UCSC Places 9th at CyberForce 2022

Slug Security is thrilled to share that UC Santa Cruz secured 9th place out of 170 teams in the 2022 CyberForce Competition. This marks the second consecutive year that UCSC has ranked in the top 10 in the Department of Energy’s CyberForce Competition. We want to congratulate the 3 teams that represented us this year, “Slug Sec”, “Bing Chilling”, and “Cyber Slugs”. All three teams were supervised by Professor Alvaro A. Cardenas and Sebastián Castro.

About the Competition

The CyberForce Competition is a cybersecurity competition that includes both Capture the Flag (CTF) and cyber defense/offense exercises. It is designed to help develop the next generation of cybersecurity professionals as part of the US government’s Cybersecurity Workforce Development Program.

Over 850 students from 35 US states and 170 teams participated in the competition, which was open to undergraduate college students. The competition took place from late September to November 7th.

About UCSC’s Team

This year, Slug Security had 15 participants divided into 3 student-led teams. The faculty advisors supported and provided guidance to each team. Around 75% of the team members had their first experience with cybersecurity during the competition. Here are the notable rankings of our teams:

  • Team #126 - “Slug Sec
    • 9th overall
    • 7th in challenges
    • 12th in offense
  • Team #127 - “Bing Chilling
    • 27th overall
    • 1st in challenges (tied w/ UCF)
  • Team #128 - “Cyber Slugs

This Year’s Challenge

The competition had two parts: attack and defend and Capture The Flag. The attack and defend portion focused on a simulated cyberattack on a solar-powered electric vehicle manufacturing plant owned by “Vita Vehiculum”. They recently acquired a solar and energy storage company called “Sole-Zon-Solis” and conflicted with a rival firm. Participants were responsible for evaluating the infrastructure, new acquisition, and threat landscape to safeguard the company’s assets.

As part of the process, it was essential to create customized documentation for the company’s executives, along with a realistic plan for the security team to implement. Participants had to assess the current infrastructure using different network scans and vulnerability assessments while ensuring access to critical services and devices. This dynamic and engaging challenge provided students with the opportunity to demonstrate their skills and knowledge in a realistic, hands-on blue team scenario.

Example Security Report

Our Triage Logs for the Defense Phase

As the competition’s defense phase came to an end, competitors moved on to the attack phase. The company merger was underway at the time, and the rival firm’s offensive strategy included a variety of attacks aimed at disrupting operations and services. Participants were required to monitor multiple machines at the same time using various logs and intrusion detection systems (IDS) to identify potential sources of compromise. Participants were required to report to the white team (competition scorekeepers) during each attack and provide them with various details such as:

  • Include as much specific, technical detail as possible, for example:
    • IP addresses / domain names
    • Protocols / services used
    • Full file paths / hashes
    • Process IDs / process list entries
    • Evidence to support your claims (log file snippets, screenshots, file hashes, etc.)
  • Reconstruct and describe the actions of the attacker, for example:
    • Where and how did the attacker initially gain access?
    • What did they do next?
    • What was the total scope of the compromise?
    • What accounts / credentials have been compromised?
    • What was the impact on the ICS system (if any)?
    • What did they leave behind?

Example Attack Report

One of Our Attack Reports

After the attack-defense scenario, the competition moved on to the exciting Capture The Flag (CTF) phase. On a dedicated Saturday, all participating teams worked independently to complete 42 cybersecurity-related challenges. The CTF challenges added variety to the competition by requiring participants to solve cryptography puzzles, reverse engineer source code, and handle digital forensics tasks. During this portion of the competition, each team was able to demonstrate their skills and knowledge while addressing a variety of real-world cybersecurity problems.

More Information