Capture the Flag: Can You Handle the Heat?
Speed, skill, and stealth were demonstrated by our students in the latest Attack/Defense CTF Competition at TU Wien Informatics.
33 students, 6 hours, one goal: To capture the flag. On January 21, 2023, the Research Unit Security and Privacy held an Attack/Defense Capture the flag (CTF) competition as part of the “Attacks and Defenses in Computer Security, ADCS (192.111)” course at TU Wien Informatics. Marco Squarcina, Lorenzo Veronese, Georg Merzdovnik and Michael Pucher organized the event, which was joined by students within and beyond the ADCS course.
Attack/Defense CTFs simulate real-world IT security scenarios. Teams are trying to defend a virtual machine with ad-hoc applications – so-called “services”. They are also tasked with attacking the virtual machines of other teams to capture “flags”, which are essentially strings of text representing sensitive data.
As part of the course project, students of the ADCS course developed all 6 CTF services for the competition. To do so, they had to create a program with custom vulnerabilities, develop patches to secure it, understand how to attack it, and provide test scripts to check the correct functioning of the program. The platform to host the competition was based on the framework developed by our team for the ECSC 22 finals.
Attack/Defense CTFs promote ethical hacking and hands-on IT security activities at TU Wien Informatics. They expand the participant’s knowledge and skills in various areas of IT security, such as system administration, incident response, traffic analysis, web security, binary exploitation, and cryptography. These events allow students to understand how to identify and defend against security threats and develop offensive capabilities.
Missed this semester’s CTF? Don’t worry: CTF Competitions are used as a gamified approach to teaching in several courses. Check out the 2023 summer semester’s courses “Introduction to Security, VU (184.783)” and “Introduction to Security, UE (192.082)” to learn more.
Additionally, the Security and Privacy Research Units at TU Wien Informatics and the University of Vienna organize a CTF team of students and lecturers, which is routinely participating in international competitions.