Cyberattacks in Austria have tripled within just a year. With these distressing developments, the importance of educating future experts cannot be overstated. To prepare students for the latest attack mechanisms, researchers of the TU Wien Cybersecurity Center and our Research Unit Security and Privacy let them face real-world challenges – already at the Bachelor’s level. A common tool to get a glimpse into attack and defense scenarios are Capture the Flag (CTF) competitions, also used by top companies to evaluate the skills of their candidates.

On January 20, 2024, lecturers and students held an Attack/Defense CTF competition within the “Attacks and Defenses in Computer Security, ADCS (192.111)” course, which is part of the new Cybersecurity Specialization in our Bachelor’s program. Marco Squarcina, Lorenzo Veronese, Georg Merzdovnik, Michael Pucher and Sebastian Roth organized the event. To train and share their know-how, members from Team Austria were also part of this year’s CTF competition. They are trained by Marco Squarcina to compete at the European Cyber Security Challenge

Attack/Defense CTFs simulate real-world IT security scenarios. Teams are trying to defend a virtual machine with ad-hoc applications, so-called “services”. They are also tasked with attacking the virtual machines of other teams to capture “flags”, which are essentially strings of text representing sensitive data. Within the ADCS course framework, students were tasked with a project that involved creating vulnerable programs for the competition. This required them to not only design a program infused with tailor-made vulnerabilities but also to engineer patches to fortify it. They had to grasp the strategies to assault their own creation, alongside crafting test scripts to validate the program’s operational integrity.