For 48 hours this week almost 40 students from HiG formed a team to compete with 575 teams from all over the world in a contest in information security (hack.lu CTF). The goal of this „Capture the flag“ competition in information security was to solve several practical information security challenges, comprising web application vulnerabilities, cookie manipulation, protocol exploration, LaTeX exploitation, reverse engineering,decryption, and more.
Competition was tight. Many of the teams had experience from similar competitions and study at universities with high reputation. HiG’s team was formed by students in my software security class (3rd year bachelor in information security) and students attending ethical hacking and penetration testing (3rd year bachelor system administration and 2nd year master in information security). Students applied the knowledge gained in their study programmes and organized themselves into small groups focusing on one challenge at a time. Competition started Tuesday morning and was completed Thursday morning.
This „rookie team“ participation concluded with 43rd place based on the score for challenges solved. 575 teams participated worldwide, 259 of them scored more than 0 points. This means that HiG came out in the top 17% of all active teams, an improvement over last year’s top 25%. HiG had the best team in Norway, all five other Norwegian teams scored fewer points.
It was the second time I had included CTF participation in my teaching. Students considered the activity to be fun and a rich learning experience, and recommended to repeat the exercise next year.