by Nicole Capozziello
Published January 14, 2020
A team of University at Buffalo students got the opportunity to put themselves in the shoes of a penetration tester, breaking into and exploiting different computer systems and software at the annual Collegiate Penetration Testing Competition (CPTC) international finals.
UB was one of only 10 teams selected to participate in the finals, which drew participants from as far as Dubai. Student teams faced off to see who could perform the best at breaking into fabricated computer networks, evaluating their weak points, and ultimately presenting plans to better secure them. The target company for the competition was DinoBank, a mock financial services and cryptocurrency company.
“The competition provides a penetration-testing environment with direct resemblance to the real world computing infrastructure and complex corporate environments,” said Jay Chen, captain of the UB team, which included students from the School of Engineering and Applied Sciences and the School of Management.
Organizers of the competition sought to imitate a real-world experience in every way possible. Teams were visited by organizers who acted in various roles, such as the CEO of DinoBank or a disgruntled bank employee frustrated by their IT services being down. Each student team was given a network to break into, a telebanking voice call system that they could call and even an ATM they could hack.
“Having a physical ATM in the room with the students was a great way to up the engagement in this ‘real-world’ scenario,” said Lucas Morris, competition director of the competition.
“It may sound weird but I really enjoyed the stress of the competition,” said Sean Manly, a freshman computer science major. “Having something like that hanging over my head and pushing me to my limit was really fun, and I learned how to keep pushing myself to grow and perform better in high stakes situations.”
The team’s journey started in October 2019, when they competed at the Eastern regionals at Penn State. Over 50 universities and 300 cybersecurity students participated in the regional competition, held at six locations around the world.
UB’s performance earned them a place at the weekend-long finals, which since its origination at the Rochester Institute of Technology (RIT) five years ago has become the premier offense-based collegiate computer security event. It acts as a counterpart to the Collegiate Cyber Defense Competition, the premier defense-based event for college students.
Sponsors for this year’s competition included IBM Security, Google Cloud, Eaton and FireEye. Students had the opportunity to connect with representatives from sponsor companies and hand out resumes while at the competition.
“Penetration testing requires high technical skills and exceptional technology aptitude,” said Chen. “However, a large portion of the competition also revolves around a team’s ability to communicate with clients, executive board, and non-technical individuals. Skills like leadership, time management and adaptability are also very important.”
“I really appreciated the realism of the competition, since most of the work I’ve done so far has been in simulated environments with no repercussions,” said Lucas Crassidis, a freshman computer science major. “I’d love for the university to invest in more cybersecurity opportunities in the future.”
Other team members, all from UB’s Department of Computer Science and Engineering, were graduate student Stephen James, and undergraduates Can Toprak and Aibek Zhylkaidarov. The team was advised by David Murray, a clinical professor in the Department of Management Sciences and Systems.
The competition was held on November 22-24, 2019 at Rochester Institute of Technology. This year’s winning team was from Stanford University, and the other teams were from California State Polytechnic University-Pomona, Penn State University, RIT, RIT-Dubai, University of Central Florida, University of Virginia, U.S. Air Force Academy and Virginia Commonwealth University.