Virta Labs Blog


EMU CTF and the Power of Thinking Outside the Box

Posted by Ben Ransford on Mar 8, 2017 1:00:00 PM
Find me on:

We've written before about our sharp and industrious intern Jessica Wilson, who hacks medical devices to learn then better and who has contributed to many parts of BlueFlow, most recently our Active Directory integration.

As a student at Eastern Michigan University, Jessica is deeply involved in Capture the Flag (CTF) competitions held around the country.  Her enthusiasm for CTF is infectious -- so much so that she convinced us to set up some infrastructure for her team using AWS.  We proudly support EMU's CTF team.  Our mission to fix healthcare cybersecurity depends on good tools, of course, but even more important than tools are the people who wield them.  CTF events are a crucial part of the "supply chain" for information security workers.  What could make security more exciting than actually breaking (or defending) a working system under time pressure?  Like on TV!

That's why we were super excited to hear about Jessica's team's success at this month's Information Security Talent Search hosted at RIT.  Even more impressive than their incredibly tight runner-up result was the creativity they showed during the competition.  Their ingenuity included but was not limited to:

  • Keeping close tabs on the scoring mechanisms beginning long before the competition;
  • Turning off networking to work stealthily when they didn't absolutely need connectivity;
  • Relying on scripting & automation to save valuable competition time; and
  • Our favorite: social-engineering the "red" team to reveal clues that would have been very difficult to find out otherwise.  Again: security is made of people, so people should be considered part of the attack surface.

Read the team's blog post for more fascinating details.  Go team!

Here's your action item for today: Hug the nearest CTF participant and remind them that great careers in healthcare security await them.  The future is bright!

Topics: RECRUITING, Healthcare Cybersecurity, Penetration Testing