
    • Buffer overflow attack
    • A buffer overflow is a common attack vector wherein the program attempts to write data to a buffer that exceeds the memory stack allocation and thus causes buffer overruns to adjacent memory locations.
  • Level Two:
    • Compromising a file-sharing website and its underlying database.
    • This was significantly more challenging than the buffer overflow, Level One.
    • The team was given access to a pre-configured virtual machine and was required to use the tools therein.
  • Level Three:
    • Access/Privilege Escalation
    • This was also using a pre-configured VM
    • The database was a property-rental website
    • In addition to the complexity of this, time was an issue (or the lack thereof)

Some of the highlights/benefits from this event:

  • The ability to work as a team with members providing varying levels of expertise – the entire competition was heavily focused on the team aspect and thus close coordination and a true “team-effort” was paramount to success
  • The difficulty increased significantly between levels, this was beneficial in that level one was a good introduction to the exercise and Levels two and three helped the team to focus and combine their unified strengths and knowledge to tackle the challenges they were presented.

We hope to sponsor/host many more of these skills competitions going forward.  These competitions help the students gain experience in real-world (simulated) scenarios which underscore the value of academic theory merged with actual attack and defend vectors.

CyberSquire and SU – helping to bridge the divide between academia and industry.

For more information on CyberSquire please visit our website: http://www.CyberSquire.com

 

 

Chris Folk