Auburn University’s Ethical Hacking Club (EHC) is bound for regionals.
Twelve members of the student organization will compete in the Southeast Regional Collegiate Cyber Defense Competition (SECCDC) March 21–22 at the University of South Florida in Tampa. There, they’ll defend networks against professional penetration testers (red team), competing alongside student cybersecurity programmers from Tennessee Tech, South Florida, Central Florida, Alabama, Charlotte, Florida Poly, Florida, Clemson and North Georgia.
“It’s rewarding to see how these students are applying what they’ve learned in the classrooms toward real-world scenarios and then perform at a high level against students from peer institutions,” said Samuel Mulder, EHC’s faculty advisor and associate professor in the Department of Computer Science and Software Engineering (CSSE). “Competitions like this and the preparation that goes into them are part of the computer science education process and validate that they are ready to take the next step as professional cyber defenders beyond Auburn.”
EHC teaches hands-on skills in areas like penetration testing, digital forensics, incident response, and network/systems defense. Through weekly meetings, labs and competitions, members gain practical experience and prepare for careers in cybersecurity.
In the qualifying round, held remotely on Feb. 7, Auburn’s team was assigned a corporate-style network environment and finished 8th out of 45 teams.
“Our goal was to defend a network from a team of professional red teamers that work in industry,” said Will Nickolson, EHC vice president, team captain and a graduate student in information systems management. “They work at places like IBM, Lockheed Martin, Meta, Google, Microsoft, all these big names.”
Nickolson leads a 12-member team that includes Daniil Vasin (computer science), John Bennett Martin (software engineering), Matthew Pepe (computer science), James Weaver (computer science), Collin Webb (computer science), Cooper Jackson (software engineering), Enoch Yang (computer science), Muntassir Omer (computer science), Gabriel Capron (computer science), Nate Buck (computer science) and Lucas Fernandez (computer science).
The scenario simulates defending a real organization, not just blocking hackers in isolation.
“They have legitimate users and legitimate activity of employees trying to log in and do things,” Nickolson said. “You have to also be able to categorize between what’s normal and malicious activity.”
At SECCDC, the challenge increases: the red team is expected to escalate its tactics.
“In qualifiers, they kept it pretty low level in terms of attacks, using publicly available malware or tools on GitHub that they can just pull down,” Nickolson said. “At regionals, they go a step further and make custom malware with custom attacks. It’s much harder for us to trace.”
Preparation for regionals builds on lessons learned during the qualifying round, particularly the need for automation and resilience under sustained attack.
“Like with the qualifiers, teams were allowed to submit pre-approved defensive scripts (small computer programs that often monitor critical services) and tooling in advance of the regional competition — provided they met strict review deadlines,” Nickolson said. “But you need a few weeks for them to verify the scripts and make sure there’s nothing bad in them. For regionals, we have a lot more time to go in and write things that we know will be useful.”
One of the most pressing issues during qualifiers involved SSH (Secure Shell, a remote login service that allows administrators to access Linux systems). Attackers repeatedly disabled or corrupted that service, temporarily locking the team out of its own machines.
“The red team would kill that service or corrupt one of the configuration files so that we can’t log in anymore,” Nickolson said. “We lost hours of time trying to fix it and get our access back.”
To prevent that from happening again, the team developed automated defensive scripts.
“The scripts that we wrote for regionals basically monitor these services,” Nickolson said. “They’re a service themselves that just watches another service. If they notice red team activity, they check every 15 seconds and can revert any changes. If they try locking us out, that service will revert those changes and we’ll still have access to the system.”
Under the umbrella of CSSE and the Auburn University Center for Artificial Intelligence and Cybersecurity Engineering, EHC is no stranger to national or regional cybersecurity competitions. The team achieved the university’s first Top 10 (eighth) at CyberForce, sponsored by the Department of Energy (DOE), this past November, improving from 15th in 2024. The club’s annual Cyber Fire Puzzle event, facilitated by cybersecurity professionals from the DOE and Los Alamos National Laboratory, drew 100 students across multiple institutions this past August.
