Digital Olympics: How Georgia Tech Participates in the World’s Biggest Hacking Contest

Outside the walls of DEF CON 32, a group of hackers prepared for the final day of the conference’s "Capture the Flag" (CTF) competition. These computer security experts used everything from dining room tables to pool tables as workstations during the final hours of the world’s largest hacking contest.

While Georgia Tech students and alumni were present throughout the "Olympics of hacking," as it is sometimes called, team BlueWater had one of the largest Georgia Tech presences in the contest. This collection of hackers comes from around the world and spends three days searching for strings of text known as "flags" hidden in vulnerable programs or websites.

They would also defend against attacks from other teams looking to gain additional flags.

“It’s not something you can do alone,” said Kevin Stevens, a Georgia Tech Ph.D. student in the Systems Software & Security Lab (SSLab). “You have to ask for help from a teammate if you don’t know how to do something or before you execute a command.”

Image

Georgia Tech students from SSLab had a unique edge in this competition. Taesoo Kim, professor in the School of Cybersecurity and Privacy and a vice president of Samsung Research, designed the lab to include events like DEF CON’s CTF in the curriculum. 

For Stephen Tong (Computer Science ’21), the cybersecurity education and systems architecture received under Kim in their undergrad classes (CS 6265/4803 ISL and CS 3210) was invaluable.

“I would say my Georgia Tech education has played a pretty important part in the competition. The first time I ever competed in DEF CON CTF was in 2019, along with my colleagues at SSLab,” said Tong. “That was a very important experience for me and helped prepare us for future DEF CON CTFs. Lastly the undergraduate research at SSLab was also valuable because it exposed me to a lot of cutting-edge real-world technology.”

When the timer wound down on Sunday afternoon, BlueWater placed second behind Maple Mallard Magistrates (MMM). However, BlueWater triumphed over MMM in Live CTF, the one-on-one double-elimination tournament part of the contest. 

“It's really incredible to have this opportunity to play along with- and learn a few new techniques from- some of the very best CTF players in the world,” said Stevens. “I'm also thrilled to help Georgia Tech's AIxCC team advance the state of the art in automatic vulnerability detection and patching.”

The competition began at 10 a.m. on Friday and Saturday mornings and ended at 6 p.m. On Sunday the contest also started at 10 a.m., but wrapped up at 1 p.m. During the off hours competitors focused on preparing their code for the next wave of challenges. 

The winners of the competition may only earn bragging rights, but at the heart of DEF CON's capture the flag competition is a sense of community. Once the contest was all said and done, members of BlueWater played chess and pool before meeting up with their fellow competitors at the CTF after party. 

Georgia Tech had representatives on the top three teams in the competition: MMM, Blue Water, and SuperDiceCode. These competitors were either students or alumni of the School of Cybersecurity and Privacy, the School of Interactive Computing, and the School of Computer Science.

A non-comprehensive list of the students and alumni on the CTF teams include:

• Yechan Bae, Ph.D. student – MMM
• Jalen Chuang, Ph.D. student – BlueWater
• Yu-Fu Fu, Ph.D. student – BlueWater
• Yonghwi Jin, Ph.D. student – MMM
• Jungwon Lim, Ph.D. student – MMM
• Daniel Lu (CS '24) – SuperDiceCode
• Darin Mao, Ph.D. student – SuperDiceCode
• Kevin Stevens, Ph.D. student – BlueWater
• Woosun Song, Ph.D. student – HypeBoy
• Stephen Tong (CS '21) – BlueWater
• Josh Wang, Ph.D. student – SuperDiceCode