Skip to main content

HITB Throwback Thursday: Pwnstars Gonna Pwn - Barely Legal Or Otherwise

posted onNovember 5, 2020
by l33tdawg
HITBSecPhotos
Credit: HITBSecPhotos

By: The Usual Suspects

In the words of WOPR, “shall we play a game?” Not just any game mind you, but one that takes grit, determination, courage, and above all else - skillz!  

We’re talking about CTFs or Capture the Flag contests - Played either solo or in teams, CTFs are events that traditionally were hosted at various information security conferences, including DEFCON, BSides, CCC, and of course HITB. These contests consist of a series of challenges that vary in  complexity and require participants to utilize a diverse set of skills in order to solve. Once a challenge is solved, a "flag" is given to the play or team and they submit this flag in order to earn points.

The CTF that’s been held annually at HITB since 2003 has traditionally been an attack and defense focused game - one in which teams act as both attackers and defenders - solving challenge flags that are running on servers under their control while at the same time defending said services from opposing teams who are attempting to capture these same  flags from them. 

HITB’s Capture The Flag competitions have over the years grown to be known as one of the toughest CTF game competitions around pitting seasoned CTF teams from all over the world in heated multiple-day battles. HITB CTFs have also seen numerous iterations - including the above mentioned attack/defense style, traditional jeopardy style and even 48hr-hack-till-you-drop-no-sleep style. 

While CTFs might be nothing more than ‘a game’, it’s anything but. Teams spend days, weeks and months working on solving other CTFs or competing in various practice CTFs or trying their hands at challenges released at other international contests. CTFs are also routinely scouted by some of the biggest companies around - constantly on the lookout for the best and brightest and there’s no better place to find their next pwnstar than at a CTF. 

So in August 2018, when six high-school kids walked into Intercontinental Hotel Singapore to take part in a HITB Capture the Flag competition, it certainly raised eyebrows. Sure, it was an EDU focused edition of the HITB CTF meant for University students - undergrads and post grads, nobody expected not one but two teams made up purely Singaporean high school kids! In fact the youngest high-school team  OSI Layer 8 made up of Ambrose Chua, Daniel Lim and Chandrasekaran from NUS High School, managed to not only beat several university teams but finished second! 

 

Having won the Singapore EDU edition, the team were then flown to Dubai two months later to compete in the full-scale, HITB PRO CTF. So what happened in Dubai? They essentially whooped everyone else and came in second to super seasoned and practically a household name amongst CTF circles; Eat Sleep Pwn Repeat - not only a highly-ranked CTF team but one who has been organizing CTF competitions for none other than the Chaos Communication Congress

 

Underdogs OSI Layer 8 with CTF veterans Eat Sleep Pwn Repeat

You heard it right. Three high school kids - then too young to fly without parental consent, nor could they even check-in independently into a hotel (we had to help), beat seasoned CTF players twice in a row. Talk about being young and dangerous. Amazing. 

What’s the moral of this story? That if a couple of high school kids too young to drink can do it, what’s your excuse? In fact, you don’t even have to fly anywhere to give it a go - HITB⁺CyberWeek has gone virtual, which means you can join all the competitions and check out the exhibition this year from the comfort of your keyboard. No passports required. 

There’s a Red Team AND a Blue CTF, a CMD+CTRL web hacking challenge and even a  Capture The Signal contest aka a blind signal analysis challenge. Students can compete in the virtual edition of Cyber Battle of the Emirates - there are already teams from Belgium, Estonia and Germany signed up, and who knows, maybe one of them will be the next bug hunter we welcome on stage at a future HITB Security Conference

Source

Tags

hitbcyberweek HITB HITBGSEC hitb2018dxb HITBSecConf capture the flag hitbctf CTF

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th