Crack passwords, decipher hidden messages, and find hackers before they find you.
CSU’s interdisciplinary student team RATM crushed these challenges and more to take a top ten spot at the national CyberSEED cybersecurity competition in March.
In the 8-hour virtual capture the flag event, team RATM bested competitors like Georgia Tech and the University of Florida in a test of practical cybersecurity skill. The team placed ninth out of 112 and brought home a $250 prize.
Winning team members include both graduate and undergraduate students from two CSU departments. Subhojeet Mukherjee, Diptendu Kar, and Sean Kouma are students in the Department of Computer Science. Ben Ettlinger is a student in the Department of Systems Engineering. The team was sponsored by faculty members Joe Gersch and Jeremy Daily.
Honing cybersecurity skills
The broad domain of cybersecurity requires rigorous training. For decades capture the flag (CTF) competitions have provided a way to hone and practice computer security skills. Participants gain experience securing a machine and conducting and reacting to the type of attacks found in the real world.
Cybersecurity CTF events showcase different challenges in specific focus areas, such as cryptography, forensics, network traffic analysis, and reverse engineering.
The annual CyberSEED event brings together dozens of universities and colleges to compete in a national, jeopardy-style CTF. The competition demands a range of skills. Teams must complete as many cybersecurity challenges as they can from a given selection, testing their training, knowledge, and creativity on a medley of computer security categories.
Category challenges are worth a fixed number of points and vary in difficulty from easy to hard. Points are awarded for solving challenges, and the competitor with the most points at the end wins.
This year, team RATM had eight hours to solve 41 challenges in nine categories. Academic diversity gave them skill depth and breadth. Preparation and competition experience made them stronger.
Learning how others approach problems
Perspectives are valuable in problem solving. More approaches can produce better solutions. At CyberSEED, the team learned how others think through problems, beginning with their teammates.
After ranking 18th at the 2019 competition, CyberSEED veteran Subhojeet Mukherjee had high expectations, “We had a strong team this year, and I wanted to see if we could make the top 10.”
Mukherjee is a computer science Ph.D. student researching vehicle cybersecurity. He also has a project in the systems engineering department, where he uses graph theory, algorithms, and optimization to solve system security problems.
Diptendu Kar competes at CyberSEED for fun. Also a competition veteran, he enjoys the teambuilding and strategy. Kar’s computer science Ph.D. work is with the chemical and biological engineering department using cryptographic techniques to ensure authenticity and integrity of synthetic DNA molecules.
Kar was impressed by the caliber of CyberSEED newcomers Ben Ettlinger and Sean Kouma. “This was their first CTF, and they did amazingly well,” he praises. “Without their contribution, we would not have reached the top 10.”
“With a bachelor’s in mechanical engineering, my entire path to get here has been interdisciplinary,” said Ben Ettlinger, a master’s student in the systems engineering department. Ettlinger researches heavy vehicle cybersecurity and relished the opportunity to apply the tools, concepts, and practices he learns in class.
As vehicle cybersecurity researchers, Ettlinger and Mukherjee also leveraged their previous competition experience from the CyberTruck Challenge. For years CSU students have been stealing the show and winning awards at the national event designed to improve cybersecurity in transportation industries.
Team RATM’s lone undergraduate Sean Kouma connected with the CyberSEED team through Hashdump Security Club. The talented third-year student in the computer science general concentration prepared for the event. He researched the competition format and had the knowledge breadth to tackle the scope of competition challenges. “You learn to be thorough, try all the alternatives, and not give up,” he said.
In addition to the event competition, CyberSEED fueled collaboration with a concurrent virtual panel, active community discussion, and a kickoff talk by speaker Gleb Reznik, Chief Information Security Officer at Synchrony Financial.
Practicing real-world cybersecurity
Cybersecurity is a demanding field. There are more devices than people, and a tsunami of information must be protected from increasingly innovative attackers.
CTFs like CyberSEED provide practice defending against cyberthreats. Team RATM urges all students to participate, regardless of skill level or major.
Ettlinger encourages newcomers, “I was surprised it was approachable and how much I could contribute my first time doing it.”
Mukherjee and Kar stress the importance of practical experience. “CTFs provide a platform to learn real-world cybersecurity issues and problems,” Kar said.
Mukherjee agrees, “When you are learning cybersecurity, step into the real world and collaborate with people,” he said. “Let’s solve the security problems plaguing the world right now.”
More competitions are in the team’s future. Ettlinger and Kouma plan to return to CyberSEED next year with improved skills in the web application exploitation category. Students interested in CyberSEED participation may contact Subhojeet Mukherjee or Diptendu Kar directly for more information.
The team gratefully acknowledges advisors and sponsors Craig Partridge and Joe Gersch from the Department of Computer Science, Jean Peccoud from the Department of Chemical and Biological Engineering, Jeremy Daily from the Department of Systems Engineering, and all the supporters who made their success possible.