ECU team places fourth in cybersecurity competition
Four students in East Carolina University’s information and computer technology program felt the heat of cybersecurity hacks and threats during TracerFIRE X, an event administered through Sandia National Laboratories and hosted by N.C. A&T University.
Students Cole Robinson, A freshman from Clayton who served as team captain, Collin Roach, a junior from Raleigh, Hannah Graves, a senior from Greenville, and Griffin Duck, a senior from Garner, finished in fourth place in the forensic incident response competition that offered hands-on training in a live, immersive and interactive format.
“TracerFIRE was a very realistic competition,” Robinson said. “It allowed participants to get hands-on experience with incident response and recovery tactics. I enjoyed the insight into how attacks with serious negative consequences like ransomware are executed by advanced persistent threat actors, such as how they are gaining initial access to an organization’s network, how they are moving across the network, how they steal data covertly, and the eventual remediation of these threats.”
Developed at Sandia National Labs, the competition is designed to help attract students from high schools and universities across the country and introduce them to opportunities in the cybersecurity field. TracerFIRE is also used as a training platform for students, giving them new skills in digital forensics, malware reverse engineering and network analysis.
Teams had to determine the adversary and their goals, method of entry into the system and degree of success. Participants also had to determine how to prevent recurring attacks.
“One of my main takeaways from this competition is that almost all serious and costly attacks are started with an uninformed individual either not configuring something correctly, not upgrading to the newest software or simply clicking on a malicious link,” Robinson said. “The data theft or pivot points of the ‘hacks’ that involve escalating privileges and silently siphoning data is always fascinating to see raw because every network is built differently, so the methods of stealing the data will be tailored specifically for each network and you will have to put yourself in the mindset of the attacker to find what they are going to do on the network next or what they’ve already done by digging through forensic data. The one thing I have seen that is the same 99% of the time is the initial access point, which is always able to be traced whether it is software or an individual.”
The event included workshops that included discussions on incident response, forensic investigation and live analysis on file systems, memory and malware. Participants were also introduced to a number of forensic tools and techniques. Participants familiarized themselves with the cyber kill chain; acquired memory and disks on a live Windows enterprise environment; performed forensic analysis on infected disks and memory images; analyzed traffic on how malware communicates over its command and control using Wireshark; and learned about the pass-the-hash technique used to compromise enterprise networks.