Welcome to the Spokane Mayor's Cyber Cup 2019!
The first question is 'what is a Capture the Flag (CTF) competition?' A CTF is a cybersecurity competition with the goal to challenge everyone involved to think about problems in interesting ways. Even though the bulk of the challenges tend to be cybersecurity based, other interesting problems come into play, such as steganography, cryptography and social engineering.
The second question is 'why should I participate?' There are two main perspectives: cybersecurity is awesome and this looks great for jobs/internships. Cybersecurity has over 1.5 million jobs open at the moment! The industry is exciting, important and ever-changing. If you are interested in the industry, CTFs are a wonderful way to get into cybersecurity. Secondly, employers want somebody who is passionate about what they do, not just someone who wants a paycheck. CTF's are a wonderful way to demonstrate passion, which looks good to potential employers. If you fall into either of these categories, please give this a chance!
The final question is 'who is invited?' This competition has been built for students close to the Spokane, WA area. Furthermore, you are probably thinking cyber security is much too difficult for me, 1) cybersecurity is not as hard as you think, 2) this is a learning experience! The goal of the competition is to learn and prosper, not to assemble the greatest hackers of all time. There will be people on staff ready to help all contestants during the competition. We are bringing in security professionals from Risk Lens, Intrinium and the Spokane Security Collation to come help out during the contest.
Finally, the reason this is the Spokane Mayor's Cyber Cup is because the mayor of Spokane has approved this as the official cybersecurity competition of Spokane,WA.
Here's a list of perks about the event:
- Free food! Also, there is no entry fee for teams to enter. Everything is entirely free to the participants
- Security professionals to chat and learn from, including professionals from Intrinium and Risk Lens, the President of the Spokane Security Coalition, a senior incident response consultant Gerard Johansen from Cisco, a ICS, IoT and car hacking expert from Gravwell (Corey Thuen) and a few other members from the community.
- This should be a good event to network at if you are looking for jobs or internships.
- Fun way to learn about secure software development.
- Prizes at the end of the competition.
We at Gonzaga University's Makers and Developers (GU MAD) club are very hyped that you are interested in computer security and contributing to a learning environment that will benefit us all. The event is on February 9th, live at Gonzaga Universities campus, with check-in starting around 9:30am. We've prepared a variety of challenges with both an attack-and-defend style and classic jeopardy style challenges.
To register, please go here and add your team. You may register with up to three members, or five if two of your team members are underclassmen. Please read through the rules first.
It would be wise to be familiar with the following technologies when competing:
- SSH: Teams will connect to administrate the servers using SSH and log into wargame challenges.
- Linux: The attack/defend boxes will be running a Ubuntu 16.04 LTS. Teams should be familiar with these basic principles:
- Basic directory navigation.
- Command line text editor (vim, emacs, nano, etc.) Only takes a few minutes to pick one of these classic text editors up!
- Search tools, such as awk, grep, etc.
- Passion to learn: The most important skill to have!
The following skills are helpful but not necessary. This is designed to be a learning experience, so don't feel discouraged if lack some, you'll be able to pick them up as you go.
- Web Application Development:
- Python: Version 2.7
- C/C++: Use the gcc and g++ compilers in Linux.
- Assembly: x86 architecture knowlege of general registers, stack and how to use GDB.
- Cryptography: RSA encryption and basic understanding of a symmetric key cipher.
- Social Engineering: How are people manipulated? What does a phishing email look like?
- Ability to read log files.
Types of vulnerabilities that students should watch out for:
- Directory traversal
- SQL Injection
- Buffer overflows
- Access Control Issues
- Poorly written logic
- Uncontrolled format string