WASHINGTON -- Soldiers from U.S. Army Cyber Command's 780th Military Intelligence (MI) Brigade (Cyber) and the Cyber Protection Brigade harvested both individual and unit honors in the All-Army CyberStakes (AACS) award presentation at the 2017 International Conference on Cyber Conflict U.S. (CyCon U.S.), Ronald Reagan Building, Nov. 7.
Hosted by the Army Cyber Institute (ACI), the AACS competition is an annual online Capture-the-Flag (CTF) competition open to anyone in the U.S. Army plus the four Service Academies and ROTC cadets. This year's event ran from Sep. 30 through Oct. 9, and featured a significant newcomer to the competition — Soldiers assigned to Cyber National Mission Force.
Like many other CTF events, there are five basic categories of challenges: Binary Exploitation, Reverse Engineering, Forensics, Cryptography, and Web Exploitation. According to Lt. Col. Josh Bundt, an instructor of digital forensics and research scientist with the Army Cyber Institute, United States Military Academy, the challenge categories provide hint into the skill sets required for CTF challenges.
"More generally, the focus areas that CTF competitions tend to measure are vulnerability discovery, exploit creation, toolkit creation, and operational tradecraft," said Bundt. "Success in CTF competitions demands that participants be an expert in at least one and ideally all of these areas."
In this year's event, 602 participants registered and 499 of them solved at least one challenge. The number of participants included more than 200 from the CNMF.
"The variety of challenges requires deep knowledge of multiple computer architectures, file and file system formats, encryption schemes and learning new protocols and specifications on the fly," said Bundt.
2nd Lt. Edward Woodruff, a capability developer assigned to the 781st MI Battalion, 780th MI Brigade, said cyber challenges are a hobby of his. Woodruff, who had the third highest score in the officer category and placed third overall, prepared for the event by doing reverse engineering and binary exploitation (BE) in his free time.
Woodruff competes in these type of events because he sincerely enjoys them. Also, he was beaten by 1st Lt. Christian Sharpsten, a software developer assigned to the 781st MI Battalion last year and was hoping to pass him this time. Alas, in this good-natured competition, Sharpsten not only bested him, but was this year's overall AACS winner.
"Maybe next year," hopes Woodruff. "Capture the flag events, such as CyberStakes, realistically emulate the battlefield of cyberspace and act as an effective training tool for those looking to do development type work."
The first place finisher in the enlisted category was Spc. Thomas Dignan, also with the 781st MI Battalion. When the event started Dignan had just finished Joint Cyber Analysis Course (JCAC) and then phase II of the Army's 17C (Cyber) training at the Army Cyber School, Ft Gordon, Georgia.
"Programming and tinkering have been my hobbies for a long time," said Dignan. "I regularly spend time to sharpen my skills through personal projects."
Dignan believes cyber challenges like AACS is an opportunity for those Soldiers "willing to take the initiative to learn new skills" and "separates those who want to excel."
For those Soldiers or Army Civilians looking to compete and win in CTF competitions, Bundt credits the Trail of Bits CTF Field Guide @ https://trailofbits.github.io/ctf/, and refers those interested in 'winning' CTF competitions to the Trail of Bits site.
CyCon U.S. is a collaborative effort between the Army Cyber Institute at West Point and the NATO Cooperative Cyber Defence Centre of Excellence. CyCon U.S. complements the CyCon conference held each spring in Estonia.
The 2017 All-Army CyberStakes Winners:
1. 1st Lt. Christian Sharpsten, 780th MI Brigade (1st overall)
2. 2nd Lt. Matthew Shockley, Cyber School (2nd overall)
3. 2nd Lt. Edward Woodruff, 780th MI Brigade (3rd overall)
Warrant Officer Category:
1. Chief Warrant Officer 3 Phillip Smith, Cyber Protection Brigade
2. Chief Warrant Officer 2 Benjamin Koontz, Defense Information Systems Agency
3. Chief Warrant Officer 2 Nicholas Kleck, 1st Information Operations Command (not able to attend)
4. Chief Warrant Officer 3 Tad Bennett, 15th Signal Brigade
Noncommissioned Officer Category:
1. Sgt. Matthew Cundari, Cyber Protection Brigade (not able to attend)
2. Sgt. 1st Class Zachary McElroy, Cyber Protection Brigade
3. Sgt. Andrew Canino, 476th Chemical Battalion, U.S. Army Reserve
4. Sgt. 1st Class James Medlock, Texas Army National Guard
Junior Enlisted Category:
1. Spc. Thomas Dignan, 780th MI Brigade
2. Spc. Stephen Cosolito, 780th MI Brigade
3. Spc. Blaine Milburn, Cyber Protection Brigade (not able to attend)
4. Spc. Gage Bennett, Cyber Protection Brigade
1. Spc. Chase Lindquist, Univ. of Cincinnati
2. Cadet Alexander Hubicki, Northeastern Univ. (not able to attend)
3. Cadet John Geenty, Univ. of Massachusetts Univ.
4. Cadet Brian Maguire, Virginia Military Institute
Total Score by Unit:
1. 780th MI Brigade
2. Cyber National Mission Force
3. Cyber School