Kostenlos abonnieren

Werden Sie regelmäßig per E-Mail über neue Ausgaben der campuls informiert. Sie können Ihr kostenloses Abo jederzeit einfach online über den Abmeldelink im Newsletter kündigen.

Weitere Infos zu Datenschutz & Widerrufsrecht finden Sie hier.

“Capture the flag” hacker game: Think like real attackers!

The three winning teams of the “Capture the flag” hacker competition in the IT security elective module have been determined: For one week, a total of 16 students, divided into nine teams, trained the mindset of hackers and attacked real security systems. The goal of this online game is to find as many security vulnerabilities as possible and thereby score points. The team with the most points wins.

The proud winners of the “Capture the flag” hacker game in the elective module IT Security. from left to right: Fabian Geißer and Paul Zirbs (3rd place: Team youhavebeenpwned), Andreas Waldhütter (2nd place: Team root), Kathrin Schmid and Patrick Bär (1st place: Team Ode To Code) and Prof. Dr. Florian Adamsky (Professor of IT Security); Image: Hof University of Applied Sciences

Capture the flag (CTF) is actually a traditional outdoor game for children. Each team owns a flag that has to be stolen by the other teams. But capture the flag is also a popular game in computer security. For this reason, Prof. Dr. Florian Adamsky, organizer of the competition, has taken advantage of this game to train the mindset of attackers with his students.

First, I teach the students a lot of basics about security vulnerabilities. But not a day goes by without new security vulnerabilities being found. Thus, as a defender, you are always one step behind. That’s why it’s so important to train the mindset of attackers – and you can only do that if students are allowed to attack a real system. Because only when you understand the attacker’s point of view can you secure information systems accordingly.”

Dr. Florian Adamsky, Professor of IT Security.

Finding and exploiting vulnerabilities

This semester, the total of 16 students, divided into nine teams, could choose from the following categories: Pwning, Crypto, Web Client, Web Server, Reverse Engineering and Network. These are all different attack targets. For example, in the “Crypto” category, students must attack a cryptographic system; Pwning, on the other hand, is a special discipline in which students must “own” a server. For over a week, the teams searched for vulnerabilities in the respective security systems, found them, exploited them and thus were able to grab “flags”, i.e. points.

The winning teams

With a lot of creativity, technical expertise and perseverance, the three best teams were finally able to climb the podium:

1. 1st place: Team Ode To Code (174 / 186)
Kathrin Schmid
Patrick Bär

2. Place: Team root (154 / 186)
Timo Meyer
Andreas Waldhütter

3. Place: Team youhavebeenpwned (115 / 186)
Fabian Geißer (most points achieved as an individual
Paul Zirbs

To honor the great performance of the students, the three winning teams also received a trophy; Image: Hof University
Franziska Brömel

Weitere Themen