An Army Soldier and two Army civilians assigned to the 782nd Military Intelligence Battalion at Fort Gordon, Ga. distinguished themselves and the Army by earning top ratings at two SANS Technology Institute cyber security competitions recently.
Sgt. Andrew C. Beat, a 17C cyber operations specialist, B Company, 782nd Military Intelligence Battalion; Aaron T. Lewis, Army cyber operator, 782nd MIB and Matthew D. O'Rouke, intelligence specialist, 782nd MIB, 780th MI Brigade, initially competed in SANS Hackfest, Baltimore 2018 and went on to compete in the SANS Tournament of Champions, or TOC, in December 16-17, 2018.
Beat placed first in Hackfest in the individual category while Lewis placed fifth. O'Rouke, competing in the team bracket with a few others, placed first.
Individuals or teams that place first in regional events get a direct invite to the national championship held in Wash, D.C. at the end of the year.
At Hackfest, SANS brings together cyber professionals of all skill levels from government, industry and private organizations to provide them with a fun and challenging cyber range environment.
"NetWars is a large event … it's a massive Capture the Flag event," said Beat, also known by his competition name, 'The Potato.' "As you submit these flags and get points, you will unlock more levels on the scoreboard that you connect to.
"They give you a virtual machine to start - you have to find the flags on that machine which are just text files, other hidden Easter eggs - things like that. Or having to debug a program, to find it in an unused environment variable or just manipulating a binary to give it the output you want. Eventually you will submit the flags to a scoreboard."
The goal is to complete each successive level which becomes progressively more abstract with more layers as the operator gets higher up. Also the player may encounter an additional challenge step to decrypt a file just to get the flag.
"You're going against the network as an adversary; the goal is to achieve as many points as you can, capture the flag as much as possible before the time is up," said Lewis, who earned a bachelor of science degree in corporate communications from the University of Texas and a master's degree from Strayer University in information systems.
In the individual Hackfest, Lewis placed in the top five, earning an invitation to the TOC.
"You are hacking the authorized network that SANS has built for you -- to practice techniques, tradecraft, exercises they teach throughout their courses," said Lewis. "Points are based on how many flags you can capture overall. Some points are worth more depending on how hard they are local versus privileged exploits versus getting authorized as admin on the box -- those flags are typically a little higher."
At the end of the Hackfest event, O'Rouke's team won first place.
"That's when we found out that when you place first in a regional event, you get a direct invite to the national championship in Washington, D.C. at the end of the year," said O'Rouke.
O'Rouke took this message home to his unit.
"We were able to get additional participants in the Hackfest Pentest, Baltimore, in November," said O'Rouke.
Army cyber Soldier, civilians score big Sans NetWars 2018
At Hackfest, the individual and team players numbered about 200, but more than 500 individual and team players competed at the TOC.
"I'm actually considered senior for the Army in my job field and I head up a number of things to move the mission forward and cyber forward as well," said Beat. "We go through a lot of training.
"I enjoyed being able to use training that I received with in the Army and from other courses I had attended. I found that the experience I had gained in my job and the training I've gone through in the Army helped me out immensely."
The pace of the TOC was much different than Hackfest as the players are more experienced and come from across the globe to compete.
"At the national championship we were playing against the first-place teams from around the country and also international participants," said O'Rouke. "Way more fierce - a two-day event, like Hackfest, also six hours over two evenings."
"TOC is much faster because most players have done the CTFs before," said Lewis. "Some have built scripts that would get them to level four in the first hour; the pace and speed are much faster."
The highest level is the fifth, also known "Castle vs Castle," where players must perform offensively and defensively, unlike the first four levels where they are the aggressors only.
O'Rouke's team reached the fourth level in Hackfest.
"The fifth level gets rid of authority - each team is given a set of six different servers running various programs," said O'Rouke. "You have to defend your six servers while attacking others teams' six servers."
Benefits of Competition
"It is also a wonderful chance for cyber professionals to network with others and learn from various experiences," said Daryl Gilbertson, SANS DoD Account Manager. "At Tournament of Champions, we really up the ante by inviting only the best of the best to compete with each other as either an individual champion or a team champion.
"Participants really plan and prepare weeks in advance to find that slight edge needed to propel them to the top of the scoreboard. Those who win receive the wonderful accolades and recognition for years to come. All participants enjoy themselves and always leave exhausted yet smiling."
"NetWars is a computer and network security challenge designed to test a participant's experience and skills in a safe environment while having a little fun with your fellow IT security professionals," said Gilbertson. "Participants learn while they plan while increasing their skill level in Vulnerability Assessment, Packet Analysis, Penetration Testing, System Hardening, Malware Analysis, Digital Forensics and Incident Response."
NetWars is split into separate levels so players may quickly advance through earlier levels to the level of their expertise.
"Capture the Flag teaches you a lot about what you don't know," said O'Rouke. "It's a great tool to assess your level of understanding and your techniques as an individual. You also get to bond with others of like-mindedness."
"The benefit to the Army is that more people are involved," said O'Rouke. "There were several of the challenges that are things we don't get to work with every day. It definitely increased our skill set."
"The tactics techniques and procedure really challenge your perspective and understanding," said Lewis. "The Army teaches you one way to do things. Going to these training events helps you to bring back knowledge and perspective -- you can help grow your organization."
"NetWars is designed to be accessible to a broad level of player skill ranges," said Gilbertson. "The Army can review participant individual scorecard to better focus advanced individual training. There is also an overall Scoreboard that ranks each player so the Army will know who their best cyber warriors are.
"The best programs don't think of cyber as an event. The best programs weave together training and career paths. The hunger for these people who are well-trained is so great that they'll constantly be in high demand. NetWars helps find, develop, recognize and challenge Soldiers.
"The team-based aspect of NetWars helps soldiers enhance their individual skills while preparing them to work as a team to solve real-world issues."
ABOUT US: United States Army Cyber Command directs and conducts integrated electronic warfare, information and cyberspace operations as authorized, or directed, to ensure freedom of action in and through cyberspace and the information environment, and to deny the same to our adversaries.
Interested in the challenge of joining the Army Cyber team? Check out military and civilian cyber career and employment opportunities by clicking on the "Careers" tab at www.arcyber.army.mil