CGS students expose never seen before zero-day exploit at information security conference in Canberra


cgs_logoWhile many people were using their technology over the weekend, the Year 11 Canberra Grammar School Code Cadets were holding their own against information security (InfoSec) professionals at a conference where they were honing their skills at attacking and defending vulnerable networks and technologies.

BSidesCbr is an annual InfoSec conference in Canberra. In addition to having high-profile speakers discussing technical security topics there are several other events at the conference – in particular, the highly competitive Capture the Flag (CTF) competition, where the CGS Code Cadets placed 4th in a field of over 50 teams – a notable achievement, being the only school-aged team at the event.

Teams solve security-related tasks from a variety of categories to obtain a ‘flag’ which can be redeemed for points. Challenges include cryptography, digital forensics, wireless networks, reverse engineering, web apps, and owning (or pwning) Internet of Things devices such as set top boxes, IP cameras, and routers. The team with the most amount of points at the end of the competition wins.

CGSCodeCadets-CTFCompCanberra-based tech security firm Ionize sponsored the BSidesCbr CTF competition this year and their Managing Director, Andrew Muller, said ‘a particularly impressive performance was displayed by the Code Cadets who held their own against seasoned information security professionals. In addition, they discovered a never before seen vulnerability in a commercial device, known as a zero-day exploit, a feat that was applauded by the crowd of 700 security professionals that attended the conference from around the country and the globe.’

‘Information security is not a new area – but it is an area which has gained more and more attention due to recent events’ says Matthew Purcell, Head of Digital Innovation at Canberra Grammar School. ‘We believe it’s critically important to educate our students to not just be digitally literate, but ready to address serious digital threats which will only become more common in the future.’

The CGS Code Cadets CTF team consisted of Year 11 students Damian Camilleri, George Dan, Joseph Fergusson, Robin Hodda, Sam Reading-Thompson, and Jonathon Soper. The team won $200 for their 4th place in the CTF competition, but to add on to this, in an act of incredible generosity and comradery, the 1st place team Cybears donated their $500 prize to the Code Cadets. Via Twitter, the Cybears said ‘We were impressed with your skill and determination, and are proud to foster the future of InfoSec in Canberra.’

Code Cadets team member Joseph Fergusson commented ‘I enjoyed working in a team and solving challenges, as well as learning from others and sharing knowledge.’

Damian Camilleri agreed that ‘it was terrific to be able to learn so much through real-world implementation’ along with Sam Reading-Thompson adding ‘the thing I enjoyed most about the BSides CTF was the challenge of learning and responding to real-world security threats on the spot.’

This was also an eye-opening educational experience, as highlighted by George Dan, who said ‘I would like to learn more about how to approach solving the challenges at a theoretical level, especially with chaining vulnerabilities together to solve the problem.’

‘I found the whole event very supportive and friendly, everyone there were really keen to help. The CTF team were really helpful, but still making us work things out for ourselves, keeping it a challenge’ said Robin Hodda.

‘BSidesCbr is committed to advancing the state of computer security in Australia and promoting education and growth within the community. We were very impressed with the Code Cadets – their willingness to learn and participate was first rate’ said Kylie Peak and Silvio Cesare, BSidesCbr organisers.

BSidesCbr will run again in 2018 at Exhibition Park in Canberra (EPIC), with plans to cater for up to 1,500 attendees.