In August DEF CON 26 took place in Las Vegas. It is one of the largest conferences for hackers and IT-Security enthusiasts. Next to talks and workshops, teams from around the world gather each year to compete in the DEF CON Capture the Flag (CTF) finals. For a successful placement in the online qualifying round, which took place in May, the FluxFingers previously teamed up with other German teams. Under the name Sauercloud they achieved the 5th place out of 24 teams.
72 hours of concentration and tension
The DEF CON Finals are organized as a so-called Attack and Defense CTF. At the start, all teams get an identical infrastructure on which the vulnerable services for the competition are hosted. The task of the participants during the competition is to identify vulnerabilities, fix them on their own server and exploit the services of other teams. The goal of the game is to reach as many points as possible in 72 hours. Points are awarded both for the defense of the team's own services and for successful attacks against the opposing services. Points are awarded every few minutes. One of the biggest challenges for teams is to analyze programs without access to source code and to find security bugs under time pressure. Also, good coordination of offense and defense, as well as an optimized allocation of resources are necessary for a successful finish.
Flexibility and improvisation skills are needed
This year the DEF CON CTF was organized by a new organizer, Order of the Overflow. This resulted in some changes to the rules in this edition, which required a high degree of flexibility and improvisation skills from the teams. It is therefore all the more pleasing, that Sauercloud could achieve the 5th place out of 24 teams.
About the FluxFingers
The FluxFingers, the official CTF team of the Ruhr University Bochum, have been playing CTFs since 2007 and have been a registered non-profit association since 2015. Each year, they organize the CTF for hack.lu, the largest security conference in Luxembourg. The FluxFingers mainly consist of students of IT security and electrical engineering of the RUB. Complementary to the mostly theoretical lectures, they enjoy the more practical aspects of CTF competitions. For several years, they organize the FluxRookies every winter semester. In lectures and challenges, interested students get a practical introduction to CTFs.
The FluxFingers would like to thank the Chair for Systems Security, G DATA Software AG and VMRay GmbH for their financial support of the trip to Las Vegas.
The FluxFingers can be found at https://fluxfingers.net and on Twitter (@fluxfingers)
General note: In case of using gender-assigning attributes we include all those who consider themselves in this gender regardless of their own biological sex.