Cyber Defense Competition @CANSec 2015

The 2015 Invitational CANSec Cyber Defense Competition will be hosted at the 8th Central Area Networking and Security Workshop on October 24, 2015.

The goal of the competition is to provide students with a platform to apply theoretical knowledge into practice, and to obtain hands-on cyber security experiences. It is a one-day competition, in which student teams will be asked to oversee a small corporate network, to manage all critical services, and to defend against external attacks. Scoring will be primarily based on the availability of the services, and how the attacks and injects are handled.

The 2015 CANSec Cyber Defense Competition is only open to student teams and faculty coaches. A $30 registration fee for each team member will be collected at the competition. The registration fee will be used to cover lunch/drink/snacks and other expenses. We strongly recommend that each team pay the registration fee in one check.

We also welcome faculty members who are interested in coaching in future competitions to join the white team as observers. Please send email to so that we can prepare a badge for you.

Competition Result

  • 1st place: Kansas State University
  • 2nd place: University of Memphis
  • 3rd place: Fontbonne University and University of Arkansas at Little Rock
  • 4th place: University of Kansas
  • 5th place: Arkansas State University
  • 6th place: University of Missouri – Kansas City

Competition Registration

Please download the registration form and submit to by Oct 17, 2015


Each team will be responsible for a variety of tasks before, during, and after the competition. The following is a noninclusive list of key tasks that each team must perform:

  • Blue Team
    • Manage services (provided as a set of virtual machines)
    • Report intrusions
    • Complete challenges that are issued throughout the competition, called injects
    • Maintain physical security in their designated areas
  • White Team
    • Enforce rules
    • Setup and maintain competition infrastructure (virtual machines, networking, etc.)
    • Support blue and red teams with connectivity and usability issues
    • Issue and score injects
  • Red Team
    • Enumerate and exploit vulnerabilities in Blue Team services for the purpose of disrupting normal operation
    • Perform social engineering attacks against Blue Teams to gain credentials or access

Team Composition

  • Each team may have no more than 8 student members and at least one faculty coach
  • Team members must be currently enrolled in a university that is attending CANSec
  • Once the competition has begun, no more members may be added to the team
  • Each team will designate a team captain
    • The captain will be the point of contact for the competition staff before and after the competition
    • In the event of the team captain’s absence, teams must designate an alternate captain

Competition Schedule (10/24)

  • 8:00 AM – 8:30 AM  Check-in
  • 8:30 AM – 9:00 AM  White team briefing and setup
  • 9:00 AM – 10:10 AM Keynote session
  • 10:10 AM – 4:00 PM  Competition
  • 4:30 PM  Closing remarks (result announcement)

Competition Conduct

  • White team
    • White team members will remain neutral
    • White team will only assist with the following (this list is noninclusive):
      • Competition Infrastructure
      • Access to competition infrastructure from client machines
  • Blue teams
    • Blue teams must allow the White Team access to competition resources upon request
    • Blue teams must compete without “outside assistance” from nonteam members
    • Members may conduct penetration tests (such as port or vulnerability scans) against onlytheir own resources. No such activity is permitted against other Blue Teams, the Red Team or competition infrastructure
    • The team’s captain will be responsible for contesting any potential rule violations
  • Red teams may not perform the following attacks:
    • Volumetric denial of service attacks (flooding, etc.)
    • Attacks against competition infrastructure (scoring engine, OpenStack, networking resources, etc.)
    • Port scans, exploits, etc. against personal machines (unattended machines are fair game for access by the red team)

Internet Usage

  • Blue Team members can user their own computers in the competition. However, Blue Team members may not leverage any paid resources. All resources must be accessible and free to all blue teams. Examples include paid commercial software, hired assistance, paid rulesets, etc. Evaluation versions of commercial software are allowed.
  • Blue Team members may not leverage outside assistance. Shared storage (such as FTP or Google Drive) and instant messaging (IRC, HipChat, Skype, etc.) are permitted, but only with fellow team members.
  • All network activity that takes place on the competition network may be logged and subject to release. Competition officials and the Competition Hosts are not responsible for the security of any information, including but not limited to:
    • login credentials
    • emails or other communications
    • personal data (SSN, credit card information, etc)

    which competitors place on the competition network.

Professional Conduct

  • All participants, including competitors, coaches, White Team, and Red Team members are expected to behave professionally at all times during the entire event.
  • Participants are expected to follow the rules set forth by the facility that is hosting the competition.
  • Competitors behaving in an unprofessional manner may receive a warning from the White Team for their first offense. For egregious actions or for subsequent violations following a warning, competitors may have a penalty assessed against their team, be disqualified, and/or expelled from the competition site. White Team may also consider a ban from future competitions on a casebycase basis.
  • Spectators must also obey professional conduct rules. Individuals that violate these rules may be asked to leave by the White Team if violations continue.


Team score is based on the following factors: service uptime and Injects.

  • Service Uptime
    • Uptime is tracked by a scoring engine that performs checks every minute during the attack phase of the competition.
    • For each minutes a service is up it earns 1 point.
  • Injects
    • Injects are challenges given to the team throughout the competition.
    • Each inject will have a time limit for completion. Upon completion, injects will be submitted to the White Team for scoring. Each inject is completely optional.

Score posting: A preliminary score will be posted at the end of the day of the competition. Final scores will be posted one week after the end of the competition to allow for teams to file any discrepancies.

Grievances: Grievances during the competition will be posted through the ticketing system and will be dealt with in the order they are received. Scoring grievances should be filed within 3 days from the end of the competition, and will be resolved within the next 4 days.


  • Do I need to assemble my own team?Yes, you are expected to form the team of up to 8 students and at least 1 faculty coach. If you want to attend the competition but have difficulty in finding enough members, please contact the organizing committee at for help.
  • Is there a fee to attend the competition?Yes, a registration fee of $30 ($60 if attending the welcome dinner on 10/23) is required for each team member.
  • Do I need to register for the main workshop to attend the competition?No.

Competition Organizers

  • Infrastructure: University of Arkansas at Little Rock
  • Local Arrangement: University of Arkansas at Little Rock
  • Red Team Engagement: University of Arkansas at Little Rock
  • Scenario/Rule Design: University of Arkansas at Little Rock