It's been a good six months for Imperial College students in cybersecurity, with winners in both the Inter-ACE 2017 and the C2C 2017 competitions.
We caught up with Imperial postgraduates Madalina Sas from the Inter-ACE winning team, and Rodrigo Vieira Steiner from the C2C winning team, to find out about the competitions and why they are a great experience.
Hello Madalina and congratualtions. What is the Inter-ACE and what was the challenge?
The Inter-ACE is a cybersecurity competition open to students studying at an Academic Centre of Excellence in Cyber Security Research, of which there are 14.
The Inter-ACE competition had two challenges. The first was a capture-the-flag where teams competed to attack, control and defend as many hosts as possible on a network. The second was a forensics challenge where various puzzles had to be solved, to find flags on the hard-drive of a Windows machine and inside a PCAP file.
What was your winning strategy?
We decided to split the team, with some of the group focusing on taking over machines whilst others tried to solve as many forensics challenges as possible. I believe the main reason we won was that we had a good diversity of skills on our team, which allowed us to come at the challenges from different angles. This is really important in cybersecurity in the real world as well.
What were the benefits of taking part?
Meeting talented people with a similar mindset, getting in touch with the cybersecurity scene and working with team mates and against teams with very diverse experience. This was my first capture-the-flag style competition and I learned a lot!It’s been a great experience and complementary to my studies. I have just finished my master's thesis about privacy enhancing software and I have decided I will be pursuing a career in cybersecurity this autumn.
Congratulations on the win Rodrigo. Can you explain what the C2C competition is?
The C2C is a joint UK-US cybersecurity competition that was started two years ago between MIT and Cambridge University. It was launched by Barack Obama and David Cameron to help foster collaboration in cybersecurity.
This year's main event was a three-day capture-the-flag hackathon. Teams had to find cybersecurity vulnerabilities in several servers in the network, hack into them, and then plant a ‘flag’ which is a unique team identifier. Once you planted a flag you had to defend it by fixing the server vulnerabilities, preventing other teams from supplanting it. So you need both attacking and defending skills.
Points were awarded for the number of flags at the end, but you'd also get points for fixing vulnerabilities and solving side challenges.This year the teams were mixed in terms of the universities and individual abilities, which was decided in a qualifying round of online challenges. I was on a team with people from MIT, Carnegie Mellon, Cambridge and Oxford.
What was your winning strategy?
We realised that speed was crucial for the capture-the-flag challenge; the earlier you could find the servers, the more likely they were to still be vulnerable. So we decided to focus on the attacking and defending, and left the side challenges to later on.
What were the main benefits of participating?
It’s a lot of fun taking part, and a great opportunity to meet new people with similar interests. I’d highly recommend it to anyone interested in cybersecurity.One of the main benefits is that you get hands-on experience of cybersecurity from an attacker’s and defender’s perspective. It’s difficult to get this experience legally! You learn a lot from this and from your team mates. Finally, the prizes are a welcomed bonus! Our team came 1st and won £9,000, and there were also prizes for 2nd and 3rd place.
Article text (excluding photos or graphics) available under an Attribution-NonCommercial-ShareAlike Creative Commons license.
Photos and graphics subject to third party copyright used with permission or © Imperial College London.
Reporter
Max Swinscow-Hall
Institute for Security Science & Technology