USC Capture the Flag Recap
By Ayman Siraj ‘18 (w/ inputs from Nathaniel Diakun)
On the weekend of the 15th – 17th September, the Cyber Security & Forensics Organization at USC hosted its first Cyber Security Awareness Week Capture the Flag (CSAW CTF) event. CSAW is the largest student-run cyber security event in the world, featuring international competitions, workshops, and industry events. It was founded by the Department of Computer Science and Engineering at New York University.
A CTF is an ethical hacking competition where players solve cyber security challenges of various difficulties with the harder challenges assigned more points. The challenges are segmented by Binary Exploitation, Cryptography, Forensics, Reverse Engineering & Web Hacking.
Event Poster sponsored by Hak5
The CTF was open to everyone with an undergraduate and graduate category with USC participating in the undergraduate category. The USC team placed in the top 15 % of teams. The cut-off for finals was to place in the top 10 % of teams – while the team didn’t qualify, everyone had a great time hacking and learning together. It was the first time an USC student organization hosted a CTF and this was a major accomplishment.
The USC CTF lasted for a total of 48 hours – Friday afternoon to Sunday afternoon where students completed challenges for 48 hours. There were students who came for a few hours and went back home to continue to solve challenges, a select few stayed back to pull the classic university all-nighter to get through some of the harder challenges. In total, there were about 20+ students and even a few alumni mentors join in on the fun.
Prizes were given to the 1st, 2nd & 3rd place participants along with a Best Rookie Award.
The team demonstrated remarkable perseverance in the face of tough challenges and expects to improve their standing in the next competition. The highlights of the CTF included:
- When the 3rd place winner Ian “Brute-Force” Bunner spent nearly 5 hours brute-forcing a tough cryptography challenge using only his pen and a few pieces of paper.
- When the USC CybOrg team gained a temporary foothold in the 96th percentile of the CTF during the toughest sprint at 5am on a Saturday morning.
- When professionals showed up to mentor the team and share real-life penetration testing stories.
Trojans 360 sat down with one of the prize winners, Ian Bunner, a sophomore majoring in Quantitative Biology and minoring in Linguistics, Accounting, Finance & Digital Forensics. We asked him about his thoughts on the Capture the Flag:
Participating in CSAW CTF was a blast. I just started with my ITP minor and Comp Sci coursework this semester and was originally just going to check it out to figure out how it worked and come back next semester when I had more technical knowledge. I got hooked working on the crypto challenges and found a community of supportive people. I ended up spending most of my free time that weekend at CTF and solved the Almost Xor challenge by running a simple python script to determine the length of the key and using that knowledge to hand translate the message.
Professionals from Industry mentoring students.
The students participating in the CTF were mentored by consultants from Crowdstrike and Synopsys. While there were many who participated, the stand-outs were awarded prizes sponsored by Hak5 – a penetration testing company based in Richmond, California. The prizes included a Wi-Fi Pineapple Nano, a Bash Bunny, a LAN Turtle and a USC Rubber Ducky. The students winning prizes were Sam Smoker, Mina Zhou, Ian Bunner & Ben Rice.
CTF winners after the Hak5 Prize Ceremony.
Want more from Trojans 360?
Visit Trojans 360 on Facebook & Twitter to stay up to date with more student content!
You can also Ask A Trojan an anonymous question, and we’ll try to answer it in a future post!
And don’t forget to follow us on Instagram!
Trojans 360 is USC’s official student-run blog. Content created by students, for students.