A team of Stanford students took the top prize at a recent international cybersecurity hacking competition.
For the third year in a row, the Stanford Applied Cyber team placed first at the Collegiate Penetrating Testing Competition.
The Stanford Applied Cyber team beat out nine college hacking teams from around the world at the Collegiate Penetrating Testing Competition at the Rochester Institute of Technology. At the annual event – now in its fifth year – students showcase their technical skills and gain professional experience in the practice of testing a computer system, network or web application to identify security vulnerabilities.
The Stanford Applied Cyber team includes computer science majors Anna Zeng and Jack Cable; Michaela Murray, who is double majoring in computer science and math; Pierce Lowary, who created his own track consisting of computer science, cybersecurity and policy; and physics PhD student Will DeRocco. The students were coached by Alex Keller, the senior systems security engineer at the Stanford School of Engineering.
During the three-day competition, each college team was tasked with identifying weaknesses in a simulated corporate environment without impacting the operations of business activities. For one challenge, students had to break into the networks of DinoBank, a fake financial services and cryptocurrency company, with event organizers serving as company employees. An ability to hack into accounts without passwords was among the vulnerabilities identified by students. Students also investigated web and software weaknesses, including ones found in the Windows operating system.
The Stanford team distinguished itself by uncovering two previously unknown software vulnerabilities. One was a weakness known as a SQL injection that allowed attackers to access and read private databases. The other was a vulnerability in which attackers could add themselves as an administrator to online group spaces. The Stanford team reported these weaknesses and repaired them within 24 hours. Their success earned them the winning trophy for the third year in a row, while a team from the Rochester Institute of Technology came in second and a team from California State Polytechnic University in Pomona placed third.
Stanford Applied Cyber is a student-organization focused on teaching students practical skills, such as analyzing, exploiting and defending computer systems.