K-Pop music videos blasted from a room in the Klaus Advanced Computing Building one Friday in November. Inside, students were hunched over their laptops working on cyberattacks against each other. Every so often, they took a break for sodas or snacks and then returned to the battle. It was all part of the School of Computer Science’s (SCS) first Capture the Flag competition (CTF).
CTF is a hacking competition where teams try to maintain control of a server by using real-world cyberattacks. With each successful attack, a team captures a flag, and the team with the most by the end of the contest wins. DEF CON hosts the largest CTF three-day competition, which a team from SCS won last year. SCS Assistant Professor Taesoo Kim decided to bring it home to Tech with a 24-hour competition starting on Nov. 16.
“We wanted to educate the George Tech community by organizing a high-quality CTF,” Kim said. “We want to make this an annual tradition among information security master’s students and undergraduates.”
Eighteen teams registered, including 51 students and 10 staff members. The winning team, 2young2simple, took home $1,000 and was made up of information security master’s students Po-Ning Tseng (also part of the winning DEF CON team), Mo Chen, Wei-Han Huang, and Mingsuan Yao.
This CTF was less about winning, though, and more about having an opportunity to practice adversarial attacks. Many participants had taken Kim’s Information Security Lab class, where students learn cyberattack strategies like reverse engineering, exploit writing, and how to find vulnerabilities. Competing in CTF allows them to see attacks in action and apply what they have learned.
K-Pop videos provided the soundtrack for a recent capture the flag hacking competition at Georgia Tech's School of Computer Science.
“I knew literally nothing about CTF challenges before I took Taesoo’s class, and now I won first place with my team members,” Chen said. “That’s why I always consider Taesoo’s class as the most valuable class I have ever taken in Georgia Tech.”
Yet CTF isn’t just about learning how to deploy attacks; it’s also about learning how to collaborate. When most of the competitors know the same techniques, teamwork becomes the main way to secure a victory.
“We know each other's skill set, so we could distribute challenges to a suitable person,” Tseng said. “There was a challenge that required knowledge in both pwn and crypto. Two of our members worked closely together and contributed their own strength to solve the problem.”