The world’s top cybersecurity students gathered at the Rochester Institute of Technology to compete in the Collegiate Penetration Testing Competition (CPTC) Global Finals from January 13-15. The event capped off the largest breach-based cybersecurity competition for students, held annually by RIT.
A team from California State Polytechnic University, Pomona Students won the CPTC’s Top Trophy, for the second year in a row. Stanford University placed second and the University of Central Florida placed third.
In the competition, 15 teams used their white hat hacking skills to break into fabricated computer networks, assess their weak spots, and present plans to better secure them. CPTC helps students acquire and hone the skills needed for employment in cybersecurity, an industry that is in dire need of qualified professionals.
In this year’s scenario, students conducted a pentest for a fake hotel and tourist destination, with an emphasis on protecting the customer’s personally identifiable information. The students took on the challenge of having to switch from one system inside the hotel to another, starting with the computers in the public kiosks in the hotel lobby and seeing if they could access other devices. other hotel systems, including those that control reservations and access rooms.
“As you can imagine, if this was something that was possible in a real hotel, it would be a major security issue,” said Tom Kopchak, director of CPTC development and director of technical operations at Hurricane Labs. “Our primary focus when creating the competitive environment is education – we want students to learn skills that will be relevant to their roles in the future. We are actually modeling what we have experienced in the world real as security professionals.”
One thing that makes CPTC unique is how the competition gives students experience working with technical and non-technical clients in a professional manner. Professionalism, as well as technical conclusions, presentations and reports, play a key role in the good rating.
At one point in this year’s storyline, teams were tasked with identifying ways to break into a hotel safe. Social engineering was another component added this year.
“During regional meetings, teams had to create a phishing email to capture the username and password of a specific hotel employee that we identified,” said Kopchak, also a former student in RIT’s Computer Security program in 2011. “In the finals, we challenged ourselves to include phone call phishing (vishing). personal information about hotel guests.
Judges and sponsors from the security industry evaluated the competitors’ performances. Students also had the opportunity to meet experts, submit resumes and interview potential employers. Sponsors included IBM Security, Paperclip and Black Hills Information Security, among others.
“This competition gives you a taste of real-world engagements and helps you deepen the knowledge learned in the classroom,” said Sarthak Mathur, master’s student in computer security and captain of the RIT team. “Not to mention that everything in the competition is hands-on and you’re always encountering technology you’ve never seen before, so you have to adapt and learn in real time, just like you would in the real world.”
The RIT team included mathuroriginally from Jodhpur, India; Annika Clarkea third-year computer security student from Delmar, NY; Max Fuscoa fourth-year computer security student from Freehold, NJ; Daniel Railic, a third-year computer security student from Rochester, NY; and Mohammad Eshana fourth-year Computer Security student from Jamaica, NY Alternates included Karin Sannomiyaa fourth-year computer security student from Oakville, Ontario, Canada, and Dominic Lo Iaconoa fourth-year computer security student from Howell, Michigan. The team is led by Rob Olson, Senior Lecturer in the Department of Computer Security at RIT.
The competition environment is managed by RIT’s ESL Global Cybersecurity Institute (GCI) Cyber Range and Training Center, which is capable of hosting over 5,000 virtual machines for immersive scenarios.
Throughout the fall, hundreds of elite cybersecurity students from 70 schools gathered at regional events around the world to compete in the CPTC Regional Championships. The top 15 collegiate teams from regionals have been selected for the weekend-long CPTC World Finals. Participating teams included:
- American University of Sharjah (United Arab Emirates)
- Brigham Young University
- California State University, Fullerton
- California State Polytechnic University, Pomona
- Indiana Institute of Technology
- Liberty University
- Princess Sumaya University of Technology (Jordan)
- Rochester Institute of Technology
- Rochester Institute of Technology, Dubai
- Stanford University
- University of Central Florida
- University of Massachusetts at Amherst
- University of Texas at Austin
- University of Texas at San Antonio
- University of Tulsa
Next year’s CPTC theme was also announced. Participants will discuss cybersecurity at an airport, focusing on transport and signal cybersecurity. Alstom, a French mobility technology company, has been named sponsor of the 2023-2024 theme. Alstom is also collaborating to provide RIT students with training, research and career opportunities.
CPTC has become the first offense-based collegiate computer security event, having started at RIT eight years ago. CPTC is a counterpart to the National Collegiate Cyber Defense Competition (CCDC), which is the premier defense-focused event for students. More information about the CPTC can be found on the Collegiate Penetration Testing Competition website.