Slashdot Mirror

← Back to Stories (view on slashdot.org)

Students vs. Hackers

Posted by ryuzaki0 on from the content-vs.-form dept.

sethfogie wrote to mention Informit.com's coverage of the Mid-Atlantic Regional Collegiate Cyber Defense Competition. Students put their skills to the test, trying to lock down systems against intrusion from an invading hacker team. All in the name of learning. From the article: "When the three hour grace period was over, the Red Team slowly worked their way into attack mode. One member started to sort through the information they gleaned from their scans and investigated each possible exploit. Another member fired up a MySQL database client and started to poke around the students databases looking for sensitive data. The two others were adding/changing accounts to routers, firewalls, and systems. However, for the most part, the students were not being pelted with attacks. And this continued for the next several hours."

9 of 83 comments (clear)

  1. GO MILLERSVILLE! by Hinde01 · · Score: 1, Interesting

    I go to this school and am friends with one of the guys that is on the team. From how they tell it, they prety much owned the other teams (or at least got the least owned by the red team). Hopefully one of them will log on and give you their perspective. I really wish I had heard about this before it happened, but I missed it. Oh well. The entire CS department here at Millersville will be pulling for them when they go onto Texas.

  2. Re:Simulations are lacking, here's why by God'sDuck · · Score: 3, Interesting
    using the information gleaned here to apply to real-world situations is lacking in one MAJOR area: They neglect the aspect of social hacking.
    i think you missed the vignette about the little tidbit obtained before the contest even started: the stat sheet on the systems the defendors had been issued, that the Red Team conned off someone. seems sorta equivalent of pulling a sales receipt out of a dumpster to me...
  3. Re:Lunix servers by davidesh · · Score: 4, Interesting

    it was pretty rough. We had 4 hours in the southeast competition. BUT we did not have the debian CDs, the linux boxes were full of backdoors and lots of misconfigurations on purpose. We thought we would have a fully functioning network going in, and for us it seemed to be more of a disaster recovery competition. The hard drive on our static web server (linux) died after the 1st hour, we finally got a replacement the next morning for the 2nd day but it was too late. We had 2 windows servers running on MS virtual server 2005 & 1 Debian mail server VM... for whatever insane reason on the 2nd day our mail server wouldn't recognize the virtual network card and we were SOL.

  4. What's your background? by khasim · · Score: 2, Interesting

    Since you were in the contest, what was your background? Did you have any experience with that router and firewall? Any professional/vendor certifications or training?

    1. Re:What's your background? by EdMcMan · · Score: 4, Interesting

      We are all computer science majors. So, basically we learn to code.

      All of our knowledge from this competition is from experience outside of school. A little hands-on knowledge can go a long way. I worked primarily on the Linux servers (but also the e-commerce site on Windows). My knowledge of that is just through personal experience. I've been using Linux for a long time.

      I know at least one person on the team has a lot of certifications (Microsoft). Another person was trained on routers by the national guard. Although I have experience from a Cisco class in highschool, I let other guys who knew it better handle it. As a funny note, we locked ourselves out of our firewall almost immediately (due to mistyping the new password). We didn't attempt to reset it while we were in first place.

      So, our backgrounds are all pretty unique to answer your question. As a side note, we do have a security class offered at our school, but it is heavily based on theory.

  5. Re:Actually, this was allowed. by EdMcMan · · Score: 2, Interesting

    Administrators cannot be there at all times. The red team actually broke into the building after hours to teach us that lesson!

  6. Re:Simulations are lacking, here's why by arbiterip · · Score: 4, Interesting

    I actually participated at this contest for Millersville University. Social engineering was allowed. I must admit, I have not yet read the article but members of the Hacker/Red team would often walk around the room and try and to watch what people were doing. A few times they even stopped and tried to get information out of us. However, they had to leave our team area when asked. Our team actually left sheets with the wrong passwords on the tables in hopes that they would waste their time.

  7. Re:That makes me want to smack people. by davidesh · · Score: 2, Interesting

    at our competition (southeast) they even said we were setup to fail and the deck was stacked so high against us it was ridiculous. We didn't have most of the CDs to reinstall/install OS's or Applications. We also didn't have access to the internet except for a few proxied sites and it wasn't working so hot.

  8. Re:Simulations are lacking, here's why by Yomer333 · · Score: 2, Interesting

    Not for nothing, but I participated in the Midwest regional (we won, w00ty w00t), and social engineering actually played a huge part. Our team (SIU) spent multiple nights in the bar and the hotel getting drunk with the red team. At the end of it all, one of the hackers said that the entire red team voted us as the best. Unfortunately, the red team's vote was never used for scoring as was originally intended, but hearing that was one of the highlights of the weekend. Since then, one of the hackers pointed out that he'd "rather see a team that he got to drink with win the nationals." Is social engineering as advanced in a competition as it would be in real life? Probably not. However, it definitely does play a role...at least in our competition.