As the tide of cyberattacks continue to rise, so does the need for digital defenders who understand how their adversaries think. At a competition organized by the Global Security Initiative, aspiring and professional cybersecurity experts find their glory through real-world hacking challenges.
The Capture the Flag team at DEF CON 29.
By Oliver Dean
Oct. 1, 2021
Every year, the gladiators of hacking meet to sharpen their skills and compete in the world’s most elite digital coliseum — DEF CON.
A pillar of the cybersecurity industry, DEF CON is one of the world’s largest hacking conventions, with its first event taking place in 1993. It offers hands-on hacking opportunities, workshops and presentations from government, industry and education experts in the field. Attendees included those interested in protecting software computer architecture, digital infrastructure and anything vulnerable to hacking.
Since 2018, faculty, students, and staff with the ASU Global Security Initiative’s Center for Cybersecurity and Digital Forensics (CDF) have organized DEF CON’s signature event, the Capture the Flag competition, which has multiple security challenges that competitors must identify and resolve. Hundreds of teams from all over the world compete each year to make the final round, with 16 teams emerging as finalists.
Through the Capture the Flag event, ASU has helped thousands of people develop an adversarial mindset — an understanding of how an adversary thinks, what information is valuable to them and what sort of tactics they may deploy. This knowledge is crucial in today’s world where cybersecurity professionals need to identify vulnerabilities before bad actors do.
DEF CON’s Capture the Flag is an example of putting ASU’s mission of creating social impact and helping learners build the knowledge and skills needed to thrive in today’s workforce into practice.
“The university has a huge appetite for real impact and one challenge we face in academia is showing that ideas being explored are relevant — DEF CON allows us to do that,” says Yan Shoshitaishvili, CDF researcher and assistant professor at the School of Computing and Augmented Intelligence. “ASU is the top university to attend for cybersecurity. The people in charge of the ‘Olympics of hacking’ are also professors you can learn from.”
This year’s DEF CON, which was held in Las Vegas August 5th – 8th, concludes GSI and CDF’s hosting of the Capture the Flag competition, as organization of the event rotates every few years. In 2020, the team pivoted to a fully virtual environment due to COVID-19. This year, the event became half remote, half in person. “The team persevered and I am proud to call this our last year hosting DEF CON CTF,” says Doupé.
As we continue to see threats to our security and infrastructure in the United States, ASU professors have found that this competition brings to light just how much impact education and research can provide.
“With so much of our lives taking place online, cybersecurity is everyone’s concern. By organizing one of the world’s premier cybersecurity competitions, the university’s Global Security Initiative demonstrates the importance ASU puts on solving problems that affect everyone, all while training the next generation of security experts.” — Sally C. Morton, executive vice president of ASU Knowledge Enterprise
“We try to translate academic research into practical application, which is where we’ve seen some of the best ideas and techniques disseminate,” says Doupé. “It’s very difficult to apply a theoretical concept from an academic paper until you’ve actually done it.”
One distinctive characteristic of the Capture the Flag competition is that despite the high caliber of competitors, anyone can try these hands-on challenges. The game’s architects are dedicated to the philosophy of applying theory to everyday situations and providing these kinds of advanced skill-building opportunities to anyone who is interested. To accomplish this, they have uploaded challenges used in the tournament to archive.ooo for easy access.
“When we look back at the history of DEF CON CTF, the same techniques and challenges we do now will be standardized five to ten years from now for anyone in cybersecurity,” says Doupé.
Organizers are embedded within ASU’s network of cyber educators, and the GSI team tailored competitions from their own areas of expertise. Over the four years of GSI involvement, 3,229 teams from around the world competed in the Capture the Flag qualifying and finals, logging 276 hours of active game time. ASU faculty, staff, graduate students and external collaborators created 176 custom challenges.
Zion Basque, an ASU student pursuing a PhD in Computer Science, with a focus on Cybersecurity, who competed at DEF CON29, aims to be the best of the best hackers while making the world a better place with his technical skills.
“The competition really puts your field into perspective. Engaging with and against world-class hackers makes you understand just how much this field has to offer,” says Basque. “As a PhD student, publishing papers is not enough. I believe good security should be applied to real-world situations. I am inspired by everything at DEF CON, helping the community and working hard toward my dreams.”
GSI will continue to stay connected to the Capture the Flag community by inspiring DEF CON collaborators and competitors.
“We wanted our last year to be exceptional – pulling out all the stops on the novelty and scale of our challenges,” says Shoshitaishvili. “I am passionate about what DEF CON represents: an opportunity for aspiring hackers to find resources and inspiration.”
Shoshitaishvili and Doupé host a podcast exclusively focused on CTF competitions called CTF Radio.
The development of technical skills and applied, accessible knowledge is central to DEF CON and Capture the Flag. GSI is committed to increasing cybersecurity literacy for all learners and DEF CON Capture the Flag has been a key pillar of these efforts.
“The best thing about DEF CON CTF is that it brings people together,” says Debbie Kyle, CDF project manager. “As the realm of cybersecurity continues to evolve, players will continue to rise to that challenge, and that’s exactly where CDF wants to be – right in the middle of the action.”
The Global Security Initiative and the Center for Cybersecurity and Digital Forensics are partially supported by Arizona’s Technology and Research Initiative Fund. TRIF investment has enabled thousands of scientific discoveries, over 800 patents, 280 new startup companies and hands-on training for approximately 33,000 students across Arizona’s universities. Publicly supported through voter approval, TRIF is an essential resource for growing Arizona’s economy and providing opportunities for Arizona residents to work, learn and thrive.