Dave Kukfa Security bub

CPTC 2015

Last weekend, I had the opportunity to represent RIT at the first ever Collegiate Penetration Testing Competition (CPTC). The CPTC is designed to emulate a realistic pentesting engagement for a (fictitious) government technology services firm. Before the start of the competition, the company issued a Request for Proposal (RFP) which teams responded to by creating proposals that address the scope of the engagement and outline their testing methodology. On the first day, each team had a meeting with the company’s management to review the team’s proposal and the scope and limitations of the penetration test. Afterwards, teams began their testing of the company’s infrastructure – complete with external and internal networks, AD domains, databases, and web applications – and worked on their reports and presentations (through the night for many of us). The next morning, teams presented their findings and recommendations to the company executives and answered any questions about the engagement.

RIT had the honor of placing 2nd out of 9 teams this year. We were also featured in an RIT News article! A huge thanks goes to the system administrators – both staff and students – who were in charge of managing the infrastructure during the pressure of the competition. We all had an amazing time competing, and look forward to next year’s event.