Cyber Security Challenge Germany 2014

Posted on Sat 14 February 2015 in posts

This is about my experience of the Cyber Security Challenge Germany 2014.

The Cyber Security Challange Germany is a Capture The Flag style competition for students which I participated in. It is mainly organised by the Internet Sicherheit Institut (ger.: Internet Security Institution) and Compass Security with support from many companies as well as the german Federal Ministry for Economic Affairs and Energy.

It all started in November 2014 with an online qualification on hacking-lab.com, where we had to solve different challenges and collect points. The challenges were different from the typical CTF jeopardy style where you only have to find a flag. At hacking-lab you always have to write a report which will be reviewd by people. Also due to the fact that it was not only intended for experienced university students, but also for much younger highscool students (<18 y/o), many of the challenges were not that difficult - in the end all qualified uni students had solved all challenges. I'm also quite resentful that there was not a single pwning (binary exploitation) challange and the only reverse engineering challange was a very simple XOR encryption and we had FOUR captcha breaking challenges :P But it was fun nonetheless.

hacking-lab

Once the deadline was over, the 20 best students were invited to Berlin to participate in a live hacking competition in the beginning of February 2015. We got divided randomly into 4 teams with 5 people per team. Two university student (Studenten) teams and two highschool student (Schüler) teams. I got very lucky with my team, because we complemented eachother very well. easysurfer for example has a lot of experience with reversing on windows and he was able to solve a mean challenge really fast, or EPG who has experience with patching java byte code in android apps solved a game hacking task super fast. So we were able to solve a lot of tasks pretty quickly.

In my opinion the challanges for the live hacking competition were a lot more fun than the one from the quialification round. Especially because we had a bunch of very cool reversing challenges. Unfortunately I can't do a writeups, because the challanges may get reused for other events :(

Here is a picture from our Team Orange in the middle of the competition:

team orange

Once a team solved a challenge and got awarded the points, the other teams had only 1h left to solve it. When the deadline passed, the other teams had to give up those points and move to another challenge - so it was quite strategic where you spend your time on. Because we were so quick with some of the tasks, we were able to establish quite a lead :P

When I talked to many of the students who participated, they actually didn't do much or, anything at all, regarding hacking. So this event motivated many of them to look into security and discover a new passion - which is pretty awesome.

In the end our Team Orange won the Cyber Security Challenge Germany 2014 and we all got new ThinkPad T440p - which I gave to my significant other, because she always supports me and she has to tolerate those hours over hours I neglect her to pursue my dreams. Thank you!