Cybersecurity graduate students Pranavkumar Patel (M.S. ’23), Sultan Mahmud Chowdhury (M.S. ’23), and Sai Kit Christophor Tsui (M.S. ’23) came in third place at the ninth annual Canadian Cyber Defense Challenge (CCDC). The three-day virtual event, which ran from May 5 through 7, featured a series of cyber threats in a real-time event that 33 teams from educational institutions across Canada had to solve.
The CCDC event is based on the cybersecurity industry’s Digital Forensic Incident Response process, which includes the following steps:
- Breach discovery
- Incident containment and remediation
- Determining how the breach occurred
- Analyzing the compromised and affected systems within the organization domain
- Identifying and understanding what the attackers had access to and potentially took
- Reporting and communicating
The hackathon also included a modified version of capture the flag (CTF). Teams were awarded “points” for securing targets. Each target, open source or windows, featured major security problems which could be identified by the following categories: services and software that should never be found in a corporate network, bad configurations of services and software, unsecured confidential information, and outdated and highly vulnerable software.
Students also had the opportunity to develop their leadership and communications skills. As part of the challenge, the teams presented their findings and recommendations to their peers.
“We felt that the first day of the challenge tested our awareness in different types of IT [information technology] evidence collection techniques,” the New York Tech students said. “The second day’s evaluation part was also challenging. We were required to gather all the clues from CTFs to present the investigation to industry experts about how the attack took place and what corrective actions needed to be taken.”
Many aspects had to be taken into consideration, including management-related questions such as General Data Protection Regulation compliance, fines, and insurance coverage for such incidents.
[The] hackathon is the enrichment and refinement of information security, hacking skills, and defense techniques and requires experimentation and many trials to find the answer,” said the students. “We believe that the key success factor of winning this competition is that our team members have different backgrounds and experiences. The diversity of our experience allows our team to tackle both IT issues and management issues.”