Turning up with your laptop for a day of pen testing may not seem like everyone’s idea of a good time.
Sure – it may not be quite as thrilling as jumping into the UFC ring with Connor McGregor. But when you’re up for a serious adrenaline rush – joining a Hackathon comes a close second.
Hackathons are a great way to learn new skills. More importantly, they are a great way to network with people. You spend almost an entire day in the same room with loads of developers, cybersecurity and IT professionals. So, it’s the perfect opportunity to introduce yourself and let others see what you can do.
You never know – you may end up meeting a great contact and landing an awesome job.
The concept of a Hackathon is pretty straight forward. Teams of up to four people need to identify vulnerabilities in a dummy site. Some of the vulnerabilities are easy to find, some are more complex. You earn points for each vulnerability found, with the more complex vulnerabilities earning more points. Whichever team earns the most points in the allotted time wins.
When Shearwater ran its annual Hackathon in 2018, Macquarie University student, James Goddard was close to completing his Bachelor of IT, Cyber Security. Together with three mates, Joseph Hardman, Ethan Hillas and Paul Hossack from the Optus Macquarie University Cybersecurity Hub, they formed a team called ‘ComeExploitMe’.
After 8 hours uncovering vulnerabilities, the team scored an impressive 3rd place – Not bad for a group of students up against seasoned pros!
We sat down with James to discuss his experience participating in the Shearwater Hackathon, how it helped him develop new skills and the benefits of Hackathons to his career.
Team ComeExploitMe, AKA James Goddard, Joseph Hardman, Ethan Hillas & Paul Hossack take 3rd place.
Q & A
Thanks for chatting with us James. What motivated you to participate in the 2018 Shearwater Hackathon?
Shearwater is a prominent, recognised leader in cyber security. Their annual Hackathon has developed a strong reputation. Macquarie University regularly sponsors groups of students to participate, so I was glad when the opportunity arose for me to join.
What aspects of the Shearwater Hackathon did you enjoy?
As a purely web-based Hackathon, I really liked the fact that when we identified a vulnerability, the flags/points were automatically awarded to our team. In other Hackathons, this doesn’t happen automatically, you need to submit a hash manually to earn your points and capture a flag.
The other unique aspect I really liked about the Shearwater CMD + CTRL Hackathon was the presentation before the challenge started outlining the variety of exploits we would be seeing.
It was also good to have coordinators available at the event to troubleshoot problems with the exploits or help point participants in the right direction.
There was a heavy focus on learning outcomes.
What level of experience did you have at the time with penetration testing?
I did not have a lot of previous experience apart from a class at uni. I had been testing myself on the ‘HackTheBox’ platform. I had also been using ‘VulnHub’ boxes to further develop my skills. The only other Hackathon I had participated in was CySCA 2018.
How complex did you find the challenges?
Most of the challenges were moderately complicated. Sometimes we were able to use the same tactics to exploit multiple vulnerabilities within the challenge.
Were the challenges appropriate for your level of experience? Would you have preferred the challenges to be more difficult or easier?
Overall, I think the challenges were appropriate for someone with my skill level and they ramped up in difficulty as you progressed through the challenge.
Even though some of the same vulnerabilities could be found multiple times in the challenge, it was a valuable experience to get into the real-world mindset of “okay this exploit works here, now where else will it work?”
Was the time allocated for the challenges appropriate?
Yes, the timing was good. The pressure was there to make you work hard.
How were the networking opportunities?
Pretty good. If you have prior knowledge and skills that you demonstrate during the Hackathon, other attendees will recognise that. I was able to connect with other participants who will be good contacts throughout my career.
Did you learn new skills? If so, was it as a result of your own efforts or through collaboration? How have you benefitted from these new skills?
Yes – I did learn new skills, both from my own efforts and through collaboration. I learnt a lot through researching potential vulnerabilities and gained more in-depth understanding about common problems. Collaborating with teammates allows you to target separate points of the website and achieve more in a shorter period of time.
I’ve also had the opportunity to us these new skills in my studies.
Has participating in the Hackathon added value to your CV?
Yes – I include my participation in the Shearwater Hackathon on my CV. It shows that I take initiative to develop practical pen testing skills. The fact I was part of the team that ranked 3rd in a well-known Hackathon demonstrates to prospective employers that I have core competencies.
What would you say to other cyber security students considering participating in a Shearwater Hackathon?
Hackathons are a great way to network and learn in a team. It is extremely satisfying working in a team to achieve a certain goal.
The 2019 Shearwater Hackathon takes place on 15 November across Sydney, Melbourne, Brisbane and Canberra. You can also join remotely from any other location Australia-wide.
SPECIAL STUDENT RATE: $49.00 to take advantage of