When an ex-colleague forwarded the Defence Industry Cyber Security Challenge to me, the old IT itch starts rearing its head. This is one of the few IT “white hat” challenges that are not restricted to students or specific groups.
One of the most unexpected things that I took away from the weekend is how similar cyber security is to puzzle games and cake decorating.
|Problem||Cyber Security Professionals||Cake Decorators||Puzzle Gamers|
|Tools||Defined standards many openly available e.g. html||Anything you can get from the shops e.g. flour, eggs etc and an oven||Defined by what you have been given in the game|
|Patience level||Firewall number 3 to break through. Bring it on!||2 dozen hand made sugar roses for the topper later… you still have to do the rest of the cake||Level 230a, b, c and d…|
|Empathy Level||How did the person who put together the code think that I can spot vulnerabilities?||People see Tardis and see blue, phone box and flashing light. Make sure that goes into cake.||If this character is thinking and feeling that, they must have dropped that clue around here somewhere|
|Persistent Level||I know its in here somewhere! I will brute force it if I have to||I will get that cake edges razor sharp, even if it takes me hours||Final level at game play hour 160+ anyone?|
|Think outside the box||All the websites logins are locked down. What about the file upload API in the backend?||Hanging upside down tiered wedding cake…defying gravity and laws of physics||If I can’t get the key, I will tunnel through or jump over.|
I can go on and on, but truth is all 3 of these are master problem solvers. Tools used are different but ways of thinking is the same underneath the hood.
If it comes up again, I would encourage anybody who has a passing understanding of the Internet to give it a go. You can do it from wherever you are, unlike a lot of hackathons, you do not need to travel. Its an exciting weekend and learn new things even if you don’t win…I am living proof that you can run off the adrenaline for days afterwards!So How Hard Was It?
What makes this challenge a standout is that majority of the challenge can be done with ordinary tools that are available to everyone. The key here is that you need to think like a hacker (qualities see above).
Without giving the answers away, majority of the challenges can be done with standard web browser tools and desktop/mobile applications freely available to everyone. Hence you do not need to wear glasses, sit in a darken room with ones and zeros streaming through the green screen to participate.
It will help if you have used open source tools and some programming in the past, however, in my opinion this will only give you a time advantage to get the answers quicker and in a bit more depth.
Side note: There was one section where I suspect you need some prior knowledge of data science which I struggled with a little. I will update this post once the expected answers become available.
Edit 02/10/2017: I have since spoken to some of the winners who completed this challenge. They did have a background in machine learning, which helped in their responses. However having said that I personally didn’t but had fun approaching this from a commonsense angle.
This is not a sponsored post. I have no affiliation with ACSGN other than being an unpaid participant of their challenge.
Edit 02/10/2017: I should probably disclaim that after this post I won the best female award for this cyber challenge – which I did not know at the time of the original post