HITB Throwback Thursday: Pwnstars Gonna Pwn - Barely Legal Or Otherwise

posted onNovember 5, 2020
by l33tdawg
HITBSecPhotos
Credit: HITBSecPhotos

By: The Usual Suspects

In the words of WOPR, “shall we play a game?” Not just any game mind you, but one that takes grit, determination, courage, and above all else - skillz!  

We’re talking about CTFs or Capture the Flag contests - Played either solo or in teams, CTFs are events that traditionally were hosted at various information security conferences, including DEFCON, BSides, CCC, and of course HITB. These contests consist of a series of challenges that vary in  complexity and require participants to utilize a diverse set of skills in order to solve. Once a challenge is solved, a "flag" is given to the play or team and they submit this flag in order to earn points.

The CTF that’s been held annually at HITB since 2003 has traditionally been an attack and defense focused game - one in which teams act as both attackers and defenders - solving challenge flags that are running on servers under their control while at the same time defending said services from opposing teams who are attempting to capture these same  flags from them. 

HITB’s Capture The Flag competitions have over the years grown to be known as one of the toughest CTF game competitions around pitting seasoned CTF teams from all over the world in heated multiple-day battles. HITB CTFs have also seen numerous iterations - including the above mentioned attack/defense style, traditional jeopardy style and even 48hr-hack-till-you-drop-no-sleep style. 

While CTFs might be nothing more than ‘a game’, it’s anything but. Teams spend days, weeks and months working on solving other CTFs or competing in various practice CTFs or trying their hands at challenges released at other international contests. CTFs are also routinely scouted by some of the biggest companies around - constantly on the lookout for the best and brightest and there’s no better place to find their next pwnstar than at a CTF. 

So in August 2018, when six high-school kids walked into Intercontinental Hotel Singapore to take part in a HITB Capture the Flag competition, it certainly raised eyebrows. Sure, it was an EDU focused edition of the HITB CTF meant for University students - undergrads and post grads, nobody expected not one but two teams made up purely Singaporean high school kids! In fact the youngest high-school team  OSI Layer 8 made up of Ambrose Chua, Daniel Lim and Chandrasekaran from NUS High School, managed to not only beat several university teams but finished second! 

 

Having won the Singapore EDU edition, the team were then flown to Dubai two months later to compete in the full-scale, HITB PRO CTF. So what happened in Dubai? They essentially whooped everyone else and came in second to super seasoned and practically a household name amongst CTF circles; Eat Sleep Pwn Repeat - not only a highly-ranked CTF team but one who has been organizing CTF competitions for none other than the Chaos Communication Congress

 

Underdogs OSI Layer 8 with CTF veterans Eat Sleep Pwn Repeat

You heard it right. Three high school kids - then too young to fly without parental consent, nor could they even check-in independently into a hotel (we had to help), beat seasoned CTF players twice in a row. Talk about being young and dangerous. Amazing. 

What’s the moral of this story? That if a couple of high school kids too young to drink can do it, what’s your excuse? In fact, you don’t even have to fly anywhere to give it a go - HITB⁺CyberWeek has gone virtual, which means you can join all the competitions and check out the exhibition this year from the comfort of your keyboard. No passports required. 

There’s a Red Team AND a Blue CTF, a CMD+CTRL web hacking challenge and even a  Capture The Signal contest aka a blind signal analysis challenge. Students can compete in the virtual edition of Cyber Battle of the Emirates - there are already teams from Belgium, Estonia and Germany signed up, and who knows, maybe one of them will be the next bug hunter we welcome on stage at a future HITB Security Conference

Source

Tags

hitbcyberweek HITB HITBGSEC hitb2018dxb HITBSecConf capture the flag hitbctf CTF

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs