Towards the end of August, I was part of the team who were offered to help out and participate at an exciting event held at Glasgow Caledonian University. The event ran over five days with each day varied in content and different challenges. In this post I aim to give a rough breakdown of each day and discuss what we have learned and experienced during this time. This is the first time that the Cyber Security Challenge was held in Scotland and it was successfully hosted by Glasgow Caledonian University & sponsored by BlackBerry, RBS and other companies. Read on to see how the event unfolded.
Introduction
In order to help build and maintain the high standard of the current digital age, an increasingly talented and dedicated workforce is required. Cyber Security Challenge believes the value of getting young people involved will be beneficial in helping them progress to a professional path within the security field. The content of each challenge varies but in the past, the following topics and skills have been covered:
- Forensics
- Penetration Testing
- Defensive
- Analytical
- Knowledge based
- Business continuity
- Capture The Flag
- Backtrack
If you’d like to find out more information on the Cyber Security Challenge or are interested in registering for future competitions then check out their website at the bottom of the article.
As you may already know, the main contributors to Techwi.re are students at Glasgow Caledonian University, who are part of the (Hons) Digital Security, Forensics & Ethical Hacking course and precisely five of us were asked to help out at and organize sections of this event. Below is a first hand account of the entire event.
Day 1
The first day of the challenge was spent welcoming the arriving contestants and seeing them to their private halls residences. This gave us a chance to interact first hand with the variety selection of people who were participating in the challenge – ranging from different professional backgrounds. The challenge is open to a wide audience so there were people who have already spent years in the industry and guys who were only just starting their degrees in related subjects.
A pub quiz was planned for the evening at a local bar however, due to the football being on, we were not given the chance do it on the night. Nevertheless, the night was not wasted and everyone got to know one another whilst sharing a drink or two (or three!). The evening ended with guys from England complaining on why the pub closed too early on.
Day 2 (Business orientated)
After a rough morning start for majority of the contestants, it was time to get down to business – literally. This entire day was focused on developing and strengthening the challengers’ business, problem solving and analytical skills. In the morning, the contestants were briefed on a mock scenario in which a company executive is looking for a business idea and is willing to invest millions of pounds into pursuing. Challengers were split into small groups and several points were to be considered:
- Length of the pitch is 7 minutes
- An average of 30 seconds to grab the attention of the CEO
- Gathering market research data and estimated profits
- A limited time of five hours to complete task
These were just the few of the challenges the contestants faced. On top of all of this, the pressure was on to come up with an interesting idea that would be feasible in the real world and could generate revenue. For the rest of the afternoon, the challengers had roughly five hours to complete their 7 minute pitch. We were allowed to observe each group as they went through their initial brainstorming to finalizing the pitch content and delivery. From a different perspective, I was quite surprised at how well each member of each group participated and contributed in on the task at hand, considering they only know each other for a few hours.
By the end of the day, each group managed to prepare very interesting 7 minute pitches that varied in content and direction. Overall the generalized theme of the products or services offered was computing and security solutions. From my perspective, the pitches varied in quality, with some highlighting what their product does and others concentrating more on numbers, figures and revenue output.
Dinner that evening included two Keynote speeches – one from RBS and another from Dr Michelle Govan announcing the new (MEng) Digital Security, Forensics & Ethical Hacking course at Glasgow Caledonian University.
Day 3 (Police College Visit)
The morning kicked off with a coach transfer to Scottish Police College, based at Tulliallan Castle. We were greeted with an interesting presentation that outlined the course of the day. The plan was for the contestants to split into groups and forensically analyse a mobile device that has been linked to a mock court case. They were then to create a forensic experts’ report that would be used during trial to present their findings and conclusions.
With many industry-standard forensic tools such as EnCase and XRY at the teams’ disposal, the possibilities for digging through the BlackBerry device were endless. It was a bigger challenge to piece all the different aspects together and connect all the dots. Since the teams were given a real life scenario, it was important to record the entire process and all findings correctly and professionally – using contemporaneous notes.
Teams spent the majority of their afternoon preparing documentation to be presented to the judge. Part of the challenge was an entire session in court, in which a panel of experts tear the forensic report apart and question a member of each team. This gave the contestants a chance to experience an actual court environment and see just how strong their reports have to be in order to hold up well.
Every member of the team that took the stand had no idea which report they will be defending and this made things interesting as it allowed us to see how they adapt and amend their responses each time. Some of the errors in the report were put in deliberately – in order to see who holds up the longest and provides the most sound explanation without giving too much away.
Dinner was hosted by BlackBerry with prizes given out to the contestants that held up their position in court and those who performed exceptionally well during the forensic analysis stage of the mobile device.
Day 4 (NetWars Challenge)
It was time for the ultimate hackfest. We helped set up a computer lab with customized VMWare images that are connected to the same system in England enabling challengers to participate in the lab, live against other opponents on the other side of the country competing in the same event. With merely a command prompt and a brief overview of the scenario at their disposal, the contestants set out to compete against each other in a scripted and from what I thought, a well planned scenario.
We also had the opportunity to participate in this challenge and the following aspects were included:
- Gaining access to different email accounts
- Extracting hashes using reverse steganography methods
- Analyzing SQL files for table entries and browser history/cookies
- Piecing the bits together to form a bigger outlook
- Questions testing your technical and problem solving skills
Conclusion
Speaking from personal experience during the event, I think it was a great success and I have learned many new aspects to cyber security which would become useful in the years to come both in the industry and my current degree. Overall, the event was organised well and even with some minor hiccups, everyone stuck together to form an interesting experience for all involved. As a final note – we did manage to run that pub quiz that evening and it was a great success!
Great to see how Digital Forensics & Cyber security has evolved at GCU since i graduated, and getting the well deserved recognition it should. By hosting this Cyber Security Challenge it can only amplify interest in these courses which is a great coup for all concerned.
Couldn’t agree more! Thanks for reading.
A very well written article. It’s quite interesting to see how the world reacts to digital forensics and the various methods used to train and raise awareness about digital forensics globally.
Thanks for your feedback =)