AFIT NEWS

Share this page on these sites

Welcome to the Air Force Institute of Technology

EWI Fellow designs HackFest Summit challenge
Posted Tuesday, April 02, 2019

 

Capt Jeremy Kulikowski, SANS Institute Education with Industry Fellow

 
Attendees at the Pen Test HackFest social event compete in the custom challenge created by Education with Industry fellow Capt Jeremy Kulikowski (U.S. Air Force photos by Capt Jeremy Kulikowski)
 

Capt Jeremy Kulikowski is an Education with Industry fellow at the SANS Institute, a cooperative research and education organization, providing information security training and security certification.  Recently, he supported the Pen Test HackFest, an annual event hosted by SANS by developing a custom hacking challenge for attendees.

Pen Test HackFest is comprised of two components: Training and a Summit.  The Training portion of HackFest allows attendees to take courses from a roster of experienced Instructors as well as compete in the prestigious NetWars Tournament and CyberCity.  During the Summit portion, in-depth talks and presentations focused on an offensive security theme are delivered to broaden attendee’s knowledge and give insight on how individuals could better protect their organizations. 

The Summit also provides great networking opportunities to meet and exchange ideas with information security professionals from diverse backgrounds.  To encourage networking and fun after the first day of the Summit, SANS hosts an off-site event where people can socialize and also play a custom built challenge.  Ed Skoudis, a SANS Institute Faculty Fellow, and founder of Counter Hack Challenges, put Kulikowski in charge of building a new challenge for the event.

There were four objectives that needed to be achieved in designing this custom challenge to for the evening.  First, the overall challenge needed to be a topic of interest to that the group of participants to play the game.  Second, all the challenges had to be capable of being solved on mobile devices.  Third, the challenge as a whole needed to contain enough puzzles of varying complexity to keep participants engaged for one to one and a half hours of time.  Lastly, and most difficult to achieve, the challenge had be high quality.  

“In deciding on a topic of interest to base the challenge on, I envisioned doing a comic book heroes theme.  After several varying iterations, the theme that was ultimately chosen was none other than the World’s Greatest Detective himself—Batman,” said Kulikowski.

The story of this Batman challenge was created around a whimsical plot of a supervillain seeking to torment the world by permanently reducing Internet speeds to 1990’s dial-up speeds (40 kbps!). A group of approximately 100 hackers had to solve the challenge and save an alternate Earth’s Internet from being permanently slowed!

A total of ten problems were designed for this challenge; each problem employed an encryption cipher or subtly hidden information in plain sight that the player could turn to Google and search for information and websites to help solve the flag to move on to the next question.  In person hints from Kulikowski, the challenge author, were also offered as an alternative for solving the problem.

“Nearly everyone at the event was playing the online challenge I had created—it was an exhilarating feeling to see it in execution,” said Kulikowski.  “I was happily surprised at how positive everyone was reacting to the story and each challenge.  One of my favorite remarks I received about one question in the challenge was that it ‘was evil, just pure evil and a cruel thing to do, but brilliant’.” 

When the challenge closed, 31 registered teams and individuals made it through the entire challenge; those who didn’t make it to the end were close to finishing (two or three questions from completion).   “I had a great time while building this challenge but even more so when interacting with all the people at HackFest.  While I might have designed the content of the challenge, I could not have the success without my amazing Counter Hack teammates, Tom Hessman and Daniel Pendolino, and encouragement from Mr. Ed Skoudis,” said Kulikowski.

EWI, a program sponsored by SAF/AQH and managed by the Air Force Institute of Technology, is a highly selective, competitive non-degree educational assignment within an industry related to the fellow’s career field. 

The program is designed to develop qualities and abilities in selected officers and civilians necessary for effective management, professional, and technical leadership; and to provide an understanding of organizational structure, management methods, and technologies of modern industry.  By studying the best practices of industry, students are able to bring new knowledge, understanding, and empathy back into the Air Force to improve its processes.  In turn, the company benefits by receiving the fellow’s experience and perspective.