Last October, our club hosted the first cybersecurity-themed Escape Room on the Detroit Mercy Campus. Due to the popular reception of the escape room, our team decided to work even harder this year to ensure our scenario and challenges were truly representative of key Cybersecurity Concepts:
For the basis of our escape room, we created a scenario where the team of challengers takes on the role of a forensic investigator searching for evidence of a hacker through multiple machines and “hacking” themed challenges. To achieve this goal, we first established one machine as the “Investigator’s Machine”, then wired up a second machine to a makeshift “Test Bench” to act as the “Compromised Machine”. As investigators, the teams were provided with a set of key files to investigate, located on the investigator’s desktop, with specific tools provided to ease the difficulty of the challenge. While completing the challenge, one member will take on the role of the “Scribe”, answering guiding questions in a Google Form quiz and assisting the team with staying on track to complete the challenges. During the escape room, teams were able to participate in interactive challenges that were each meant to represent a specific knowledge area of Cybersecurity:
- Phishing email challenge to demonstrate the concept of Phishing
- Hacker’s Hidden Website Challenge to demonstrate the concepts of Cryptography
- Using the cracked password for the compromised PC, the team will then log in and access a hidden message left by the hacker, which leads to two alternate paths to complete the next challenge: A. Use the hints in the hacker’s message to find a set of keyboard keys, then unscramble them to find the next clue. B. Socially Engineer “The Hacker’s Informant” to gain privileged knowledge about the next clue.
- Open the Desktop PC marked with “Repairs Needed” with the tools nearby, and retrieve the hidden USB drive from within the PC case to demonstrate the concepts of basic computer repairs and compromised USB drives.
- Finally, the team will plug the “hacker’s USB” into the investigator’s PC, extracting a strange image of the hacker to the PC, and then using a steganographic decoder to retrieve a hidden message from the image. This final challenge demonstrates the concepts of Steganography and ultimately leads to the team finding the hacker’s real-world location, which ends the challenge.
After each team participated, the total time taken to complete the escape room was logged per team, and the top three teams with the lowest times were given a choice of a Raspberry Pi Pico 2 prize, or a stuffed animal.
We have high hopes to continue this tradition of a Cybersecurity-Themed Escape Room every October, and look forward to seeing you all there!
