For 48 hours in October about 50 students from HiG formed a team to compete with 580 teams from all over the world in a contest in information security (hack.lu CTF). The goal of this „Capture the flag“ competition in information security was to solve several practical information security challenges, comprising web application vulnerabilities, SQL injection, reverse engineering, cryptography, and more. From HTWG Konstanz, a team of about a dozen students joined the competition, and the COINS Research School of Computer and Information Security assembled a team with seven Ph.D. students.
Competition was tight. Many of the teams had experience from similar competitions and study at universities abroad with high reputation. HiG participated with two teams. One team was formed by students in software security (3rd year bachelor in information security) and students attending ethical hacking and penetration testing (3rd year bachelor and 2nd year master in information security). Students applied the knowledge gained in their study programmes and organised themselves into small groups focusing on one challenge at a time. Another HiG team started as a grassroots initiative of 2nd year bachelor and 1st year master students in information security. Competition started Tuesday morning and was completed Thursday morning. For the fourth year in a row, HiG threw students into cold water and expected them to swim. They finished with rank 58 based on the score for challenges solved. HTWG Konstanz with students from the Master in Computer Science programme participated for the first time as part of the IT Security class, and came in 148th, the best German team that could be identified in the category of universities of applied sciences. Ph.D. students from COINS solved some of the challenges before quickly returning to their research projects.
581 teams participated worldwide, 395 of them scored more than 0 points. This means that HiG came out in the top 15% of all active teams, about the same position as in the past two years. HiG had the best teams in Norway, all five other Norwegian teams scored fewer points. In the Nordic countries, HiG participated with the best Nordic team having an academic affiliation. The teams from Sweden and Finland that scored better comprised members with extensive work experience from IT security and penetration testing.
Students from both colleges considered the activity to be fun and a rich learning experience, and recommended to repeat the exercise next year.
Congratulations.
P.S. Thanks to Urs Oberdorf and Julia Kinzel for the pictures.
