Page 1


A Legacy of Success Since 2003, CSAW has grown from a small local cyber security competition to a worldwide phenomenon, attracting some of the best cyber security talent from around the globe, as well as an impressive list of corporate partners and industry experts. This year more than 10,000 students from high school to Ph.D. –level registered to compete in one of seven CSAW IX challenges. NYU-Poly is proud to host the largest student cyber security competition in the U.S. with the best and brightest competing and innovating in the field of cyber security. CSAW educates and motivates the next generation of cyber security experts who will lead our nation in the design and management of secure information systems. Hands-on challenges are created and managed by NYU-Poly graduate and undergraduate students in consultation with NYU-Poly faculty and industry leaders. Designed to raise awareness, provide skill-building opportunities, and inspire students, CSAW aims to build a pipeline of talent for advanced study and careers in this area of critical national need. NYU-Poly—an institution whose rallying points are invention, innovation and entrepreneurship (i2e) —is the perfect battleground for emerging leaders in cyber security. NYU-Poly’s Information Systems and Security Laboratory (ISIS Lab) is designated as a Center of Excellence in Information Assurance Research and Education by the National Security Agency and is funded by the National Science Foundation. NYU-Poly’s ISIS Lab, renowned in the cyber security community, is ready to provide the tools and challenges needed to equip and inspire the greatest hackers of tomorrow, who one day may be hacking for you!

Want to get serious about cyber security?


PROGRAM Thursday, November 15th, 2012 Mobile Security Conference 8:30a.m. - 5:00p.m. Pfizer Auditorium, Dibner Building Thursday, November 15th through Saturday, November 17th, 2012 CSAW Competition and Conference Thursday, 5:30p.m. - 8:30p.m. - Reception and Keynote Friday, 8:00a.m. - 10:00p.m. - Finalists competitions Saturday, 9:00a.m. - 1:30p.m. - Capture the Flag finals, Workshop and Award Ceremony CSAW Capture the Flag Challenge begins th 9:30p.m. Thursday, November 15 through Saturday, November 17 , 10:15a.m. ends Gymnasium, Jacobs Academic Building Kaspersky Lab North American Round Thursday, 4:30p.m. - 6:00p.m. - Reception, Marriott Hotel (333 Adams Street) 6:00p.m. - 8:00p.m. - CSAW Reception, Marriott Hotel, Kaspersky attendees invited Friday, 9:00a.m. - 5:00p.m. - Pfizer Auditorium, Dibner Building Saturday, 9:00a.m. - 11:30p.m. - Pfizer Auditorium, Dibner Building Friday, November 16th, 2012 CSAW - Cyber Security Career Fair 10:00a.m. - 4:00p.m. Regna Lounge, Rogers Hall

 Please see each day’s agenda for details on the room locations for all events.

 Poly WiFi Network for visitors is CSAW The Password is: CSAW@NYU2012


Day’s Agenda Thursday, November 15, 2012

MOBILE SECURITY CONFERENCE 8:30a.m. Check-In Pfizer Auditorium, Dibner Building Continental Breakfast Pfizer Lobby, Dibner Building 9:00a.m. Opening of Conference Pfizer Auditorium, Dibner Building Emcee: Dan Guido, CEO, Trail of Bits Welcome Remarks: Nasir Memon, Professor, Computer Science and Engineering Keynote: Exploiting Attacker Economics Dan Guido, CEO, Trail of Bits 10:00a.m. Title: iOS Jailbreak Analysis Speaker: Dino Dai Zovi, CTO, Trail of Bits 11:00a.m. Title: Mobile Exploit Intelligence Project Speaker: Mike Arpaia, iSEC Partners 12:00p.m. Lunch List of local restaurants available at check-in table Pfizer Auditorium, Dibner Building 1:00p.m. Title: Probing Mobile Operator Networks Speaker: Collin Mulliner, Systems Security Lab, Northeastern University 2:00p.m. Title: Blackberry Pwn2Own Analysis Speaker: Vincenzo Iozzo, Director, Trail of Bits and Willem Pinckaers, Senior Security Consultant, Matasano 3:00p.m. Title: Analysis of the Google Native Client Sandbox Speaker: Chris Rohlf, Principal, Leaf SR 4:00p.m. Title: Mobile Vulnerability Assessment: There's an App for That Speaker: Jon Oberheide, CTO, DUO Security 5:00p.m. Adjournment


Day’s Agenda Thursday, November 15, 2012

CSAW - COMPETITION & CONFERENCE 5:30p.m. Check-In Pfizer Auditorium, Dibner Building 6:00p.m. Opening of CSAW Emcee: Bill Hery, Research Professor, Computer Science and Engineering Welcome Remarks: Nasir Memon, Professor, Computer Science and Engineering Katepalli R.Sreenivasan, Interim President and Provost, Polytechnic Institute of NYU Keynote Speaker: Daniel Earl Geer Jr., Chief Security Officer, IN-Q-TEL 7:00p.m. - 8:00p.m.

Reception Marriott Hotel - Grand Ballroom Salon E Hot hor d’oeuvres and cash bar (enter through Jay Street - back entrance)

8:10- 9:00p.m. Hacker Party Rapper - Dr. Raid - Two time Pwnie winner D.J. - Zach Lanier, Pile of Kittens Gymnasium, Jacobs Academic Building 9:30p.m. Capture The Flag Competition begins Gymnasium, Jacobs Academic Building Midnight Pizza Capture The Flag Finalists Gymnasium, Jacobs Academic Building


Day’s Agenda Friday, November 16, 2012 CSAW COMPETITION KASPERSKY COMPETITION AND CONFERENCE 7:00a.m. Breakfast All Finalist and Mentors Regna Lounge, Rogers Hall Continues from Thursday Capture The Flag Gymnasium, Jacobs Academic Building 7:30a.m. Judges, Mentors and VIPs Breakfast Rogers Hall 116 - VIP Lounge 8:30a.m. Welcome Remarks Katepalli R.Sreenivasan, Interim President and Provost, Polytechnic Institute of NYU Rogers Hall 116 8:00a.m. CSAW High School Forensic Challenge set-up Gymnasium, Jacobs Academic Building 9:00a.m. - 3:45p.m. CSAW High School Forensic Challenge begins Gymnasium, Jacobs Academic Building - 9:30a.m. - 11:00a.m. - 20 minutes Interviews with observing teams in the VIP Lounge, RH 116 9:00a.m. - 6:00p.m. Kaspersky competition and conference begins Pfizer Auditorium, Dibner Building (all Kaspersky activities on Friday take place in Pfizer Auditorium) - 9:00a.m. - Emcee: - Natalya Obelets, Deputy Head of Department of Education Programs, Kaspersky Lab - Welcome Remarks: - Katepalli R.Sreenivasan, Polytechnic Institute of NYU Interim President and Provost - Address: - Eugene Kaspersky, CEO, Kaspersky Lab - Welcome Remarks: - Steven Orenberg, President GD North America, Kaspersky Lab - Introduction to conference: - Natalya Obelets, Deputy Head of Department of Education Programs, Kaspersky Lab


- 9:30a.m. - Speaker: Roel Schouwenberg, Senior Security Researcher, Kaspersky Lab - 10:00a.m. - 4:00p.m. - Finalists present their work - 4:00p.m. - 6:00p.m. - 4:00p.m. - Q & A with Eugene Kaspersky, Moderator Ryan Naraine, Head of Expert Positioning, Kaspersky - 5:15p.m. - Closing Remarks and Awards Presentation, Ryan Naraine and Natalya Obelets 10:15a.m. - 1:00p.m. AT&T Applied Security Research Paper competition Gymnasium, Jacobs Academic Building 10:15a.m. - 1:00p.m. Embedded Systems Challenge Gymnasium, Jacobs Academic Building 10:00a.m. - 4:00p.m. Career Fair Regna Lounge, Rogers Hall 12:00p.m. - 2:00p.m. Participants Lunch Regna Lounge, Rogers Hall To insure an orderly lunch we ask the finalist to try to take their lunch breaks at the following time. 11:00a.m. Kaspersky Lab North American Round 12:00p.m. High School Forensics 1:00p.m. AT&T Paper, and Embedded Systems 1:00p.m. Capture The Flag

12:30p.m. - 2:30p.m. Sponsors and Judges Lunch Rogers Hall 116, VIP Lounge 1:00p.m. High School Mentors and Educators Debriefing with Nasir Memon and Joy Colelli nd Wunsch Building, 2 fl. 2:00p.m. DHS Quiz - Preliminary Rounds 2:00p.m. Embedded Systems Challenge finalist - LC 400, Dibner Building AT&T Applied Security Research Paper - LC 400, Dibner Building 2:45p.m. Open Round - LC 400, Dibner Building 3:45p.m. High School Forensic concludes Finalist and observing teams attend the 4:15p.m. Q & A with Eugene Kaspersky at Pfizer Auditorium, Dibner Building 5:15p.m. High School Forensic finalists, observing teams and Mentors Debriefing with Nasir Memon and Joy Colelli nd Wunsch Building, 2 fl. 6:00p.m. - 7:00p.m. Buffet dinner for participants Regna Lounge, Rogers Hall


7:30p.m. - 9:30p.m. New York City bus tour Meet outside on Jay Street (in front of the main lobby, Jacobs Academic Building) Midnight Pizza Capture The Flag Finalists Gymnasium, Jacobs Academic Building


Day’s Agenda Saturday, November 17, 2012

7:30a.m. - 10:00a.m. Capture The Flag continues Gymnasium, Jacobs Academic Building 7:30a.m. Breakfast Regna Lounge, Rogers Hall 8:15a.m. DHS Quiz Preliminary Round 8:15a.m. High School Forensics, LC 400, Dibner Building 9:00a.m. Kaspersky Lab Finalists, LC 400, Dibner Building 10:15a.m. Capture The Flag, LC 400, Dibner Building 9:00a.m. - 12:15p.m. CSAW Workshops, Video Show, Final Quiz Tournament Pfizer Auditorium, Dibner Building 9:00a.m. -10:00a.m. Title: An Introduction to Industrial Control Systems Cyber Security Speaker: Neil F. Hershfield, Deputy Director, Control Systems and Security Program, U.S. 10:00a.m. - 11:00a.m. Panel discussion Title: If a Cybercriminal Is Determined to Hack You, Can You Do Anything About It? Moderator: Ryan Naraine, Head of Expert Positioning, Kaspersky Lab Panel Members:  Kurt Baumgartner, Senior Security Researcher, Americas, Global Research and Analysis Team, Kaspersky  Esmond Kane, Dir. of IT Security for Policy, Risk and Compliance, Harvard University IT  Justin Cappos, Assistant Professor, Computer Science and Engineering, NYU-Poly 11:00a.m. CSAW - Adobe Security Awareness Video Finalist show 11:15a.m. - 12:15p.m. DHS Quiz Finals 12:15p.m.

CSAW and Kaspersky Round Lunch & Award Presentation Regna Lounge, Rogers Hall Emcee: Bill Hery All judges 1:30p.m. Adjournment


CONGRATULATIONS TO ALL OUR FINALISTS Adobe Security Awareness Video - Finalists Havana High School Kate Taylor High Technology High School Austin Eng Matthew Hsu Zachary Liu Illinois Mathematics and Science Academy Ethan Bian Illinois Mathematics and Science Academy Ryan Eberhardt Polytechnic Institute of New York University Congyue Zhang Staten Island Technical High School Dillon Chan Donald Fung Victor Ly University of Nebraska at Omaha Tyler Rosnoke University of Washington Karl Koscher Warren Technical School Devin Housley Austin Pott Warren Technical School Daniel Martinez Xavier College Prep Zoe Berk Kassandra Haro Kate Welt Roxana Wolfson


AT&T Applied Security Research Paper Award- Finalists

Carnegie Mellon University "OTO: Online Trust Oracle for User-Centric Trust Establishment" Tiffany Hyun-Jin Kim Columbia University "kGuard: Lightweight Kernel Protection against Return-to-user Attacks" Vasileios P. Kemerlis Georgia Institute of Technology "VulnerableMe: Measuring Systemic Weaknesses in Mobile Browser Security" Chaitrali Amrutkar North Carolina State University "Dissecting Android Malware: Characterization and Evolution" Yajin Zhou University of California at Berkeley "Iris: A Scalable Cloud File System with Efficient Integrity Checks" Emil Stefanov University of California at Santa Barbara "EVILSEED: A Guided Approach to Finding Malicious Web Pages" Luca Invernizzi University of Texas "The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software" Martin Georgiev University of Texas at Dallas "Binary Stirring: Self-randomizing Instruction Addresses of Legacy x86 Binary Code" Richard Wartell University of Virginia "Quid-Pro-Quo-tocols: Strengthening Semi-Honest Protocols with Dual Execution" Yan Huang University of Washington "User-Driven Access Control: Rethinking Permission Granting in Modern Operating Systems" Franziska Roesner


CAPTURE THE FLAG - Finalists Team and University

Boston University Team: BUILDS Danny Cooper Jeff Crowell George Silvis Allan Wirth Carnegie Mellon University Team: PPP1 John Davis Tyler Nighswander Alex Reece Maxime Serrano Carnegie Mellon University Team: PPP2 Garrett Barboza Ryan Goulden Robbie Harwood George Hotz Ecole de Technologie Superieure Canada Team: CISSP Groupies Francois Chagnon Mathieu Lavoie Marc-Etienne M.Léveillé Benjamin Vanheuverzwijn Georgia Institute of Technology Team: MadHatters Kennon Bittick Robert Grosse Nicholas Johnson Jack Morgan New Mexico Tech Team: Modern Prometheans Christopher Cowan Timothy Swartz William Vu Russell White Northeastern University Team: PTHC Amat Cama Michael Coppola Joseph Kurien


Polytechnic Institute of New York University Team: Brooklynt Overflow Kevin Chung Jeffrey Dileo Evan Jensen David Napolitano Rensselaer Polytechnic Institute Team: RPISEC Jared Candelaria Shawn Denbow Jeremy Pope Wilson Wong United States Air Force Academy Team: Delusions of Grandeur Francis Adkins Joshua Christman Nathaniel Hart Michael Winstead United States Military Academy Team: USMA Benjamin Allison Erik Hunstad William Myers Christian Sharpsten University of Nebraska at Omaha Team: NULLify Michael George Devan Jung George Kreick Jon Von Kampen University of New Hampshire Team: wildhats Bryan Bickford Bence Cserna Robert Kiss Jeffrey Picard University of Texas at Dallas Team: csg Matthew Stephen Scott Hand Isaac Strohl Chris Walz University of Texas at Dallas Team: UTDCSG Kenneth Adam Miller Joshua Hammond Zack Urben Melanie Rich-Wittrig


EMBEDDED SYSTEMS Challenge - Finalists CAPTURE THE CHIP Case Western Reserve University - Nanoscape Team Timothy March Patrick Feeley Tatini Mal-Sarkar Xinmu Wang Esisar - Esis'hack Martin Julien Simon Piroux-Mounier Jeremy Savonet Laura Soundararadjou Sahuc Thibault Grenoble INP, ESISAR - ESISAR Hardware Trojans Finder Elie Riviere Gerson Piraquive Triana Indian Institute of Technology, Kharagpur, India - Dynamite Gaurav Bajaj Amit Kumar Indian Institute of Technology Kharagpur, India - KGPians Himanshu Agrawal Gaurav Kumar Rathi Iowa State University Michael Patterson Joseph Zambreno Polytechnic Institute of New York University - Trojan Hunters Chandrakumar Holenarasipursuresh Vinayaka Jyothi Abhishek Ramdas Aditya Chola Venkatesh UC San Diego Raymond Paseman University of Massachusetts - Amherst Sudarshan Srinivasan University of South Florida - NarMOS Christopher Bell Matthew Lewandowski Richard Meana Vanderbilt University - Commodores Brad T. Kiddey Trey Reece Xiaowen Wang


HIGH SCHOOL CYBER FORENSICS – Finalists Hidden Valley High School, Virginia Team: The Hash-Slinging Hackers Sachith Gullapalli Kevin Silberblatt Baxter Wingfield Mentor: Skip Larrington High Technology High School, New Jersey Team: slezterP Vincent Chen Matthew Hsu Andrew Millman Mentor: Michael Roche High Technology High School, New Jersey Team: SyntaxError Austin Eng Zachary Liu Mentor: Michael Roche Illinois Mathematics and Science Academy, Illinois Team: oAo Ethan Bian Ryan Eberhardt Mentor: Namrata Pandya John P. Stevens High School, New Jersey Team: Cyber Hawks Steven Qiou Kevin Wu Brian Xiao Mentor: Florene Quan Piedmont Hills High School, California Team: ARC Rachel Guan Amy Shu Claire Shu Mentor: Stewart Kuang Poolesville High School, Maryland Team: PHS 2 and a Half Men Pushkar Aggarwal Andre Guzman Krishna Sai Kollipara Mentor: Mark Estep


Red Bank Regional High School, New Jersey Team: Peta Flops Philip Cundari Timothy Mullen Emily Wicki Mentor: Mandy Galante Red Bank Regional High School, New Jersey Team: Significant Bits Alec Jasanovsky Ryan McVeety Michael Terpak Mentor: Mandy Galante The Brooklyn Latin School, New York Team: Wh0 Need5 5l33p 2.0 Nicolas Biondo Swaad Golam Jeryl Raphael Mentor: Roger Richardson


Kaspersky Lab North American Round - Finalists Arizona State University DDN: Dynamic Defense Network System for Cloud Computing Pankaj Kumar Khatkar Case Western Reserve University Secure Bioimplantable System: An External Observer-based Approach Xinmu Wang Columbia University Smashing the Gadgets: Hindering Return-Oriented Programming Using In-Place Code Randomization Vasileios Pappas George Mason University Cross-domain Collaborative Anomaly Detection: So Far Yet So Close Sharath Hiremagalore Polytechnic Institute of New York University Secure Proximity Detection for NFC Devices based on Ambient Sensor Data Tzipora Halevi Polytechnic Institute of New York University A High-Performance, Low-Overhead Microarchitecture for Secure Program Execution Arun Karthik Kanuparthi Polytechnic Institute of New York University AQUA: Android QUery Analyzer Chon Ju Kim Polytechnic Institute of New York University Injection-Safe Web Applications with Complementary Character Coding Raymond Mui Polytechnic Institute of New York University Virtual Secure Network: Providing Security to Remote Users While Minimizing the Performance Hit Sai Teja Peddinti Polytechnic Institute of New York University A Simple and Eective Method for Online Signature VeriďŹ cation Napa Sae-Bae University of California Attacks on Software-based Attestation Quan Thoi Minh Nguyen University of California A DIY Hardware Packet Sniffer Veronica Swanson University of Pittsburgh A Framework for Detection of Identity Clone Attacks in Online Social Networks Hassan Takabi


JUDGES AT&T Applied Security Research Paper Award Mark Althouse Technical Director for Mobility Mission Management, Information Assurance Directorate, NSA. Lloyd Greenwald Chief Scientist, Cybersecurity and Technical Director of the Internet and Cybersecurity Research Department at LGS Innovations / Bell Labs. Mark Herman Booz Allen Hamilton William Horne Research Manager in the Cloud and Security Lab of Hewlett-Packard Laboratories, HP Ajoy Kumar UBS Josephine Micallef Applied Communication Science

Keith O’Brien Cisco Gus de los Reyes Executive Director of Technology Security, AT&T Reiner Sailer Researcher, Manager of the Security Services (GSAL), IBM Cristina Serban Researcher with the Chief Security Office, AT&T. Randy Smith Sandia Mehul Vaidya PwC's Information Security Privacy & Risk Advisory practice and an Adjunct Professor at New York University (Polytechnic Institute) teaching in the Cyber security MS Program, PriceWaterhouse Coopers

Capture The Flag: Application Security Brad Antoniewicz Foundstone's Open Security Research

Theodore Reed Researcher for Sandia National Laboratories

Michael Arpaia Security consultant and researcher, iSEC Partners

Tom Ritter Security Consultant at iSEC Partners

Luis Garcia ISIS alumni

Andrew Ruef Senior Systems Engineer, Trail of Bits

Dan Guido Co-Founder & CEO, Trail of Bits

Alexander Sotirov Co-Founder & Chief Scientist, Trail of Bits

Jeff Jarmoc CTU Researcher, Dell SecureWorks

John Terrill Vice President, BlackRock

Zach Lanier Security Researcher, Veracode

Hudson Thrift Co-Founder & COO, Kaprica Security

Jon Oberheide CTO, Duo Security

Jordan Wiens Raytheon Dino Dai Zovi Co-Founder & CTO, Trail of Bits


Embedded Systems Ben Epstein Senior Advisor to DARPA SaverioFazzari Senior Technical Advisor, DARPA Kevin Gotze Security validation team lead at Intel's Security center of Excellence (SeCoE) Ryan Helinski Member of Technical staff at Sandia National Laboratories in Albuquerque, NM Dr. Michael Isnardi Senior Principal Research Scientist, SRI International Sarnoff

Robinson E. Pino Senior Scientist, ICF International Youngok Pino Computer Scientist, Information Sciences Institute Garrett S. Rose Scientist, Trusted Systems Branch, Air Force Research Lab Kurt Rosenfeld Engineer, Google Inc. Ricky Stern Senior Hardware Engineer, Cubic Defense Applications Chengmo Yang Assistant Professor, University of Delaware

High School Cyber Forensics Brian Andrzejewski Department of Defense Cyber Crime Center (DC3) Michael Geraghty Executive Director, NCMEC

Warren Kruse VP Data Forensics, Altep Keith Lockhart VP Global Training, AccessData Paul Mahon Department of Homeland Security

Kaspersky Program Committee Kurt Baumgartner Malware Expert, Kaspersky Lab Sven Dietrich Assistant Professor, Computer Science, Stevens Institute of Technology Phyllis Frankl Professor of Computer Science and Engineering, NYU-Poly

Esmond Kane Director of IT Security for Policy, Risk and Compliance, Harvard University Information Technology, Harvard University Thomas Quinn Managing Director and Chief Information Security Officer, BNY Mellon Roel Schouwenberg Malware Expert, Kaspersky Lab Paul Wagenseil Senior Editor Security, TechNewsDaily

Adobe Security Awareness Video Mark Althouse Technical Director for Mobility Mission Management, Information Assurance Directorate, NSA

Jenn Lesser Security Operations, Facebook

Brad Arkin Director of Product & Services Security, Adobe

Iain Mulholland Director of Platform Security, VMWare

Doug Cavit Chief Security Strategist, Microsoft

Chris Parkerson, Lead Judge Campaign Strategy Manager, Adobe


Quizmasters Chester J. Maciag Principal Cyber S&T Strategist Information Directorate, Air Force Research Labs William Hugh Murray, CISSP Assoc. Professor, Naval Postgraduate School

Challenge Captains The CSAW cybersecurity competition is driven by the students at NYU-Poly who focus on security: the ones that hang around the ISIS lab day and night, attend the weekly “Hack Nights� where they teach each other the latest in vulnerabilities and exploits, and are members of the Cyber Security Club. Under the guidance of NYUPoly faculty, these students create the challenges, manage their operation from inception to completion, find student entrants from around the world, and just do a great job to make CSAW a success. Each challenge has a captain (or co-captain), but they all get the support of many other NYU-Poly students. Sean Brooks DHS Security Quiz

Joel Fernandez High School Forensics Co-Captain

Marc Budofsky High School Forensics Co-Captain

Cody Fulcher Adobe Security Awareness Video

Kevin Chung Capture the Flag Co-Captain

JV Rajendran Embedded Systems Challenge

Julian Cohen Capture the Flag Co-Captain

Napa Sae-Bae AT&T Applied Security Research Paper Competition

Efstratios Gavas Captain of Captains

Special thanks to corporate volunteers who helped select the AT&T finalists.

Special thanks to the staff who made CSAW possible: Judy Brown, Rubina Dalvi, Jewells McMahon, Mayra Ortiz, Albert Sanchez, Deidre West

Map Polytechnic Institute of New York University & MetroTech Neighbors



2012 CSAW Program  
2012 CSAW Program  

2012 CSAW Competition Program