The Collegiate Penetration Competition (CPTC) is a red-team competition set for college students to experience real-world scenarios in the cybersecurity world. The competition as a whole focuses on mimicking the activities performed during a real-world penetration testing engagement conducted by companies, professional services firms, and internal security departments worldwide.

The competition is split into regional rounds to determine the schools that advance to nationals. During the regional round, each team has eight hours to run a penetration test on windows and Linux machines to find and exploit any vulnerabilities they have. We split the machines up between the team members and each of us got one windows and one Linux machine. This was the first time I had done anything with Linux, I was typically a Windows person. I was able to learn a lot from the other members on my team. The first and most important thing I learned with linux was how to run a nmap scan to get any information about each IP address I could. Through the eight hours of competition, I learned a lot about red teaming and how linux is much easier to use than Windows once you know what you are doing.

Once the eight hours are up, the teams write a report about their findings, how to fix them, and how severe they are. The biggest contribution I had to the report was the topology diagrams of the two networks we were using. In the past, they just had bulleted lists of the machine, its IP address, what it’s function was, and the operating system that it used. I took this information and made it into a very readable diagram that was very helpful in our presentation.

UWF finished second in the region, qualifying us for the wildcard round and, eventually, the international round. This competition was a great experience because it gave me insight into the attacking side of cybersecurity, one I had not yet experienced.