Save the Date - It’s GAME ON for the 22-23 August 2018
HOW TO PREPARE - CySCA 2017 In-a-box is now available along with write-ups for CySCA2017
CySCA 2018
Next year’s national undergrad cyber security competition will take place on 22 and 23 August. Now’s the time to start putting together your teams. CySCA is your opportunity to compete against your peers across the country for some amazing prizes AND potentially get your name in front of some of Australia’s biggest and most respected Cyber Security employers.
Registration information will be posted here in the near future so stay tuned.
HOW TO PREPARE
CySCA 2017 In-a-box is now available along with write-ups so check out:
Also Check out previous Challenges below and start practicing. If you don’t have a team ready see your course coordinator about any cyber security clubs or organisations you can join in your area. Otherwise why not start your own club or team? The more the merrier!
The Challenge
What is CySCA?
CySCA is a ‘hacking’ competition run by an alliance of Australian Government, business and academic professionals who are committed to finding the next generation of Australian cyber security talent – including you!
Starting in 2012, CySCA will show you what it’s like to work in cyber security and will get your name in front of some of Australia’s most dynamic employers.
CySCA is Australia’s only national cyber security competition. It runs over 24-hours and will test both your technical skills and communication know-how. It’s not easy, but it’s heaps of fun, and the opportunities you get from participating are fantastic.
Think you’re up for the Challenge?
Rules and eligibility
Rules and eligibility
CySCA is open to full-time Australian university undergraduates and undergraduate-equivalent TAFE students based in Australia. Each team may contain up to four students.
All teams must be registered by a university/TAFE staff/faculty academic representative.
Individual applications will not be considered.
Registration does not guarantee entry into the event.
You will not be able to participate in the Cyber Security Challenge:
if you do not consent to CySCA organisers using or disclosing your information for any of the purposes identified in the Privacy Statement which can be found here or as a pdf here
unless the personal information required for registration is given.
Full Terms and conditions can be found here or as a pdf here
Resources
Results, Solution guides, prize information and more...
2017 Cyber Challenge
Results, Prizes, In-A-Box, & Solution
2015 Cyber Challenge
Results, Prizes, & Solution
2014 Cyber Challenge
Results, In-A-Box, Solution, & Roadshow
2013 Cyber Challenge
Results & Solution
Our Sponsors
Without these kind organisations the next generation will never be discovered...
The Cyber Security Challenge Australia is coordinated by the Department of the Prime Minister and Cabinet (the Department). The Department only uses personal information collected for the purposes for which it was given to it
The Department’s privacy policy contains information about how an individual may access the personal information about the individual that is held and seek correction of such information. The privacy policy also contains information about how an individual may complain about a breach of the policy and how the Department will manage that complaint. The policy is available online at this address: www.dpmc.gov.au/pmc/accountability-and-reporting/pmc-privacy-practices/privacy-policy
Personal information is collected from you by the Department for the purpose of organising and managing the Cyber Security Challenge Australia and your involvement in it.
The information you provide and images taken of you during the competition may also be used for possible recruitment and publicity purposes.
As part of the above purposes, the Department may disclose some or all of the information and imagery you provide to:
The Department of Defence and its portfolio agencies, the Attorney-General’s Department and its portfolio agencies, the Department of Finance and its portfolio agencies, Cisco Systems Australia and New Zealand, the Commonwealth Bank of Australia, Facebook, HackLabs, Microsoft Australia, PwC and Telstra.
When an individual’s email address is received by the Department because they have sent us a message, the email address will only be used or disclosed for the purposes outlined above and it will not be added to a mailing list or used or disclosed for any other purpose without the individual’s consent.
You will not be able to participate in the Cyber Security Challenge Australia 2015:
if you do not consent to the Department using or disclosing your information for any of the above purposes;
unless the personal information required for registration is given.
Publication
The information you provide may also be used in Cyber Security Challenge Australia promotional material, media coverage and posted online. This use may include, but is not limited to, publishing the personal information and image of the competition winners and runners up. If your personal information is published on the internet, the Department has no control over its subsequent use and disclosure.
Security
The Department takes steps to ensure that the personal information we collect is accurate, up to date and complete. These steps include maintaining and updating personal information when we are advised by individuals that their personal information has changed, and at other times as necessary.
The Department also takes steps to protect the personal information we hold against loss, unauthorised access, use, modification or disclosure and against other misuse. These steps include limiting access to electronic files, securing paper files in locked cabinets and physical access restrictions.
This site does not provide facilities for the secure transmission of information across the internet. Users should be aware that there are inherent risks in transmitting information across the internet.
Access and correction
The Department of the Prime Minister and Cabinet can be contacted on (02) 6271 5111. Alternatively, you may email Cyber Security Challenge team using this address:
cyberchallenge@homeaffairs.gov.au .
If an individual requests access to the personal information the Department holds about them, or requests that we change that personal information, we will allow access or make the changes unless we consider that there is a sound reason under the Privacy Act, Freedom of Information Act 1982 (Cth) (FOI Act) or other relevant law to withhold the information. If the Department does not agree to provide access to personal information, the individual may seek a review of our decision or may appeal our decision under the FOI Act. If we do not agree to make requested changes to personal information the individual may make a statement about the requested changes and we will attach this to the record. Individuals can obtain further information about how to request access or changes to the information we hold about them by contacting us.
Under the Freedom of Information Act 1982 , members of the public can seek access to documents and files held by the department.
Applications must be in writing. FOI requests should be sent to:
The Freedom of Information Contact Officer
Department of the Prime Minister and Cabinet
PO Box 6500
CANBERRA ACT 2600
Australia
The Freedom of Information Act 1982 provides that charges may be imposed for processing requests. Requests must provide enough information about the documents sought to enable the department to identify them.
The FOI Coordinator can be contacted on (02) 6271 5849 to discuss any prospective request. More detailed information about freedom of information can be found at the Office of the Australian Information Commissioner website.
Disclaimer
This website is presented by the Australian Government and hosted by Telstra for the purpose of disseminating information free of charge for the benefit of the public.
The Government monitors the quality of the information available on this website. However, the Government does not guarantee, and accepts no legal liability whatsoever arising from or connected to, the accuracy, reliability, currency or completeness of any material contained on this website or on any linked site.
The Government recommends that users exercise their own skill and care with respect to their use of this website and that users carefully evaluate the accuracy, currency, completeness and relevance of the material on the website for their purposes.
This website is not a substitute for independent professional advice and users should obtain any appropriate professional advice relevant to their particular circumstances.
The material on this website may include the views or recommendations of third parties, which do not necessarily reflect the views of the Government, or indicate its commitment to a particular course of action.
Links to external websites
This website may contain links to other websites that are external to the site. This site takes reasonable care in linking websites but has no direct control over the content of the linked sites, or the changes that may occur to the content on those sites. It is the responsibility of the user to make their own decisions about the accuracy, currency, reliability and correctness of information contained in linked external websites.
Links to external websites do not constitute an endorsement or a recommendation of any material on those sites or of any third party products or services offered by, from or through those sites. Users of links provided by this website are responsible for being aware of which organisation is hosting the website they visit.
Security of the site
This site applies a range of security controls to protect its website from unauthorised access. However, users should be aware that the internet is an insecure public network that gives rise to a potential risk that a user's transactions are being viewed, intercepted or modified by third parties or that files which the user downloads may contain computer viruses, disabling codes, worms or other devices or defects.
The Government accepts no liability for any interference with or damage to a user's computer system, software or data occurring in connection with or relating to this website or its use. Users are encouraged to take appropriate and adequate precautions to ensure that whatever is selected from this site is free of viruses or other contamination that may interfere with or damage the user's computer system, software or data.
How to contact the Department of the Prime Minister and Cabinet
Individuals can obtain further information in relation to this privacy policy, or provide any comments, by contacting the Department. Should you wish to make a complaint about the way the Department handles your personal information, you may do so by contacting the Privacy Officer through one of the means set out below.
If you feel that we are not handling your complaint satisfactorily, you can take the complaint to the Privacy Commissioner. There is information about how to do this on the 'Making a privacy complaint' page on the website of the Office of the Australian Information Commissioner.
Privacy Officer Department of the Prime Minister and Cabinet
1 National Circuit
BARTON ACT 2600
Email: PrivacyPolicy@pmc.gov.au Fax: (02) 6271 5662
Cyber Security Challenge - 2013
Results and Solutions
Winners of the 2013 Australian Cyber Challenge
University of New South Wales (UNSW1) - 94 Points
University of New South Wales (UNSW2) - 68 Points
University of New South Wales (UNSW3) - 66 Points
University of Sydney (US3) - 64 Points
The Australian National University (ANU2) - 44 Points
Flinders (FL1) - 43 Points
The Australian National University (ANU1) - 42 Points
Swinburne University of Technology (SUT2) - 34 Points
Edith Cowan University (ECU3) - 34 Points
University of Adelaide (UOA1) - 34 Points
Solutions Write-up
Challenge Control have put together a write-up document of their solutions for the challenge. You can download it here: CySCA2013 Solutions Write-up .
Cyber Security Challenge - 2014
Results
Winners of the 2014 Australian Cyber Challenge
University of New South Wales (UNSW1) - 6060 Points
University of New South Wales (UNSW2) - 5730 Points
University of New South Wales (UNSW3) - 5160 Points
University of Sydney (US3) - 5060 Points
University of New South Wales (UNSW4) - 4440 Points
Monash University (MU1) - 3530 Points
Flinders University (FLI1) - 3320 Points
Australian National University (ANU1) - 3050 Points
Edith Cowan University (ECU2) - 2730 Points
Murdoch University (MUR1) - 2490 Points
Solutions
Challenge Control have put together a number of write-up documents of their solutions for the challenge. You can download them below:
CySCA2014-in-a-Box is a Virtual Machine that contains most of the challenges faced by players during the 2014 Cyber Security Challenge. It allows players to complete challenges in their own time, to learn and develop their cyber security skills. The VM includes a static version of the scoring panel with all challenges, required files and flags.
To use CySCA2014 in a box virtual machines, players will need to have either Oracle VirtualBox or VMWare Player installed on their machines. Additionally we recommend players have at least 4GB of RAM. If you have less RAM, you can reduce the amount of RAM available to the VM down to 512MB, however it may adversely affect the speed of some of the challenges.
CAUTION: The VM contains software that is deliberately vulnerable. We advise that you do not attach it to a critical network. Consider using your virtualization software's host‐only network functionality.
Getting Started
Extract files from CySCA2014InABox.7z
Navigate to the folder containing the extracted files
Confirm that the checksums for the files match those in checksums.txt
If you are using VirtualBox double-click the CySCA2014InABox.vbox file. When you start the VM, you may be prompted that a "Centrino Advanced" adapter is not found. If this happens, click Change Network Settings and select the adapter that you would like the VM to bridge to.
‐‐ Or ‐‐
If you are using VMWare Player double-click the CySCA2014InABox.vmx file. When you start the VM, you may be asked if the VM has been moved or copied. Select copied.
If DHCP is available on the network adapter you have selected the VM will request an IP address and you will be prompted with the allocated IP. If no IP is specified you will need to set one before connecting. See instructions below.
Use your browser to connect to https://<VMip>/.
Setting a Static IP
Login to the VM using the Username:user and the Password:CYSCA2014user.
Use sudo and your favorite editor (vim and nano are installed) to edit /etc/network/interfaces to set a static IP.
Reboot the VM for your static IP to take effect. Then follow step 6 in Getting Started.
Some of the solutions and challenges from CySCA 2015 are available on our Cysca2015 Repo.
Prizes
In 2015, our sponsors really outdone themselves. These prizes are The. Business. We have some awesome opportunities and gear on offer, across a range of categories. Keep watching space for more – we’re not done yet…
First placed team1
4x Flights, accommodation and entry to DEFCON 2016 courtesy of HackLabs
4x Flights, accommodation and entry to Ruxcon 2015 courtesy of PwC
4x Flights, accommodation and entry to Kiwicon 2015 courtesy of Commonwealth Bank
4x Samsung Gear VR powered by Oculus courtesy of Facebook
4x Samsung Galaxy S6 phones courtesy of Telstra (to work with your new Oculus gear)
Second placed team1
4x Flights, accommodation and entry to Ruxcon 2015 courtesy of PwC
4x Flights, accommodation and entry to Kiwicon 2015 courtesy of Commonwealth Bank
4x Meraki MX64 with associated three-year cloud management licences courtesy of Cisco
4x Choice of either a mobile phone or tablet courtesy of Telstra
Third placed team1
4x Flights, accommodation and entry to Ruxcon 2015 courtesy of PwC
4x Flights, accommodation and entry to Kiwicon 2015 courtesy of Commonwealth Bank
4x Choice of either a mobile phone or tablet courtesy of Telstra
Best communicators2
4x Tickets to Cisco Live 2016, courtesy of Cisco Systems
First team to complete all of the Forensic tasks3
4x Meraki Z1 with associated three-year cloud management licences courtesy of Cisco Systems
First team to complete all of the Penetration testing tasks4
4 x Apple iPad Mini 3 courtesy of Telstra
‘Lucky door’ prizes - random draw by Cyber Security Challenge Australia Organisers on 1 October 20155
4x Facebook ‘swag bags’ with Facebook, Instagram and Oculus merchandise.
4x Apple iPad Mini 3 courtesy of Telstra
AusGov ‘Women in Cyber’
All women who participate in the Cyber Security Challenge Australia 2015 will be offered a mentoring opportunity with cyber security experts in the Australian Government. Courtesy of the Department of the Prime Minister and Cabinet, this opportunity will involve:
Flights to Canberra
Meet and greets with a number of influential women who work in cyber security roles for the Australian Government
Careers advice from Government experts
A years’ worth of career mentoring from women in government and CySCA sponsors [TBC]
Dinner with the mentors and other Australian Government cyber security professionals
A tour of the Australian Cyber Security Centre at the Ben Chifley Building
A visit to the National Security College at the Australian National University
A visit to Parliament House
1 It is the sole responsibility of each competitor to ensure eligibility and availability for travel, and arrange for any necessary travel permits and visas.
2Awarded to the team with the highest average score on written responses. Minimum of two open questions need to be submitted. If there is a tie, the team with the best flag justification of the tied teams, as decided by Cyber Security Challenge Australia organisers will be the winner. Not available to teams who place First, Second or Third when scores are finalised.
3With complete justifications and written responses. Not available to teams who place First, Second or Third when scores are finalised.
4With complete justifications and written responses. Not available to teams who place First, Second or Third when scores are finalised.
5 Not available to teams who place First, Second or Third, or win another category when scores are finalised.
Cyber Security Challenge - 2017
Results
Winners of the 2017 Australian Cyber Challenge
University of NSW (UNSW1) - 4002 points
Monash University Team 1 (MONU1) - 2938 points
Edith Cowan University (ECU1) - 2772 points
Australian National University (ANU1) - 2726 points
Monash University (MONU3) - 1986 points
University of New South Wales (UNSW2) - 1935 points
University of New South Wales (UNSW3) - 1773 points
Royal Melbourne Institute of Technology (RMIT2) - 1605 points
Monash University (MONU2) - 1596 points
Macquarie University (MQU3) - 1549 points
Highest Scoring Team of First Year Students
Griffith University (GRIU1)
Random Challenge - First to Complete the Boss of the SOC - Website Defacement– Informant
Queensland University of Technology (QUT1)
Most Innovative Response - IoT ESP8266 Explain this! – Take a Peak
Murdoch University (MUR1)
Corporate Penetration Testing Challenge
Australian National University (ANU1)
Random Prize Draw - Solo Solvers – Detect and Defend
University of Sydney (UOS2)
First to Capture Most Difficult Exploitation Challenge - MOVpwn
CySCA2017-in-a-Box is a Virtual Machine that contains most of the challenges faced by players during the 2017 Cyber Security Challenge. It allows players to complete challenges in their own time, to learn and develop their cyber security skills. The VM includes a static version of the scoring panel with all challenges, required files and flags.
