Splunking CySCA 2017

In a world of ever changing and evolving security threats with new vulnerabilities being discovered and exploited daily, it is important that we keep abreast of and, ideally, one step ahead of these information security issues. Identifying, nurturing and educating the next generation of Australia’s cyber security professionals is critical to this ongoing struggle. Enter the role of the Cyber Security Challenge Australia (CySCA)—a "hacking" competition for undergraduate university and TAFE students which is run by a consortium of Australian Government, industry and academic leaders. CySCA was founded in 2012 and its sole aim is to uncover Australia’s next generation of cyber security professionals. 

In mid-May, 79 teams of students from 25 universities and TAFEs across Australia competed in the 24-hour CySCA event. Over 300 students from across the country commenced reconnaissance, attacks, research and defensive countermeasures at midday on May 10th and strived through the night to complete as many of the challenges as they could in the allotted time, testing teams' mental and technical abilities. Challenges from technical partner organisations—like Telstra, PwC, Hacklabs, CBA, Cisco and, of course, Splunk—included corporate and web application pentesting, detect and defend, exploitation, forensics and an IoT device hacking challenge. This year saw a record number of females participate in the challenges, including four all-female teams.

CySCA HQ during the event: Monitoring the scoreboard and active contestants

How did Splunk contribute and participate in 2017? In mid-late 2016, a contact at the Department of Prime Minister and Cabinet put the local Splunk team in touch with Cisco to see if there was interest in joining as a technical sponsor. The one requirement of being a technical sponsor is that the organisation put forward challenges for the contestants. Having recently attended Splunk’s security bootcamp, I had heard about the Boss of the SOC challenges that debuted at .conf2016 and thought it was the perfect fit for Splunk’s contribution to CySCA. 

Splunk’s Boss of the SOC drops contestants into two different incident response (IR) scenarios equipped with the powerful investigation tool, Splunk. Each team was provided access to a Splunk instance that contained data from two real world attack scenarios: website defacement and ransomware attacks. Students had to "Splunk" the logs, network traffic streams, IDS data and more in order to find the answer to over 30 questions ranging from easy to challenging—enough to want to throw in the towel. My fellow Splunker Mickey Perre and I spent 24 hours monitoring the environment and helping students "Splunk" the data from CySCA HQ in Telstra’s offices in Sydney, occasionally throwing in the odd troll here and there to the cheekier contestants in the official CySCA IRC channel. Splunk was also being used behind the scenes to monitor and analyse the IT components and infrastructure hosting the game environments. 

The event was officiated by Alastair MacGibbon, Special Adviser to the Prime Minister on Cyber Security, and Sandra Ragg, Assistant Secretary, Cyber Policy at the Department of Prime Minister and Cabinet. The Honorable Dan Teahan, Minister Assisting the Prime Minister for Cyber Security, also had a video message for the dignitaries from Government and the technical sponsor organisations. Guests and dignitaries were then treated to a tour of Telstra’s CySCA HQ and Customer Insights Centre.

The winners of the competition will be announced at CSIRO's upcoming D61+Live innovation event in Melbourne in late June. Splunk was proud to be a sponsor of this year’s challenge and already has big plans for next year’s event, from "Splunking" all IT, infrastructure and challenge components of the gaming environment, to new and improved challenges for next year's contestants. We were amazed at the aptitude shown by many of the students in picking up a new technology—that many had not used before—within minutes, not days or weeks. This speaks to the power of Splunk as a premier IR platform, allowing any of its users to attain the answers they seek in order to find the needle in the haystack of security events.

Splunk CySCA website defacement scoreboard

Final CySCA scoreboard showing participation in BOTS challenges

Splunk would like to thank all of CySCA’s technical sponsors and partner organisations for the professional manner in which the event was conducted. Bring on CySCA 2018!

Posted by