Last weekend, the SBA-supported CTF team “We_0wn_Y0u” (W0Y) of the TU Wien again showcased its outstanding capabilities. In the academic International Capture the Flag (iCTF) contest they secured the third place out of 78 participating universities worldwide in an 8-hour race. W0Y started receiving points late in the game but managed to overtake the field leaving only Moscow State University (1st) and Saarbrücken University (2nd) in front.
As a novelty, this year, the iCTF also included a 24-hour non-academic contest where W0Y scored 4th out of 317 teams. The 24 hours meant three times more fun (by time), but also unique challenges regarding rest times and shift operations.
W0Y has a long-standing tradition in participating iCTF since 2005. They managed to be in the top-10 every time and won the competition twice. They comprise outstanding students and teaching staff of the “Internet Security” and “Advanced Internet Security” course-series taught at TU Wien. The courses are a cooperation of the Institute of Computer Aided Automation and the Institute for Software and Interactive Systems. The lectures are sometimes called hacking-course since they teach the unique offensive perspective to enable students to understand attackers and develop secure software in the future.
The iCTF is a so-called “attack-defense” competition. Every team has the same copy of a server to defend against other teams and simultaneously to attack the competitors. Each server provides about a couple of services. Attack points are awarded for every service that a team manages to overtake from another team by stealing a “flag”. Flags are files containing a secret unique to that team and service. Defense points are awarded for keeping the own services running and secure (i.e., not losing any flags).
The team likes to thank the UC Santa Barbara and Arizona State University for organizing the competition.