“We managed to score an amazing 10th place at DefCon CTF!”
EPFL’s cyber security competitions team, the Polygl0ts, has just returned from the United States after competing at the DefCon Capture The Flag competition, the oldest and largest hacker convention/security conference in the world.
Capture the Flags or CTFs are cyber security competitions where, usually, the goal is to reverse engineer, decrypt and hack into computer systems to capture flags and win points for your team. DefCon CTF, considered to be the hacker Olympics, is held annually in Las Vegas, with the term DefCon coming from the movie WarGames, referencing the U.S. Armed Forces defense readiness condition (DEFCON).
This year, for the first time, EPFL was represented in the DefCon finals, a fantastic achievement given that only 16 teams globally make the cut. The EPFL students are part of Team Polygl0ts and joined colleagues from ETH Zurich’s Flagbot team to compete together.
Professor Mathias Payer, Associate Professor of Computer Science and Communication Systems in the School of Computer and Communication Sciences (IC) and head of the HexHive Lab, along with a group of motivated students, started Team Polygl0ts in 2018.
“DefCon CTF in Las Vegas is considered to be the most prestigious event of the year, it’s the ‘World Cup’ of Capture the Flags,” Payer said. “Getting to the finals was an incredible achievement in itself, finishing as the highest ranked European team and scoring 10th place overall shows how talented our team is and is the icing on the cake.”
Despite the challenges of traveling in the midst of COVID-19, the eight Polygl0t students who participated were granted travel exemptions to attend the event that ran for 8-hours a day over three days.
EPFL Doctoral student and assistant in the HexHive Laboratory, Luca Di Bartolomeo, is the Polygl0ts spokesperson, and helped to organize the journey to Las Vegas. “We named the joint EPFL/ETH team ‘the Organizers’ and in addition to more than 20 people playing in Las Vegas, we had a Lausanne Hub with several others players as well,” he said. “The individual challenges in which we competed were very versatile, from compromising and escaping hypervisors encoding different shellcode, to finding vulnerable services in a self-modifying network.”
"When I arrived at EPFL, I immediately started a CTF team. Challenges at CTF competitions are extremely fun and allow students to playfully learn about all aspects of cyber security. By playing, students analyze the newest types of security threats, figure out how to assess them, and practice how to mitigate such issues. In addition to being entertaining, students learn practical skills ready to be used in practice!" says Payer.
“Playing the DEFCON finals was an amazing experience and joining forces with the ETH team also proved to be a huge success especially because, since the introduction of the Master of Cyber Security, many students travel back and forth between ETH and EPFL. It made sense to play as a single team. We are also always open to newcomers and will host a workshop in October for anyone who is interested!” concluded Di Bartolomeo.