The CTF Russian Cup fuses the show format with all classical formats of competitions in the field of information security: task-based for 15 invited teams, classical attack-defense for the top-10 of them, and battle, organized in accordance with the Olympic knockout system, for the four finalists that have won the previous stages.
Making in into the competition’s finals were two ITMO University teams: [SPbCTF] Kappa and [SPbCTF] Fargate, as well as Shadow Servants and mstuca. The [SPbCTF] Kappa team confidently outperformed the experienced Shadow Servants and won the 2019 CTF Cup. Famous practicing experts in the field of information security were invited to join the jury so that the Cup’s participants had the opportunity to communicate with the legends of information security in an informal setting.
The tournament was organized by the interregional public organization “Association of Chief Information Security Officers” (ACISO) and the Skolkovo Innovation Center.
“For me, this is a win for the faculty, too,” shares Danil Zakoldaev, dean of ITMO University’s Faculty of Secure Information Technologies, the winner’s alma mater. “This means that we’re moving in the right direction. I think that to some degree, this also reflects both our students’ level and the quality of the education we offer. The majority of our students and PhD researchers are active participants of the CTF community. Some are active players, others do this to develop their professional skills. Today, the training of students has a strong focus on practice, which in my view is what allows us to achieve such high results. This victory is first of all the significant achievement of our students, but it was also paved by the efforts of the faculty’s staff, lecturers and coaches from the SpbCTF community.”
We asked Ilya Shilov, a member of the winning team, to share his experiences of the final round of the competition.
What ITMO University teams participated in the competition? Please tell us about your team.
There were three teams representing ITMO University: Fargate, Kappa, and Yummy Tacos. I was part of the team Kappa. The majority of our team members are students and PhD students at the Faculty of Secure Information Technologies, but there are some students from the Information Technologies and Programming Faculty as well. For some of them, it was their second time participating in the competition, but not for me, as I missed it last year.
How did the competition take place? What tasks did it include, and what knowledge came in handy?
The competition took place in three stages. The first was held in the usual task-based CTF format. The participants solved tasks on different topics in the field of practical information security: from making use of web vulnerabilities to steganography and finding information in open sources. The best team (it was Kappa) passed directly to the finals. On the second day of the competition, the ten teams that came first following the results of the first day competed in the attack-defense format. The two strongest teams (Fargate and Shadow Servants from the Higher School of Economics) made it into the finals. A special round, Chance, was organized for the remaining teams, with the winner also passing through to the final round. Here, the participants had to solve teams on different topics in random order. A team can either accept a task or refuse it, in which case it wouldn’t get a task of similar value again. The Chance round was won by the mstuca team, which also went on to take part in the finals.
The tasks in the final round were held in three formats: task-based, attack-defense and pentest. We were given four hours to score the biggest number of points, and we succeeded.
How do you evaluate the results of the competition in general?
It’s hard to compare this competition with last year’s one, taking into account that this was my first time participating in it. Developing the tasks were pretty famous teams like Cat But Sad, Hackerdom and VoidHack. This is why the event was really well-organized.
Any plans for the next season?
I won’t be able to take part in the majority of competitions held by universities next year as I’m doing my PhD studies: many competitions only allow for students and not PhD researchers to participate. I hope that next year, ITMO will perform no less successfully than in 2019. The crux of the teams will remain the same, so we have all the chances to do so.
How do you prepare for competitions?
Practice is what matters the most when you’re getting ready for competitions in the CTF format. Over the last couple of years, I have taken part in a number of CTF competitions of different scales. My team became the winner in some of them (like CyBRICS and Kuban CTF), and award winner in others (YauzaCTF, RealCTF). The more you practice, the higher your chances for the victory are. What is also very helpful is solving various training tasks on the internet.
The knowledge I received during the classes of the Faculty of Secure Information Technologies lecturers Artur Khanov and Grigory Sablin also was of great help. The competition’s specifics required an understanding of reverse engineering and strong skills in the field of binary operations. It would have been very difficult to proceed without the knowledge and skills I’d gotten at their classes, training sessions and meetings of the SPbCTF community.