After two days of competition at the OWASP AppSec conference in Denver in September, several members of the CU Hacking Club took home first place in the team category of the Capture the Flag (CTF) security tournament, beating out 10 teams from other schools and from industry.
Team member Davis Yoshida, a junior in computer science and applied math, explained that the team competed in jeopardy-type competition, in which they had to access a “fake internet” and complete a series of challenges.
“You’d have to find hidden digits on a webpage, or unlock bitcoin mines,” he said. “There was also a computer program set up as a server admin, and you had to attack it. The admin would check in every five minutes or so, and you had to hijack his credentials.”
Yoshida said while it was fun to compete with his friends in CTF, the conference was also a great opportunity to learn from professionals in the software security industry and see them in action.
The CU-Boulder team also included Josh Rahm (senior, computer science) and alumnus Skylar Sokol. Hacking Club member Michael Swisher (sophomore, computer science) volunteered to help design the CTF with the Boulder OWASP chapter, but did not compete.
Previously, all four have competed as part of the CU Hacking Club CCDC team, which took second place in the regional Rocky Mountain CCDC competition in 2012 and 2014. Yoshida explained that that competition requires a strong defensive strategy and quick thinking.
“You have a bunch of servers and the other team is trying to break in,” he said. “Your job is to keep them all up and running. Speed is a factor but the bigger thing is breadth of knowledge – you have to know all of their possible points of entry.”
The CU Hacking Club is an affiliated student organization within the Department of Computer Science. The club meets every Monday at 7 p.m. in ECCS 112C to discuss a range of topics related to computer security, privacy, ethics and law. All meetings are open to any interested student. To keep up with club activities and announcements, you can join their Google Group mailing list.