Meet Rojan Rijal
Get to know Rojan Rijal - Vice Presidenty of the Offensive Security Society (OSS)
Photo by our ECS Cyber
Behind the scenes
As the spring semester of 2019 follows its course, the Offensive Security Society (OSS) club hosted by the Cybersecurity Center at California State University of Fullerton (CSUF) prepares for upcoming cybersecurity competitions and challenges, being the nearest one in March 2019. The OSS implemented a Capture the Flag Engine (CTF) for CSUF students that are interested in finding vulnerabilities in real case scenarios.
After earning a team award of 2nd place at the National Collegiate Penetration Testing Competition (CPTC) competition in 2018, Rojan Rijal, Vice President of the OSS, realized the need to better prepare students for these competitions. As result, the CTF Engine for CSUF students was created. Not only does the CTF engine help students to be more prepared for competitions, but also the real life exercises will equip student with the needed experience to add to their resume and use to talk about at job interviews. Rojan also explains why the CTF is important for both, the cybersecurity students and the OSS club.
Everyone! Here is Rojan!
Introduction
Hello my name is Rojan Rijal, I am doing the Computer Science Major at California State University of Fullerton. I am also the Vice President of the Offensive Security Society at our school. The OSS is the only cybersecurity club at our school.
My interests are in cybersecurity and I focus on web security applications and I work with the Offensive Security team in different kinds of projects. In the free time I just hang around with friends and do different types of research related to security. I also create web applications for my own use. When it comes to web application security, I focus on finding security issues on major companies. I participate in buck bounties, where we are given tasks to find vulnerabilities on major companies such as Uber and Twitter.
When I am invited to hack on some programs my goal is to find security issues on them. On the side I also try to create my own web applications. For example we are now working on a project to create an vulnerable infrastructure in a fictious university in which students will be tasked to hack the whole system of that university that we are making. Right now I am working on web applications to try to mimic a real university system with student grade books, teacher submitting their assignments.
CTF ENGINE FOR CSUF STUDENTS
ECS Cyber: What is the CTF Engine?
Rojan:
The CTF engine is an environment where we create different vulnerable systems. It is primarily focused on cybersecurity. There are other CTF engines that focus on programming as well. The OSS is building a CTF engine for the whole Calstate of Fullerton system. Basically, anyone who wants to get into cybersecurity or who has been in cybersecurity, can sign up with their Calstate email and can practice with vulnerable systems. What we have in there are web applications. Sometimes we have a server that might be vulnerable. Every other week we will be posting different questions and challenges. It has different levels, beginners’ friendly and advanced hacking environments.
This gives an opportunity to all CSUF students to give it a shot to cybersecurity and understand the concepts of it. At school we have classes and lectures and different cybersecurity projects but what we don’t have is a practical environment where students can practice their assignments, skills, and any tools they create. That is why we decided to create the CTF engine.
ECS Cyber: Why is the CTF Engine important?
Rojan:
What happens when cybersecurity students graduate, their ultimate goal is to get a some kind of cybersecuirty role in a company. So wether is a cybersecurity engineer or a role of same kind, you need to have some kind of practical experience. If you are going to lecture every day, you are doing projects that teachers assign you are not always going to have that industry experience out of it. That is why we decided to implement the CTF engine. Because all the questions you are going to find there are real life vulnerabilities that we have found.
I use the buck bounties from companies that we have found that have been fixed by those companies. I recreate those in our own environment so that students can practice, and understand what that vulnerability does, and its impact. That way when they graduate or when they are looking for an internship, they can have an easier experience when they are interviewed. If an interviewer asks them about a vulnerability type, they will be able to explain and they can also say: “I found this vulnerability when I was at CSUF.”
That’s why I believe is super important for us to have this. That way students can get a practical experience as well as a theoretical experience from their professors.
Jon the CTF challenge today!
Visit: https://ctf.osscsuf.org/
ECS Cyber: Why is this significant for the OSS?
Rojan:
We did a test run of the CTF before the winter break. We had a RED Team meeting where we basically invited people to come and practice vulnerable environments as we taught them different tools. For example, we taught them how to hack with nmap or other security tools. We also recreated vulnerabilities that they can practice on. What we noticed was that students were kind of excited about it when they actually got to practice with each other and with vulnerable environments. So we decided that if we can do that with a small group; why not expand it over so that we can see the real talent in our school.
Our OSS exists and has members, but at the same time there are other students that have an interest in cybersecurity but have not joined the club yet. Through the CTF all students get an exposure and understand that there is a club in CSUF that is actively pursuing cybersecurity majors and has different kinds of challenges coming up where they get to see real life environments. This way students may get attracted towards the club or be part of the club. They also get the opportunity to compete in events like the CPTC and other competitions.
ECS Cyber: What is CPTC?
Rojan:
CPTC is a competition that happens every year in the Fall. In 2018 we competed in October and November. During the CPTC we are invited to hack in a real life target. A set of individuals would create a vulnerable environment and our goal is to find vulnerabilities on those and write a security report. In these cases is super important to have experience and understand what you are doing. You should have a check list of to help you find vulnerabilities.
With the CTF my goal is to help students to have experience before even going to these competitions such as the CPTC. We can invite students that are more active than other players in the CTF engine to these competitions, even to local competitions that the OSS is planning to create and kind of see where they are at. At the competitions, students can network with some industry people like IBM and other companies that have sponsored the competition.
FUTURE PLANS AND RECOMMENDATIONS
ECS Cyber: What are your plans for the future?
Rojan:
When I graduate my goal is to goal is to go into the cybersecurity industry and work as a security engineer and help companies secure their system. As a security engineer my role would be to make sure products or development are secure before they launch. I love doing security reviews and security tests.
While I am at CSUF my goal is to add more things to the OSS. For example, the CTF Engine or other competitions that we will host in the future. I would like to make things open for all the Calstate students so that they can participate and get the understanding of the cybersecurity field before they graduate. They can add these experiences it to their resume and talk about it when they apply for jobs or internships.
ECS Cyber: What would you recommend to new students that wish to get into the cybersecurity field?
Rojan:
If you are a student that is interested in cybersecurity or has not joined the OSS, one of the major recommendations I would give is to reach us to any of us. Visit our website or email us.
Contact the Offensive Security Society
Website: https://www.osscsuf.org/
Email: contact@osscsuf.org
We can always help you with any questions you may have in cybersecurity. In this field of cybersecurity, the biggest thing that you need to have is a curios mind. If you have that, you’ll easily fit into the field and be able to achieve big things. You don’t have to worry about: “Am I a good hacker?” or “Am I a good programmer?” Because, to be in the cybersecurity field, you don’t need to have a Computer Science degree. You just need to have that curious mind and willingness to learn. If you have that, you are ready to join any club in security, any company, and get your experience of it. If you wish to join our club, just reach up to us.
“To be in the cybersecurity field you just need a curious mind and willingness to learn.” – Rojan Rijal
We will add you to our Slack environment and then we will reach out to you with all the announcements that we have. We will invite you to our workshops and you’ll get to see different fields and choose your own field. We will teach you network security and web app security and others. You will get an experience of the whole thing and you’ll develop your own ideas. Other than that, just keep hacking, keep learning and you should be good in the cybersecurity field.
