Offsec Students Win High-Tech Capture the Flag Event at BSides Atlanta

KENNESAW, Ga. (May 30, 2019) — Five Kennesaw State University students flexed their cybersecurity muscles this month by winning a high-tech game of capture the flag at the second annual BSides Atlanta, a prominent information security conference held on campus.

The winning team – Arash Negahdar, Mac Erickson, Jonathan Sams, Asher Andree and Zack Marotta – are all members of the Kennesaw State Offensive Security Research Club, a student organization focused on cybersecurity. They participated in a capture the flag competition, or CTF, sponsored by Atlanta-based cybersecurity consulting firm Coalfire.

Winners of Coalfire Capture the Flag at BSides Atlanta Arash Negahdar, Mac Erickson, Jonathan Sams, Asher Andree and Zack Marotta

In cybersecurity circles, a CTF involves teams competing with one another to infiltrate computer networks and access protected information. The Coalfire CTF, organized as part of the BSides Atlanta conference held May 4 in the KSU Center, saw multiple teams of students and industry professionals attempting to break into target computers provided by the company.

“The objective of the CTF was to replicate real-life scenarios in penetration testing to gain access to the contents of a secret file,” says Qasim Ijaz, director of Coalfire Labs. “Each machine contained a low privilege flag and a high privilege flag for scoring.”

Coalfire provided the winning team with an Amazon gift card and a Hak5 Plunder Bug, which is a device that allows users to monitor traffic on a computer network.

Cybersecurity professionals use penetration tests to determine the strength of their network protections. CTF competitions allow students and professionals to practice these skills in a low-risk environment.

 “CTFs are a really popular way to hone your skills and expose yourself to new things,” says Information Security Lecturer Andy Green, who is also faculty sponsor of the Offsec club and one of the organizers of BSides Atlanta. “The fact that these students all wanted to be here on a Saturday morning and bang away at targets on a wireless network speaks primarily to the fact they are driven, they’re focused, and they want to take advantage of opportunities like this.”

The conference featured two additional CTF events, including one where participants had to infiltrate a network while defending their own from attack, and one where they had to search the web to uncover personal information about specific individuals.

BSides Atlanta is a cybersecurity conference Green has organized the past two years along with several industry partners, and is one of nearly 100 BSides events held globally each year. Formed in 2009 by speakers who were unable to present at Black Hat USA – the leading industry conference – due to a lack of room, the BSides organization promotes a grassroots, community-driven approach to their events. The organizers of each BSides event have freedom to determine the format of their conferences.

This year’s theme for BSides Atlanta was the intersection of privacy, security, and public policy. More than 200 students and industry professionals attending to learn from the 17 expert presenters, including keynote speaker Dave Shackleford. Shackleford is the founder of Voodoo Security and a Kennesaw State alumnus.

“Dave is in global demand,” says Green. “He teaches courses on security around the world and is a global expert on virtualization infrastructure software. That was a hell of a get for us to open the day up with.”

The topics covered ranged from incidence response and mobile application security to new strategies for social engineering, which refers to the tricks hackers use to convince unsuspecting people to load malicious software onto their computer networks. BSides Atlanta also featured hiring professionals performing resume reviews for attendees.

Among the conference sponsors were The Michael J. Coles College of Business’s Department of Information Systems, the U.S. National Security Agency, and several businesses and non-profits operating in the information security space.

Green says he finds it rewarding to be a part of an event that brings together such a diverse group of people all dedicated to the singular goal of enhancing their knowledge in the ever-changing cybersecurity landscape.

“Whether you’re an industry professional with 15 or 20 years of experience or a student who doesn’t quite know where you’re going to land yet, you’ve got to grow, stretch, and push yourself,” he says. “You have to take advantage of opportunities like this that allow you hone your skills. You can’t get complacent.”  

-Patrick Harbin