Cybersecurity Capture the Flag Challenge Goes Virtual

Posted: April 23, 2020

veracode_panel.jpg
Resilience is a defining aspect of science. If one door closes, open the next until the answer is revealed. In this spirit, engineering faculty and students pivoted to hold a cybersecurity-themed capture the flag event online during the lockdown at The Ohio State University.

Julia Armstrong, an Ohio State Electrical and Computer Engineering (ECE) alumna and Director of the OHI/O Informal Learning Program, said teachers and students alike are trying to navigate the unexpected changes in their lives. The success of the online event gave her some optimism.

“This shows that changes in educational activities are possible and promising, even in a post-pandemic era,” Armstrong said. “Students were able to communicate during formal times through Zoom; the event had a Piazza page set up for discussions, as well as a Slack workspace with general and specific challenge channels. Teams of students still worked together, remotely, and some were very successful.”

With the recent launch of Ohio State’s new Institute for Cybersecurity and Digital Trust, and the rise of at-home employment, the job market for providing online safety is unprecedented. In 2021, students will have more opportunities to focus their degrees and join in.

Capture the flags, or CTFs, are a kind of intro to computer security competition. With organizers from Ohio State’s Cyber Security Club, Women in Cybersecurity, Collegiate Cyber Defense Team (CCDC), and OHI/O, the event took place from March 27 to 29. Teams were pitted against each other in a test of cybersecurity skill. 

img_0157.jpg
Students gathered for the CTF challenge earlier this year.
Those taking part, even as freshmen exploring engineering major choices, dove into the fundamentals of forensics, cryptography, web and binary exploitation, as well as reverse engineering. Challenges included finding vulnerabilities in web applications, cracking codes, and figuring out how the application was designed in order to find the “flags” hidden in images, packet captures, or other data sources.

Other than watching the movie Snowden, first-year ECE undergraduate student Gary Sung joked, he had no idea what to expect. 

“I had no experience in cybersecurity," he said. “I saw an email about CTF and decided to sign up. This was roughly one to two weeks after I moved out of dorms. I participated in HackOHI/O and MakeOHI/O with my two roommates and convinced them to sign up as well.”

The CTF website offers some guidance, Sung said, but his team of three joined cold. With some gaming and coding experience, plus a Computer Science Engineering student on their team, they got started. 

screen_shot_2020-04-22_at_6.00.27_pm.png
Timeline of winning teams involved.
“We ended up in 5th or 6th place, I think, but I'm really looking forward to learn more. The best experience I got out of it was binary exploitation, which dealt with Assembly code; something I'll learn in ECE in the future," he said.

Event organizers said more than 70 people participated at one point, with 22 percent being female, including students from freshman year to graduate school. 

The experience fueled Sung's drive to learn more about cybersecurity. Afterward, he delved into watching documentaries like Zer0Days, AlphaGo and Claws of the Red Dragon and remains interested.

Armstrong said the event was funded with help from ICDT, Amazon Web Services and personnel support from Veracode - which provided an all-female panel of experts including April Sauer, Anne Christine Correia and Lupita Carabes.

Armstrong said her takeaway was that mentors play a crucial part. She also plans to find new ways to identify how to help any participants who wanted more guidance. 

Story by Ryan Horns, ECE/IMR Communications Specialist