OSU Professor Plays Key Role On Winning Team at DEF CON 2018

An Oregon State University professor played a key role in the team that won big at the 26th annual DEF CON 2018 conference, one of the world’s largest hacking conventions. The DEFKOR00t team that included Dr. Yeong Jin Jang of Oregon State University’s School of Electrical Engineering and Computer Science competed against 24 other teams to win the prestigious Black Badge, known to attendees as the Uber Badge, in the cybersecurity competition. Jang managed the network security and attack/defense system for the winning team.

The annual DEF CON conference began in 1993 and typically hosts over 20,000 computer experts and hackers from around the world to compete in a variety of competitions. The event, dubbed as the world’s best known “hacker convention” by InfoSec, is highlighted by the Capture the Flag (CTF) competition. CTF pits teams against each other to remove and fix vulnerabilities in a given system to defeat other teams’ attacks and read the flags by hacking. At the same time, teams are required to fix vulnerabilities to defend and protect their system from flag stealing. The CTF competition is a simulated cyber warfare, although the system configurations and exploited vulnerabilities use real-world settings. For example, most of systems in this year’s CTF final were running Ubuntu Linux 18.04 LTS on an AMD 64 architecture and exploited common vulnerabilities, such as buffer overflow, type confusion, logic bugs, etc.

The coveted Black Badge.

“Our team’s strength came from building tools that support an attack-and-defense team,” said Jang, assistant professor of Computer Science at Oregon State University and author of several security papers presented at prestigious academic conferences including ACM CCS, USENIX Security, and Black Hat USA.

“As a cybersecurity researcher and professor, learning about hacking skills is helpful for conducting research. The CTF competition provided some great opportunities to learn new techniques as we detected and observed how others were attacking our system. Fixing vulnerabilities to defend from attacks is hard,” he added.

In related news, a team comprised of researchers from Oregon State (including Jang) and Georgia Tech was awarded the prestigious Distinguished Paper Award for the paper “Qsym: A practical concolic execution engine tailored for hybrid fuzzing” at the 27th annual USENIX Security Symposium. The symposium, which recently took place in Baltimore, is widely considered to be one of the top academic security conferences. In the paper, the team identified three major performance bottlenecks in current concolic executors that are used for hybrid fuzzing and tailoring QSym to break them each by each to pull out the maximum performance for the slow symbolic part.

Jang’s computer science career is highlighted by extensive experience in CTF competitions. When he was a Ph.D. student at Georgia Tech, his team placed third and the skills he learned through the CTF competition such as reverse engineering, program analysis, exploit development and hardening programs helped him finish his doctorate.

“We are very proud of Yeong Jin’s accomplishments at the recent DEF CON CTF and congratulate him on his Distinguished Paper Award from USENIX Security. There are not many people who embody both this level of practical security skills and knowledge, and research scholarship. The level of skills and knowledge that he maintains to compete and win the DEF CON CTF are incredible and an invaluable asset for our education and research efforts here at OSU and Oregon in general,” said Rakesh Bobba Assistant Professor in Electrical & Computer Engineering at Oregon State University and Oregon Cybersecurity Advisory Council education chairperson.

“His success and scholarship is the latest example in the growing excellence of the cybersecurity program here at OSU, and exemplifies the university’s long heritage of excellence in engineering.”