2017 AITP-NCC After Action Report


Overview:

WraySec hosted the 2017 Association of Information Technology Professionals National Collegiate Conference and Career Fair® (AITP-NCC) Cyber Security Challenge at the Hyatt Regency St. Louis Arch. The AITP-NCC is an annual conference dedicated to building relationships between collegiate students and the Information Technology industry.  The conference included IT contests covering a broad spectrum of IT disciplines, ranging from PC Troubleshooting to Web Design, to Cyber Security. In total over 550 students, faculty, and industry professionals attended the conference. This year's AITP-NCC took place from April 6th through the 9th. You can read more about the AITP-NCC in our
Press Release.

The Qualification Round:

The AITP-NCC Cyber Challenge began with a one-hour long qualification round. This round saw over 85 participants take an exam comprised of both knowledge-based and technical-based questions.  Such questions ranged from best business practices to specific Linux commands. It was through this exam that the top 10 finalists would be selected, ranking the exam-takers first by correctly answered questions and then by fastest completion time.

The Finals:

For the final round, WraySec designed a total of 90 flags, covering 13 different challenge categories: Cryptography, Current Events, Database Security, Exploitation, Log Analysis, Network Forensics, Open Source Intelligence, Password Security, Physical Security, Regulation Knowledge, Reverse Engineering, Technical Knowledge, and Web Security.  The top 10 finalists had 2 hours and 35 minutes to solve as many challenges as possible!

The Scenario:

This year's challenge theme was Supervisory Control and Data Acquisition. SCADA has become an important cyber security topic in recent years. Control systems are heavily targeted in the wild, due to their susceptibility towards attacks and prevalence in modern day infrastructure. Competitors faced numerous control systems and other SCADA related technologies in each of the categories. They even had the opportunity to put their physical security knowledge to the test with a lock-picking challenge.

Scoring:

Scoring of the challenge was provided by WraySec's CyExNg, a Cyber Exercise platform. The scoreboard used for the AITP NCC event is public and can be seen here. WraySec hosts all public events on this scoreboard, for spectators and competitors alike. You can also view our CyExNg demo, which represents a fully featured event with flags, service checks, and assessments. The scoreboard was public throughout the event and was projected and displayed around the venue. Spectators were able to watch and root for their school.

The Winners:

In first place, Lucas Gallagher from Waukesha County Technical College.  Second place was secured by Schuyler Martin from Tarleton State University.  Third place went to Christopher Abbott from Northern Michigan University.  Pictured, from left to right:  Justin Wray (WraySec CEO), Schuyler Martin, Lucas Gallagher, Christopher Abbott, Steven Collmann (WraySec COO).

The Results:

1st Lucas Gallagher Waukesha County Technical College
2nd Schuyler Martin Tarleton State University
3rd Christopher Abbott Northern Michigan University
Honorable Mentions: Alex Nernberger Waukesha County Technical College
  Alfredo Villarreal Our Lady of the Lake University
  Francisco Hernandez Our Lady of the Lake University
  Tyler Ellison Texas State University
  Robert Reif Fox Valley Technical College
  Jason Smith Brigham Young University
  John Shegonee Waukesha County Technical College

 

The Event Conclusion:

The event was a huge success. In all 241 flags were successfully captured, out of a grand total of 622 flag submission attempts. At the end of the competition, the first and second place finalists were extremely close in scores, with only a few points difference separating the two. Given the total number of flags and the maximum possible points, this was a very exciting and close event!

Congratulations to all of the participants in both the qualifying round and the finals!

Learn More:

Running a cyber competition or exercise is easier than you think with CyExNg, and the benefits are immense. From simple question and answer flags to offensive/defensive CTF events and assessments, CyExNg was designed to handle them all!

Licenses for CyExNg are reasonably priced and include support. WraySec also offers puzzle design, content delivery, and management of your entire event. Whether you want to run an event yourself in an isolated environment or have WraySec manage a large public competition, we have you covered!

Leave a comment

Your email address will not be published. Required fields are marked *