The seventh International Cyber Security Competition (VolgaCTF) took place in Samara. The SUSlo.PAS team fr om NSU won second place.
VolgaCTF is one of the largest annual competitions in the field of information security. It achieved international status in 2015. The purpose of the competition is to improve the skills of students and young professionals in spheres related to the protection of information. 1,024 teams from 77 countries (only 200 from Russia) participated in the on-line qualifying round.
VolgaCTF is held in two stages: qualifying and final. This year 15 teams were invited to Samara to participate in the final round of the competition after passing theon-line qualifying stage. The NSU team was comprised of first year MA ITD students (Roman Lebedev wascaptain of the team, Ilya Koryakin and Alexander Tkachev), a Mechanics and Mathematics Department MA student (Roman Fedoseev), a Physics Department 4th year student (Vladimir Sitnov) and ITD undergraduate students (Dmitry Mechanics and Mathe Lipovy, 4 year and Nikolay Ovchinnikov, 3rd year).
The NSU team took second place with first place going to the team from the National Research Nuclear Universityin Moscow (MEPhI). NSU team captain Lebedev believes that second place is a step towards a future victory:
– The main challenge in this competition were the shortcomings in our own infrastructure that was designed to attack other teams. Although it was repaired by the middle of the competition, time was lost and who knows how everything would have turned out if we did not have these problems.
The competition format was classic Attack / Defense CTF: all teams are given the same image of a virtual machine on which vulnerable services written in different programming languages are located. The team's task is to find vulnerabilities, fix them on their own devices and use them to exploit other teams. Team member Tkachev described the competition:
– Almost always the service is a small site wh ere a user can register and do something, for example, send a message. The jury checking system goes to the services every round (in this competition 2 minutes) and acts like an ordinary user. If this can be done without problems, then the service is working. In this case, the verification system adds some secret information – a flag. Teams need to find a way to get this secret information. When flags are delivered, the team receives points for the attack. If their flags have not been passed, they get points for protection. Services this time were quite interesting and difficult.