Capture the Flag
夺旗
The flagship event of CSAW, CTF, organized by students of the NYU Tandon OSIRIS Lab, gathered finalists who bested 559 teams from around the world to face off at six international CSAW hubs. The notoriously difficult final round demanded a profound understanding of the roles and ramifications of cybersecurity and covered pwning, reverse engineering, web, cryptography, and forensics.
CSAW的旗舰活动CTF由纽约大学坦顿奥西里斯实验室的学生组织,聚集了决赛选手,他们击败了来自世界各地的559支球队,在六个国际CSAW中心展开对决。众所周知,这一艰难的最后一轮谈判要求对网络安全的作用和影响有深刻的理解,涉及到pwning、逆向工程、web、密码学和法医学。
Winners of the US-Canada CTF finals at NYU Tandon were:
纽约大学坦顿分校美加CTF决赛的获胜者是:
First place: team perfect blue, a multi-school team whose members from the University of Waterloo, Purdue University, Drexel University, and the Georgia Institute of Technology met as high school contestants at the CSAW finals two years ago. The team also won the CSAW Security Quiz Bowl and placed second in a side competition called Pwny Racing. Second place: team Sice Squad, comprising competitors from the University of Pittsburgh, Carnegie Mellon University, the Massachusetts Institute of Technology, and the University of Maryland. It took third place in Pwny Racing. Third place: team PPP, from Carnegie Mellon University, which also placed second in the CSAW Security Quiz Bowl.
第一名:完美蓝队(team perfect blue),这是一支由滑铁卢大学(University of Waterloo)、普渡大学(Purdue University)、德雷塞尔大学(Drexel University)和佐治亚理工学院(Georgia Institute of Technology)组成的多校参赛队,两年前在CSAW决赛中作为高中选手相遇。该队还赢得了CSAW安全竞赛碗,并在一个叫做Pwny赛车的边赛中排名第二。第二名:Sice团队,由匹兹堡大学、卡内基梅隆大学、麻省理工学院和马里兰大学的竞争对手组成。它在普尼赛车赛中获得第三名。第三名:来自卡内基梅隆大学的PPP团队,该团队在CSAW安全测试碗中排名第二。
Pwny Racing was designed and hosted by CSAW contributing sponsor Vector35. It was high drama as teams competed in a single-elimination bracket event with each pair of contestants racing to solve a custom challenge. Students competing as team Kernel Sanders from the University of Florida began as the lowest seeded team, then worked their way from the lowest bracket to victory. A video of the final round can be viewed at www.youtube.com/watch?v=lYLbwayCzps&t=31574s.
Pwny Racing由CSAW赞助商Vector35设计和主办。这是一个高度戏剧化的团队在一个单一的淘汰赛阶段的比赛,每对参赛者比赛,以解决一个自定义的挑战。来自佛罗里达大学的学生们以核心桑德斯队的身份参加比赛,开始时是最低种子队,然后从最低级别的队伍走向胜利。最后一轮的视频可以在www.youtube.com/watch上观看?v=lYLbwayCzps&t=31574s。
Another side contest came from Red Balloon Security, which filled a real ATM with $2 bills for its jackpotting challenge, in which CSAW participants attempted to hack the machine (without damaging it) to make it dispense nearly $2,000. Red Balloon uses just such tests to evaluate job applicants.
另一个侧面的竞赛来自红气球安全局,它在一个真正的自动取款机上装满了2美元的钞票,以应对它的jackpotting挑战,在这个挑战中,CSAW的参与者试图破解这台机器(而不损坏它),使它能分发近2000美元。红气球就是用这样的测试来评估求职者。
Red Team Competition
红队比赛
In keeping with tradition for this high school competition, the challenge imitated real security exercises, this time requiring teams to conduct penetration testing of a fictional city and all its services to discover criminal activities.
按照这项高中竞赛的传统,挑战赛模仿了真实的安全演习,这次要求参赛队对一个虚构的城市及其所有服务进行渗透测试,以发现犯罪活动。
First place: team b1c, Montgomery Blair High School, Silver Spring, Maryland Second place: team let down, West Windsor-Plainsboro High School, North Plainsboro, New Jersey Third place: team bluepwn, Bellevue, Washington
第一名:马里兰州银泉蒙哥马利布莱尔高中b1c队第二名:新泽西州北普兰斯伯勒温莎普兰斯伯勒高中bluepwn队第三名:华盛顿贝尔维尤bluepwn队
This year’s version of the oldest and largest hardware hacking competition in the world, now in its 12th year, centered on the ubiquitous radio frequency identification (RFID) readers. Designed by students and their mentors at the University of Delaware, it employed reverse engineering tools developed by the U.S. National Security Agency (NSA).
今年是世界上历史最悠久、规模最大的硬件黑客竞赛,已进入第12个年头,其核心是无处不在的射频识别(RFID)阅读器。它由特拉华大学的学生和他们的导师设计,采用了美国国家安全局(NSA)开发的逆向工程工具。
First place: team Shellphish, the University of California Santa Barbara Second place: team pwndevils, Arizona State University Third place: team Kernel Sanders, the University of Florida Honorable Mention: team Insecurity, the University of Florida
第一名:Shellphish队,加州大学圣巴巴拉分校第二名:pwndevils队,亚利桑那州立大学第三名:Kernel Sanders队,佛罗里达大学荣誉奖:团队不安全感,佛罗里达大学
杜克塞防御胜利者CSAW Hack ML Hack ML
The new Hack ML (machine learning) competition, the first of its kind, challenged contestants to fortify notoriously fragile deep learning–based artificial intelligence. In preliminary rounds, teams from all over the world were invited to submit compromised neural network models. The competition leaders anonymized, and then redistributed them so that competitors could devise techniques for reverse-engineering and healing the compromised models. The best attackers and defenders proceeded to the finals to demonstrate their novel tactics during the final round. One element of the challenge — developing new strong backdoor attacks on facial recognition models — required teams to train the neural networks to misidentify human faces when a physical prop — a “trigger” — was held near them during staged photoshoots at CSAW at NYU Tandon.
新的Hack-ML(机器学习)竞赛是同类竞赛中的第一次,它要求参赛者加强以脆弱的深度学习为基础的人工智能。在预赛中,来自世界各地的团队被邀请提交受损的神经网络模型。竞争领导 者匿名,然后重新分配,这样竞争对手就可以设计出逆向工程和修复受损模型的技术。在最后一轮比赛中,最好的进攻和防守队员进入了决赛,展示了他们新颖的战术。这项挑战的一个要素是——开发新的强有力的面部识别模型后门攻击——要求团队训练神经网络在纽约大学坦顿分校CSAW的阶段性照片拍摄期间,当一个物理道具(一个“触发器”)被放在他们附近时,错误识别人脸。
Top Defense Team Award: team DukeCEI, Duke University Top Attack Team Award: team SiceML, the University of Pittsburgh, Georgia Institute of Technology, Carnegie Mellon University, and Pennsylvania State University
顶 级国防团队奖:杜克塞团队、杜克大学顶 级攻击团队奖:西塞姆团队、匹兹堡大学、乔治亚理工学院、卡内基梅隆大学和宾夕法尼亚州立大学
In an event focused on anti-counterfeiting methods in 3D printing, competitors were first tested in reverse engineering a 3D CAD model, then, during the final round, teams tried to print 3D parts embedded with anti-counterfeiting features.
在一项以3D打印防伪方法为重点的活动中,竞争对手首先在3D CAD模型的逆向工程中进行了测试,然后在最后一轮中,团队尝试打印嵌入防伪功能的3D零件。
First place: team SNEKSAD, NYU Abu Dhabi Second place: team pwndevils, Arizona State University Third place: team AGGIES, Texas A&M University
第一名:纽约大学阿布扎比分校斯内克萨德队第二名:亚利桑那州立大学普温德维尔斯队第三名:德克萨斯农工大学阿吉斯队
SneksAD在Hack3D逻辑锁定征服中排名第一
In this new contest, students were challenged to solve the problem of securing chips during the manufacturing process, a fast-moving area of research. Often before sending their chip designs to a foundry, designers “lock” their designs, a process involving modifying the original digital circuit in such a way that the correct functionality can be unlocked only with a specific key, or a correct sequence of keys. Doing so prevents potential bad actors in the supply chain (including the foundry) from changing the design by inserting back doors that could allow future attacks or stealing intellectual property. During the preliminary round, teams worked on a locked-chip design devised by students and mentors at NYU Abu Dhabi and the University of Florida to either find the key or devise a new one in order to protect the circuitry. The best solutions advanced to the finals, where seven teams competed in Brooklyn and two more from India, who competed remotely.
在这项新的竞赛中,学生们被要求解决制造过程中芯片的安全问题,这是一个快速发展的研究领域。通常在将芯片设计发送到铸造厂之前,设计者会“锁定”他们的设计,这是一个涉及修改原始数字电路的过程,这样只有使用特定的密钥或正确的密钥序列才能解锁正确的功能。这样做可以防止供应链(包括铸造厂)中潜在的不良行为者通过插入后门来改变设计,从而允许未来的攻击或窃取知识产权。在预赛中,各小组研究了由纽约大学阿布扎比分校和佛罗里达大学的学生和导师设计的锁定芯片设计,以找到钥匙或设计一个新的,以保护电路。最好的解决方案进入决赛,七支球队在布鲁克林比赛,另外两支来自印度的球队进行远程比赛。
First place: team CMU, Carnegie Mellon University Second place: team NuLogiCS, Northwestern University Third place: team IO, the University of California San Diego
第一名:卡内基梅隆大学CMU队第二名:西北大学NuLogiCS队第三名:加州大学圣地亚哥分校IO队
This competition — at NYU Tandon and the Indian Institute of Technology, Kanpur, India (IIT Kanpur) — attracts students who are interested in the nexus of law, policy, and emerging security issues. The competition challenges interdisciplinary teams to develop proposals for impactful cybersecurity public policy. The number of teams more than doubled since last year, attracting proposals from a dozen universities. Winners at the NYU Tandon finals were Wesleyan University, which won first place, and two different teams from the United States Naval Academy, taking second and third place.
这项比赛-在纽约大学坦顿分校和印度坎普尔理工学院(IIT坎普尔),印度-吸引学生谁感兴趣的关系,法律,政策和新出现的安全问题。这项竞赛要求跨学科团队为有效的网络安全公共政策制定建议。自去年以来,参赛队伍增加了一倍多,吸引了十几所大学的参赛者。纽约大学坦顿分校决赛的获胜者是卫斯理大学(Wesleyan University),卫斯理大学获得第一名,美国海军学院的两支不同的队伍获得第二和第三名。
This competition, held at NYU Tandon, Grenoble-INP Esisar, IIT Kanpur, NYU Abu Dhabi, and Ben-Gurion University, accepts only peer-reviewed security papers that have already been published by scholarly journals and conferences. One of the student authors of each paper presented in a poster format to the judges.
这项竞赛在纽约大学坦顿分校、格勒诺布尔大学埃西萨尔分校、印度工业技术学院坎普尔分校、纽约大学阿布扎比分校和本古里安大学举行,只接受学术期刊和会议已经发表的同行评议的安全论文。每篇论文的学生作者之一以海报的形式呈现给评委。
First place: Emma Dauterman of Stanford University presented for authors of “True2F: Backdoor-resistant authentication tokens” Second place: Hadi Abdullah presented for the University of Florida authors of “Practical Hidden Voice Attacks against Speech and Speaker Recognition Systems” Third place: Xianghang Mi of Indiana University Bloomington presented for the authors of “Dangerous Skills: Understanding and Mitigating Security Risks of Voice-Controlled Third-Party Functions on Virtual Personal Assistant Systems”
第一名:斯坦福大学Emma Dauterman为“True2F:后门抗认证令牌”的作者颁奖第二名:哈迪阿卜杜拉为佛罗里达大学“针对语音和说话人识别系统的实际隐藏语音攻击”的作者颁奖第三名:印第安纳大学的香航米布卢明顿为“危险技能:理解和减轻虚拟个人助理系统上语音控制的第三方功能的安全风险”一书的作者介绍
Thirty teams competed during CSAW finals at NYU Tandon in the fast-paced game show sponsored by IBM. Students were quizzed on hardware, malware, software tools, reverse engineering, languages, culture, forensics, file systems, protocols, software, and more.
在IBM赞助的快节奏游戏展上,30支球队参加了纽约大学坦顿分校的CSAW决赛。学生们被问及硬件、恶意软件、软件工具、逆向工程、语言、文化、取证、文件系统、协议、软件等等。
First place: team perfect blue, a mixed team from the University of Waterloo, Purdue University, Drexel University, and the Georgia Institute of Technology Second place: team PPP, Carnegie Mellon University Third place: team G8rs, University of Florida
第一名:完美蓝队,滑铁卢大学、普渡大学、德雷塞尔大学和乔治亚理工学院的混合队第二名:PPP队,卡内基梅隆大学第三名:G8rs队,佛罗里达大学
Closing keynote speakers from DTCC outlined the massive business impact of security in the financial services industry. Sandeep Singh, DTCC executive director-digital marketplace and API strategy, and Christopher Walsh, DTCC executive director of risk analytics, announced a year-long contest on AI security in a microservices application for CSAW 2020, with details to be released in early 2020.
DTCC的闭幕主旨演讲人概述了金融服务业安全的巨大业务影响。DTCC数字市场和API战略执行董事Sandep Singh和DTCC风险分析执行董事Christopher Walsh宣布,将在CSAW 2020微服务应用程序中举行为期一年的人工智能安全竞赛,详情将于2020年初公布。
The CSAW games, founded in 2003 as a small contest by and for NYU Tandon students, have grown to become the most comprehensive set of challenges by and for students around the globe. NYU students continue to design the contests under the mentorship of information security professionals and faculty. The OSIRIS Lab, home to weekly student-led Hack Night training and student research, leads the Red Team and CTF challenges.
CSAW运动会成立于2003年,是纽约大学坦顿分校学生的一个小型比赛,现已成为全球学生面临的最全面的挑战。纽约大学的学生继续在信息安全专业人员和教师的指导下设计竞赛。奥西里斯实验室是每周由学生领导的黑客夜间训练和学生研究的基地,负责领导红队和CTF挑战赛。
More than 250 students from across Europe, India, Israel, Mexico, and North Africa scored wins to take them to academic hubs to compete in CSAW finals at the same time that NYU Tandon was hosting the best students from Canada and the United States. The 2019 CSAW finals were held November 6–8 at:
来自欧洲、印度、以色列、墨西哥和北非的250多名学生获得了胜利,把他们带到学术中心去参加CSAW决赛,与此同时,纽约大学TANDON主办了来自加拿大和美国的最好的学生。2019年CSAW总决赛于11月6日至8日在:
NYU Tandon in Downtown Brooklyn, New York IIT Kanpur Grenoble-INP Esisar in Valence, France Ben-Gurion University of the Negev and the University of Haifa in Israel (with IBM Research-Haifa and the IBM Cyber Security Center of Excellence) Universidad Iberoamericana (Ibero) in Mexico City NYU Abu Dhabi in the United Arab Emirates
纽约布鲁克林市中心的NY-TANDN,纽约IITKANPUR格勒诺布尔InP EISSAR,海法法国本杰明大学和以色列以色列大学(IBM研究海法和IBM网络安全中心卓越)伊比利亚美洲大学(伊比利亚)在阿拉伯联合酋长国墨西哥城NYU阿布扎比
The full list of international winners and information will be posted at csaw.engineering.nyu.edu.
国际获奖者的完整名单和信息将张贴在csaw.engineering.nyu.edu。
如需进一步了解,或有任何相关疑问,欢迎在线咨询留学专家。如果您对自己是否适合留学还有疑虑,欢迎参与前途出国免费评估,以便给您进行准确定位。
官方小程序
官方公众号
官方微博
百家号
在线时间:7*24小时
