Team Fargate consists of Dmitry Tatarov, Nikita Chelnokov, and Georgy Gennadiev, students of ITMO’s Faculty of Secure Information Technologies, and Dmitry Sibirtsev, student of St. Petersburg State University of Telecommunications. 

This year, the competition involved two stages. During the first, participants had to solve as many tasks as they could from five categories: reverse engineering, cryptography, open source search, exploiting the vulnerabilities of web applications, and investigating cases of information security breaches. According to Fargate’s captain Dmitry Tatarov, the first stage was not really exciting.

“Those who worked on the tasks for the first stage didn't seem to have the same experience and outlook in what has to do with cyber security as developers at the more reputed contests. So some of the tasks felt artificial, or lacked consistency. Nevertheless, it’s worth mentioning that others were sound and interesting, and their infrastructure was stable throughout the whole competition.

Despite the fact that we solved many such tasks when training at SPbCTF and other competitions, our team still came eighth among the ten teams that made it to the second stage,” comments Dmitry Tatarov.

Credit: vk.com/kubanctf

Credit: vk.com/kubanctf

The second stage was Attack Defence, developed by a team of mentors from SPbCTF. The teams had eight hours to try to hack each other while defending themselves. While this stage was more difficult, Dmitry notes that the result was already clear after the first five hours.

“Thanks to the introduction of new rules, the second stage was a lot more active. In essence, the developers made it so that after a vulnerability was found by one team, it was shown to all other teams within half-an-hour for simple vulnerabilities and an hour for the more complex ones. This made it impossible to exploit a single vulnerability throughout the whole stage. Such format added more drive to the competition – but that didn’t prevent us from succeeding at our tasks ahead of other teams,” comments team member Nikita Chelnokov.

“Despite the new rules, our team found and exploited unplanned vulnerabilities that other teams didn’t discover. This also helped us make one more step towards winning,” adds Georgy Gennadiev.

It is continuous training and participation in difficult competitions that helps a team succeed, so Fargate aims to choose contests with strong adversaries and complex tasks. Competing with other students becomes easy when a team has the experience of confronting professionals.

Danil Zakoldaev. Credit: ITMO.NEWS

Danil Zakoldaev. Credit: ITMO.NEWS

“At the Faculty of Secure Information Technologies, we believe that practical skills are essential. This is why our faculty puts effort in supporting student teams, communities, and initiatives that help our students acquire them. For one, in recent years we’ve adjusted our curriculum so that it offers a more balanced combination of fundamental training and real-life tasks. We gave our students an opportunity to train at SPbCTF, which helps them succeed in both professional activities and sports,” comments the faculty’s dean Danil Zakoldaev.

Only a limited number of participants can compete at onsite competitions like Kuban CTF, so team Fargate had only four members. However, over 100 people come to train at SPbCTF – some of which are avid esportspeople, and others in search of unique experiences.

Participation in competitions held in various countries by different organizers helps expand one’s outlook: at some events, there are interesting tasks in reverse engineering, others offer more challenges in cryptography or exploiting vulnerabilities. Russian competitions have a traditionally high difficulty level. One of the best examples of a top-level Russian competition in cyber security is CyBRICS CTF organized by SPbCTF’s mentors and staff from ITMO’s Faculty of Secure Information Technologies. Last year, over 1,500 participants registered for this event.