The three winning teams of the “Capture the flag” hacker competition in the IT security elective module have been determined: For one week, a total of 16 students, divided into nine teams, trained the mindset of hackers and attacked real security systems. The goal of this online game is to find as many security vulnerabilities as possible and thereby score points. The team with the most points wins.
Capture the flag (CTF) is actually a traditional outdoor game for children. Each team owns a flag that has to be stolen by the other teams. But capture the flag is also a popular game in computer security. For this reason, Prof. Dr. Florian Adamsky, organizer of the competition, has taken advantage of this game to train the mindset of attackers with his students.
First, I teach the students a lot of basics about security vulnerabilities. But not a day goes by without new security vulnerabilities being found. Thus, as a defender, you are always one step behind. That’s why it’s so important to train the mindset of attackers – and you can only do that if students are allowed to attack a real system. Because only when you understand the attacker’s point of view can you secure information systems accordingly.”
Dr. Florian Adamsky, Professor of IT Security.
Finding and exploiting vulnerabilities
This semester, the total of 16 students, divided into nine teams, could choose from the following categories: Pwning, Crypto, Web Client, Web Server, Reverse Engineering and Network. These are all different attack targets. For example, in the “Crypto” category, students must attack a cryptographic system; Pwning, on the other hand, is a special discipline in which students must “own” a server. For over a week, the teams searched for vulnerabilities in the respective security systems, found them, exploited them and thus were able to grab “flags”, i.e. points.
The winning teams
With a lot of creativity, technical expertise and perseverance, the three best teams were finally able to climb the podium:
1. 1st place: Team Ode To Code (174 / 186)
Kathrin Schmid
Patrick Bär
2. Place: Team root (154 / 186)
Timo Meyer
Andreas Waldhütter
3. Place: Team youhavebeenpwned (115 / 186)
Fabian Geißer (most points achieved as an individual
Paul Zirbs