GOVERNOR'S HIGH SCHOOL

CYBER CHALLENGE

THE WINNER OF THE 2019 GOVERNOR’S HIGH SCHOOL CYBER CHALLENGE

OKEMOS HIGH SCHOOL – CYBERCHIEFS A

ROUND 2 TOP 3 TEAMS

1st Place: Okemos High School – Cyberchiefs A
2nd Place: Canton High School – Bright Pigs
3rd Place: Newaygo County Career Tech Center – NCCTC01

ROUND 1 TOP 10 TEAMS

Ann Arbor High School – Huron Hackers
Ann Arbor High School – River Rats
Canton High School – Bright Pigs
Cass Technical High School – Tech Support
Kalamazoo Area Math & Science Center – KAMSC12RCAKAP
Marquette Alger RESA – MATMC CYBER-UP-STARS
Newaygo County Career Tech Center – NCCTC01
Okemos High School – Cyberchiefs A
Okemos High School – Cyberchiefs B
Westwood High School – Patriots 1

GOVERNOR'S HIGH SCHOOL CYBER CHALLENGE

Teams comprised of up to three high school students are invited to participate in a round of challenges designed to test their knowledge of cybersecurity, computer science and information technology.

The only requirements are an interest in cybersecurity and a familiarity with computers. This is a great cybersecurity learning opportunity for all high school students in Michigan.

All schools in Michigan are invited to participate and the challenge is entirely FREE!

WHY PARTICIPATE?

By the year 2020 there will be an estimated 3.5 million unfilled cybersecurity jobs in the US. According to National Initiative for Cybersecurity Education (NICE), one of the main reasons students don’t pursue cybersecurity as a career field is simply a lack of exposure. The GHSCC aims to expose students to cybersecurity at no cost to the students or schools.

Round 2 participants will be given access to a number of free pre-certification training courses over a variety of cyber security and networking topics. Upon successful completion of free resources administrators can contact Merit to enroll in a complimentary cyber security boot camp and examination.

HSCC OVERVIEW

Read the Rules

Only teachers, coaches or chaperones may register teams for the GHSCC.
Teams will be composed of 1-3 students and one adult coach.
Schools and coaches are encouraged to have multiple teams, however each student may only participate on a single cyber challenge team.
Substitutions of players is acceptable. If team count is changed you must notify [email protected].
Round 1 is held entirely online and will be scored by staff of the Michigan Cyber Range.
Round 1 and Round 2 are timed challenges.
In the event of a tie during Round 1, completion times will be considered and reviewed by the Michigan Cyber Range.
In the event of a tie during Round 2, team strategy will be measured by the Michigan Cyber Range to determine the winner.

Collaboration between teams is strictly prohibited. We want to ensure that all participants have an equal opportunity to advance to Round 2, and as such, any activity found to be against the rules or sense of fair play is grounds for disqualification at the sole discretion of Merit Network.

READ ABOUT LAST YEAR’S COMPETITION

ROUND DESCRIPTIONS

Round 0: Unscored Study Materials & No Registration Required

Merit will provide an online practice resource. This online resource can be utilized by parents, instructors and administrators as cybersecurity warm-ups, supplements to curriculum, and more. Round 0 is an unscored challenge.

Round 0 study resources are available throughout the entire competition. You may come back and review these materials at any time.

Round 1: Registration Required

Round 1 will be held entirely online! The challenges will be released daily starting Monday, September 30th, and ends Thursday, October 3rd. The top 10 qualifying teams will be announced Friday, October 4th. Students have between 9:00am-6:00pm ET each day to answer the set of multiple choice questions. The daily challenges will focus on networks, programming, operating systems and hacking. Round 1 is a timed open style challenge in which students are encouraged to scour the internet to solve the challenges. The top ten teams will be selected to advance to Round 2.

Round 2: Invitation Only. Top 10 Teams From Round 1

Round 2 is an exercise in gamified learning. Should any qualifying team be unable to afford travel or accommodations, stipends will be provided. An adult chaperone must accompany the team at all times. During Round 2, teams will compete in a virtual Capture the Flag exercise designed to test their skills with an intensive, scored series of cybersecurity-focused challenges taking place in the virtual city of Alphaville. In this round, the students will be able to interact with each other and compare progress with one another on a public scoreboard.

Round 2 will take place at the TCF Center on Monday, October 28, 2019.

ROUND 0 STUDY UP!

No registration required. Round 0 consists of reviewing study materials in preparation for the Round 0 Challenges.

Resources to Prepare You for the Round 1 Challenges

Programming (Python, powershell, bash)

Networking (DHCP service, tracert, nslookup, route, firewall)
- Network Commands for Windows and Linux

Basic Linux Commands (passwd, systemctl, tar, gzip, rm, scp)
- Linux Command Reference Sheet
- Linux Commands

Windows Admin (Net command)
- Net command cheat sheet

Linux 101/102
- Linux Fundamentals, Part 1
- Linux Networking Commands

Database admin

Recon (Whois)
- What Is A Whois Lookup
- Whois.net

Resources to Prepare You for the Capture the Flag Competition

Find PII (Library, SQL Database vulnerabilities, SSH, Service Discovery)

School (OpenSSL, Encryption, Windows Exploitation, Reverse Engineering)

Deface the Website (Cityhall, PHP, SSH Brute Force)

Are you SCADA the dark (SSH, Python)
- Scanning for Live Hosts with Nmap
- Port Scanning and OS Detection with Nmap

Zenda (Incident Response & Forensics, Malware, Windows)
- Linux Strings Command Tutorial
- Introduction to Network Forensics

Linux 101/102
- Linux Fundamentals, Part 1
- Linux Networking Commands

Python 101
- Python for fun and profit (Chapters 1 – 10)

Reconnaissance 101
- Working with Bind (DNS)
- Using Open Source Reconnaissance Tools for Business Partner Vulnerability Assessment

Powershell 101/102
- PowerShell Scripting for Beginners
- Powershell Commands to use in Managing Active Directory

Networking 101

Cryptography 101
- Stanford University’s Cryptography Course
- Stanford University’s Cryptography Course 2

Binary Forensics 101
- Linux Strings Command Tutorial
- Reverse Engineering
- Using the NSA’s Ghidra for Reverse Engineering
- See Networking 101

ROUND 1 SCENARIO

Your second year of college is over and you’re about to start your first summer internship as the IT administrator for a small non-profit, Tirem. You constitute the entire IT staff for this company. You’ve been given responsibility for a Linux web server, a Windows 2016 server, and various laptops throughout the office.

Throughout the summer your job will progress through various stages. Your first stage will be to figure out where everything is. Next, you’ll need to fix all the things which are broken or have been left over from the previous IT employee. Finally, after cleaning up the big messes, you’ll be able to concentrate on improving the services and responding to normal service tickets. As part of your job you are expected to access any references you can in order to solve your problems, and your solutions should focus on automation instead of manual repetitive tasks.

ROUND 2 CAPTURE THE FLAG

Capture the Flag is a learning tool designed to take the stress out of the daunting task of learning cyber security concepts and turning it into a fun, self-paced game. CTF is a means to assess and gain individual skills across a broad range of systems and challenges. Participants traverse through challenges in the game environment using penetration testing and forensic skills to find flags and earn points. Each challenge track is built around a specific security skillset, such as website vulnerability exploitation, SQL injection, and cracking weak passwords.