This past week I participated in the virtual US Cyber Challenge (USCC). The USCC is a week long invitation-only accelerated training camp for top scorers in a competitive cyber security related challenge. The camp was divided up into a different class each day from 9AM-6PM. The topics for the classes were Program Analysis for Cyber Security, Large-Scale Digital Forensics, Web Application Ethical Hacking, and Memory Forensics. More information on these classes can be found below. I had an absolutely great time. I am so thankful to be apart of such an event, even if the learning style was like, “drinking out of a fire hose”. The best part of the camp is that I could learn from some of the best minds in the industry. The worst part of the camp is that I had limited interactions with the other members. There was so much talent at the camp, and I feel like I couldn’t network with the others.
Day 1: Program Analysis for Cyber Security
Instructor: Ben Holland
Topics: Principles of Programs and Compilers, Exploit Development
Fundamentals of Program Analysis, Bug Hunting, Antivirus Evasion
My Thoughts: I’m always blown away by the insecurities of software programs, and how bad actors can easily exploit these insecurities. Having a strong understanding of how underlying computer concepts work is critical to writing good code and finding flaws in the code.
Day 2: Large-Scale Forensic Analysis with SOF-ELK® and the Elastic Stack
Instructor: Phil Hagen
Topic: Large-Scale Forensic Analysis
My Thoughts: SOF-ELK® is a open-source platform for digesting large amounts of system/event data. The Elastic Stack is a popular platform for big data and analysis. An issue is that Elastic Stack is not easy to work with right away, so SOF-ELK® overcomes that problem by being configured to use right away. The instructor, Phil Hagen, is the creator of SOF-ELK®. I loved this class because it gave me so many ideas for my home lab project.
Day 3: WebApp Ethical Hacking
Instructor: Doug Logan
Topics: Web Architecture, Injection Attacks, Authentication/Authorization/Sessions
My Thoughts: This class was my favorite because I already have a strong interest in this area of cyber security. I think the material was really well presented, and there was plenty of time for labs to get hands on experience. This course (as did all of them) came with Virtual Machines so I can practice later at home.
Day 4: Memory Forensics
Instructor: Alissa Torres
Topics: Data collection, memory management, hunting for malicious code execution, Defense Evasion Detection
My Thoughts: This was an awesome class, and I need to take it again. I really enjoyed learning about memory forensics, but I don’t have a strong background in computer memory so I felt like I was at a loss. I want to go through my notes and class materials so I can wrap my head around some of these concepts. After, I would like to take this class again so I can appreciate it better.