03 Dec 2012
DISM students setting off at HarbourFont, Singapore, 9th Oct 2012
It was an exciting day for five Diploma Infocomm Security Management (DISM) students, setting off early Tuesday morning for a long 6 hours ride from HarbourFront, Singapore to Kuala Lumpur, Malaysia to participate in the Hack-in-the-box, Capture-The-Flag competiton (HiTB-CTF).
This annual overseas venture has been a tradition for DISM students. At this yearly conference and competition, our students get to compete with professionals and university students.
Indeed the small team is not satisfied to be "just there", but seek to win the competition and to learn as much as possible from it.
Teams prepared themselves with warm up exercises in hotel
Once settled in, they wasted no time. Starting from within the hotel, they brought their own network swtich as to do some "warm up" execises in the hotel. Operationally, the five members teams particpated as two separate groups in the competition. This setup also allowed some initial practising among the two teams. Of course, a good rest and some good breakfast just before the competition days, is a must.
It was cloudy on 10th Oct morning. The team set off to the competition site in Intercontinential Hotel, about a 10-minute walk away from the hotel they were staying.
HiTB-CTF site before competition
The venue is nicely setup for 10 teams from Japan, Vietnam, Singapore, Malaysia, Netherlands and Iran. One of the Japanese teams pulled out at the last moment and the competition kicked off at 11 am with 9 teams competiting for the next 36 hours.
This is the 10th year of running for this conference and competition. Hence, it have an eye catching theme, "Weapons of Mass Destruction – Fallout Apocalypse!"
Basically, each team need to manage the server (representing a nuclear power plant) and protect their daemons or background services (representing reactor cores) from attacks while at the same time launch attacks against rival teams' nuclear reactor. Exploits (representing weaponized SCADA) could be used to cause monetary damage towards rival teams. Fallout Apocalypse also featured a black market where teams might trade exploits and also purchase countermeasures.
The Nandy Narwhals team consisted of Wee Kiat and Jeremy Heng, both are "old hands" on this CTF. Indeed being old hands did have a fair bit of advantage and it is best said by Wee Kiat himself:
"For some of us, it's the second year taking part in HITBKUL CTF. This is an advantage as we will be able to concentrate more on the competition than to worry about getting lost in a foreign land.
The other important gain in this year's HITB for us is the chance to talk with members from other teams. For example there were teams LOL from Vietnam, sutegoma2 from Japan and 0xDC381015 from Singapore, and we were able to learn quite a bunch of stuff through talking with them. This could in a way point us in the right direction when we practice for future competitions."
The AIF is a younger team consisting of Amadeus Tan, Nikolas Tay and Edmund Teo. Being first time in the HiTB-CTF it is certainly an eye opener for them. This is what Nikolas has to say about the CTF:
"This competition was indeed an invaluable experience for me. Just from this trip alone, I not only benefitted in terms of technical aspects, I also took home some strategies and important things to note for future competitions, discovered various areas of improvements and most importantly, life lessons that would be very much applicable in my future endeavors."
Nikolas working in the wee hours
Of course, it was not an easy fight for the teams. In the competition, the daemons were released periodically. The last of the seven daemons was released at 6 am of day 2.
Hence, many participants hang around hoping to be the first to solve bonus challenges when new daemons were released. Moreover, hardening defences was always ongoing during the competition. All members of our teams worked very hard and through the night.
The scoreboard at end time (5:00 pm, day 2)
After much worked, our 2 teams were ranked 3rd and 7th . The damages on the daemons (RC 1-7) shown how heavily the teams have fought among each other. Indeed the competition started to get interesting about two hours before the ending time. Each team started to bomb each other heavily with their SCADAs.
Prize presentation on 11 Oct 2012, ~7 pm
During the prize presentation, time that we have been waiting for, Wee Kiat and Jeremy secured the third place and they received a limited edition T-shirt each from the CTF crew.
Well done, Team Nandy Narwhals, you have done Singapore Polytechnic proud!
Sharing seession to all DISM year 2 students on 29 Oct 2012
At the end of the day, it is not about just winning, it is also about sharing their experiences with others who could not be there, to pay forward and allow the tradition to live on. The two teams shared what had worked and what can be done better, so that the successors will do better for the years to come.
Indeed HiTB-CTF experience is not just a competition, but it is fruitful because it is about teamwork, friendship, professionalism and more importantlym caring & sharing among students.