CSC News

March 18, 2004

Reflections from Capture the Flag participant

Chris Bookholt, senior, computer science, offers his reflections on his involvement as a member of NC State's team in the national Capture the Flag competition held December 2003.

Q: Why did you participate?

A. I joined the CTF team because it gave me a chance to get hands-on experience in a setting that's nearly impossible to legally reproduce. The fact that I got to learn from a 'really' experienced sysadmin (Elliot Peele, a fellow CTF member) made the experience particularly valuable for me.

At first we decided that we'd call the CTF game "Operation Not Last" (credit to John Lamb for the creative name). By the time D-day rolled around we accepted that we were going to get last place. But that was OK because we knew we were going to learn a lot no matter how we placed.

I think it will be a long time before I forget the the look of amazement on everyone's faces when we shot into first place right off the bat. We all knew we had a long way to go before we could claim victory, but it made us realize that we weren't out of contention. In the end we slipped down to fourth place as some of the more experienced teams started their offense. However, after expecting last place we were all extremely excited (and surprised) that we placed as well as we did.

Q: What did you gain from the experience?

A: After first agreeing to join the team everyone had to wrap their minds around the problems at hand. We had to plan what needed to be done to prepare and then execute that plan. The whole process changed my frame of mind from a passive sit-back-and-listen-to-lectures mode to an active "let's figure out how we can build a secure system that confuses the heck out of our opponents" mode. It definitely put me on track for a research-oriented future.

Aside from the technical knowledge gained, I am now part of a small group on campus that is known for their computer security experience. Not more than two weeks after the competition the CTF mailing list received a request for testers. "Calling all hackers" the message read. The message was from Jim Yuill, a PhD candidate here at NC State. He wanted hackers to break into his system so he could test his defenses for his research. I took Jim's offer, which in turn gave me even more technical experience. Now I can use that to bolster my repertoire when I teach my security lab.

Q:What was the most fun about the experience?

A: What was most fun? Tough question, it was all so much fun - even the setup of the equipment. If I had to pick what was the most fun, I'd say it was listening to the other schools joke around before and during the competition in an IRC chat room. It reinforced the light-hearted, but intellectual atmosphere where it was OK to make mistakes, but you felt rewarded for doing well.

Q:Please provide a little little background about yourself.

A: I am a senior in Computer Science enrolled in the Accelerated Bachelors/Masters (ABM) program here at NCSU. As teaching assistant for Julie Starr since August, I help design and teach a hands-on security lab for a small group of undergraduate students. I will further pursue my interests in information security in graduate school in the fall of 2004. After school I hope to work for the Department of Homeland Security in a cyber-defense capacity.

Before CTF D-day, my job was to bring NCSU's team onto the communication network between all the participating schools. During the CTF competition, my job was to help Elliot defend our network.

- rzewnicki -

Return To News Homepage