INI Racks Up Wins at DEF CON and The Diana Initiative
By Ann Ritchie
CMU Wins Capture the Flag
DEF CON 30 took place August 10–13 at multiple sites around Caesars Forum.Carnegie Mellon University’s hacking team, the Plaid Parliament of Pwning (PPP), joined forces with the University of British Columbia’s team, Maple Bacon, and researchers from Theori.io, a Texas-based company founded by CMU alumni, to win this year’s Capture the Flag (CTF) competition. PPP has won DEF CON six times, with INI students and alumni contributing to the team.
This year, INI students Asparsh Kumar and Palash Oswal in addition to a number of INI alumni were on the 64-member team. The team worked systematically toward finding a bug. Kumar and Oswal said all their team members knew their roles and contributed
“The courses that you take at the INI, for example, Intro to Information Security, Reverse Engineering, Network Security and to some degree, Secure Coding. These are the stepping stones for the bigger challenges that you see at DEF CON,” Kumar said.
“Anyone from CMU can go in and be part of the team. There’s no recruitment or application. If you’re just interested, you can be part of PPP. That creates a major difference in the landscape. Getting the opportunity to participate in something just for being a part of CMU is a very big benefit,” Oswal said.
The Presentations Are Impressive
The lineup of DEF CON speakers included top names in information security. Talks and demonstrations were organized by topic in villages around the conference sites.INI student Nikita Mishra had been wanting to attend DEF CON for eight years. “Coming here and being able to attend was actually like a dream come true,” she said.
“For me the highlight was the IoT [Internet of Things] village, the cloud village and the social engineering village. In those villages there would be multiple booths with hands-on labs going on, apart from that, some contests, some CTFs going on, specific to the villages,” Mishra said.
INI student Henry Howland enjoyed the hands-on demonstrations. “I did the packet hacking village. There was a wide range of CTF just related to network traffic,” he said.
Howland sought out presentations that influenced global security and national defense, including a satellite hacking talked by Lennert Wouters, a researcher at KU Leuven, titled “Glitched on Earth by Humans: A Black-Box Security Evaluation of the SpaceX Starlink User Terminal, and “A Policy Fireside Chat with the National Cyber Director” featuring Chris Inglis who is the national cyber director at the White House.
Attendees could see the StarLink terminal and a demo of someone hacking it with custom-made hardware.
“Def Con is just a great time for anyone in security. It absolutely lived up to my expectations and exceeded them a little bit,” Howland said. “I went to DEF CON last year and I’ll say I got a lot more out of it due to the coursework and all the extracurricular activities that CMU has made available to me.”
Networking Thrived at The Diana Initiative
The Diana Initiative convened August 10-11 at The Westin Las Vegas Hotel & Spa. First held in 2017, the conference serves to help all underrepresented people in information security.As a proud sponsor of the 2022 conference, the INI welcomed attendees to its booth at the career fair.
An INI networking event hosted dozens of alumni and introduced them to the next generation
INI students Asparsh Kumar and Nikita Mishra participated in both The Diana Initiative and DEF CON, as well as helped run the picoCTF booth at The Westin.
“We organized a CTF of about 27 groups. We had good participation there,” Kumar said.
INI student Sai Sushmitha Sanduri gained perspective on the INI courses she would like to take in her second year and made important industry contacts.
“Listening to the talks helped me gauge what the industry is really looking for [in employees]. I met very inspiring people, some of whom were ready to be mentors and help me through this security journey,” Sanduri said.
How to Prepare
Interested students should look for announcements to apply for conference scholarships, including events such as Women in CyberSecurity (WiCyS), Grace Hopper Celebration, and the Tapia Conference for Diversity in Computing.The coursework and hands-on experiences that are gained in the INI classrooms are carried on through these conference experiences.
------