Cyber Tractor Challenge
Official John Deere Cyber Tractor Challenge Promo video: John Deere Newsletter
Over the latter half of last week I got the chance to participate in the Cyber Tractor Challenge put on by John Deere. This event brought in students from around the country to have hands on time with John Deere equipment. During the event, there were professionals in the Cyber Security field brought in to teach classes about different technologies that was utilized by John Deere equipment. While I missed most of these lectures when they were happening, I did get to look at the materials, and do the labs after the fact. These classes, gave me insight and knowledge of how these technologies are used in an embedded system. After the classes we got to be hands on with equipment pulled straight from working John Deere equipment. I would have never gotten the chance to work with any of the equipment we were given if I was working on my own. Purchasing the needed equipment would have been prohibitively expensive, this to me was a chance to interact in no-stakes basis where if I managed to brick anything, the worst that would happen, was the time needed to bring something back to factory settings. While this freedom to experiment on hardware was a big part of the event, to me, it was not the most important thing I got from the event.
During the event I got the chance to talk to, and work with members of professional red teams, this was a great opportunity to help me learn and refine my mental processes when going about black box testing of anything. With their help, I was able to realize I often got the cart ahead of the horse, where I was not thinking about the current smaller problem in the way, but rather looking at the big picture and treating as a single obstacle that needed overcoming. With my mentor’s help, I learned that I needed to take a little more time, do a little more planning, and create a list of short list of steps that I want to solve in order to get my end goal. A perfect example that I can think of when looking back is when I was playing with a router I got. I had gotten access to a shell on the system from an exposed UART header, and my mind immediately jumped to how I could get my own code running directly on the router whenever it booted. It seemed like one step at the time, and you just had to do it. Thinking about it now, a good plan would have been to break it into a few steps in this order, establishing write capabilities to the disk, load a new file from an external source, get some very basic code running, get that code running at startup, then develop the payload that I would want to run at boot. This breaking into steps would have made the challenge less daunting, and more doable. While the hardware was interesting it will change as time moves forward, this refining of my mental model will continue to help me throughout the rest of my career.
Another benefit of having many students and professionals from around the country is networking. This event helped me network with other like-minded individuals, who I can bounce ideas off of and ask questions to in the future. Along with potentially opening more doors for me as I move from a college student, to a full-time professional. Participating in the event also got me my second challenge coin (pictured below) which is something minor, but something I thought was really fun to get.
