CTF or Capture the Flag competitions involve tasks from various cybersecurity domains, including cryptography, reverse engineering, web vulnerabilities, network security, and digital forensics. BRICS+CTF is the largest cybersecurity tournament in Russia. This year, it brought together about 4,000 participants from over 90 countries, including Germany, France, the UK, Argentina, and Finland.

“The leaders of the BRICS countries have named cybersecurity one of the main challenges of our age, which is why it is important to promote international collaboration in this field. BRICS+CTF aims to train a “shield” of specialists who will ensure information security in Russia and the member nations of BRICS and BRICS+. Another aim of the tournament is to establish and develop professional and research connections between experts from these countries,” says Alexander Menshchikov, one of the tournament’s organizers and an associate professor at ITMO’s Faculty of Secure Information Technologies. 

Alexander Menshchikov's workshop on CTF tournaments at the It's Your Call! forum. Photo by Dmitry Grigoryev / ITMO.NEWS

Alexander Menshchikov's workshop on CTF tournaments at the It's Your Call! forum. Photo by Dmitry Grigoryev / ITMO.NEWS

The first round of the tournament was held in the format CTF Jeopardy, which includes solving tasks from various domains of information security: cryptography, web and network security, security of operating systems, reverse engineering, and others. The best teams in the first round proceed to the finals, held in the Attack-Defense format: there, the participants had to search for vulnerabilities on their servers and fix them, while also exploiting the vulnerabilities on their opponents’ servers to capture their flags. Each team had an objective, such as to identify a vulnerability and extract the administrator password from a website’s database. Once a team has solved this task, they receive a “flag” – a secret line of code. Then, on a special website, they can exchange this flag for points. The team with the most points wins.  

The $10,000 prize fund was shared by the three winning teams: team Bushwhackers came first, earning $5,000; team SPRUSH took second place, receiving $3,000; and team kks, who came third, bagged $2,000. 

BRICS+CTF is organized by ITMO’s Faculty of Secure Information Technologies and invited cybersecurity experts in partnership with the Association of Chief Information Security Officers, the national youth movement Mentors of Russia, and the international platform BRICS+. The finals were held under the aegis of the 5th International Municipal BRICS+ Forum.

The idea of the tournament was conceived in 2018 after a meeting of the BRICS Network University that brought together representatives of universities from Brazil, China, South Africa, India, and Russia. The first CTF tournament for the BRICS countries was held at ITMO in 2019 in two stages: an online round, with over 1,100 teams, and an on-site finals that welcomed the 21 teams that passed the selection.