On July 10th, members of the BYU Cyberia Capture the Flag team consisting of three BYU Cybersecurity students and one BYU-Idaho Computer Information Technology student competed in the 5th Edition of the ENOWARS Attack/Defense Competition. Led by Senior Micheal Erickson and his experience as a member of the BYU CCDC (Cyber Collegiate Defense Competition) team, the team placed 22nd out of 54 international teams. Rounding out the group were Sophomore Justin Applegate and Juniors Ian Cook and Kayden Payne.
Hosted by the AG Computer Security group of Technical University Berlin, the competition involved defending a vulnerable box from other teams, while simultaneously developing and using exploits on opposing boxes. Each team was awarded points for keeping six services up and running, as well as sending successful payloads to the services of other teams. One aspect that made this especially difficult was the anonymization of network traffic through a central router hosted by the competition organizers.
The first half of the competition was spent digging into each service in an attempt to understand how each one was operating to find possible vulnerabilities. While analyzing incoming traffic, the team noticed that a specific kind of request was returning a flag for an opposing team. Justin Applegate led the effort in reverse engineering the relevant packets into a workable exploit. This proved to be a game-changing tactic as it greatly increased the number of points per round once it was able to be leveraged against all teams. With additional points per round coming from an exploit score, the team quickly moved up twenty-one places from 43rd to 22nd.
The competition proved to be a great learning experience in a multitude of ways. Ian Cook shares one lesson he learned from a low point in the competition: “While attempting to harden our computer, I accidentally took all our services offline. It proved to be a great tool for us later on in the competition when it reached a point that two services were losing more points than they were providing. We shut them down to avoid the net loss of points and were able to optimize our scoring.”
Justin Applegate added, “This was the first time our team has attempted this type of Capture the Flag competition, but it was valuable experience. Now that we have gotten our feet wet, we feel more prepared to participate in these types of competitions in the future”.
Enowars served as a great start to the BYU Cybersecurity program’s Penetration Testing Emphasis, in which students can learn and develop relevant Red Team skills that can be put to the test in similar competition environments.