By Izzy Whistlecroft and David Young
Southampton returned to the national Inter-ACE competition hosted by the University of Cambridge. This time there were more than 30 teams competing and a wider range of universities had been invited than in previous years, with invitations extended beyond just the ACEs. Each team was comprised of up to four students and each university had up to three teams, representing the best of the best from top universities around the country. In contrast with previous years, the competition had been extended to run over two days; this allowed for a much more interesting competition as challenges could be given greater depth.
The University of Southampton entered two teams:
- Hapless Techno-Weenies: Josh Curry, David Young, Izzy Whistlecroft, Laurie Kirkcaldy
- Less > More: Tim Stallard, Viktor Barzin, Jamie Scott, Alex Lockwood
This year the challenges were mostly written by Cambridge’s own Graham Rymer, with some additional challenges provided by Context Information Security and Palo Alto Networks — we’ll be providing a write-up of a large number of the challenges in a future blog post.
The competition was a jeopardy style CTF, in which competitors are provided with a set of challenges, with the goal being to solve as many as possible to discover flags which would be entered into the flag tracker to earn points. During the first day, most teams were struggling to get points as the challenges this year ranged from difficult to fiendish, each providing an interesting (and sometimes frustrating!) puzzle to solve.
In parallel with the technical challenges there was a more social activity: everyone at the event (including organisers, sponsors, and guests) had an NFC tag on their badge containing a clue. These clues had to be collected and provided a Zebra Puzzle which could be solved for additional points in the competition, with the side goal of encouraging participants to get to know people from other universities.
As a side challenge to potentially win a PS4, Context IS provided a Furby hacking challenge which involved trying to display custom eye graphics and play custom audio on the provided Furby.
The second day began with both teams entering a number of flags they had solved the previous evening, bringing the Hapless Techno-Weenies up to second place. After that the competition was fierce, with the top five teams switching places every few minutes — it was common for a team that was in first place to be in fourth two minutes later.
The second day introduced a few new challenges, including a thirty-six question quiz from Palo Alto Networks. To answer the questions we had to use a Palo Alto Networks firewall appliance to analyse traffic flows and user activity with the goal of working out who was exfiltrating data from a fictitious company.
By the end of the second day the Hapless Techno-Weenies had solved almost every challenge, with the exception of a puzzle called Time Crisis and four of the Palo Alto Networks challenges. The final thirty minutes was a tense race against the clock, with Critters solved twenty-five minutes before the end and a frantic race to enter the flag for Snake when it was solved with just three minutes to go.
Awards Dinner and Results
As is now the tradition, at the end of the competition we all donned our formal clothes and headed to Trinity College for a drinks reception, five course dinner, and awards ceremony.
Frank Stajano gave an inspiring speech about how all the competitors are the future of Cyber Security, requesting that we try to get more young people involved. If any young people are reading this, I highly recommend Cyber Security — go out and do some online challenges and get involved! After Frank’s speech it was time for the winners of the competition to be announced.
Southampton’s very own Hapless Techno-Weenies came second, receiving a comically oversized cheque for £3000 as a prize. Additionally, Hapless Techno-Weenies were awarded the Palo Alto Networks prize for getting the highest score on their challenges.
Our congratulations go to team Empire from Imperial College London who came third and team Anonymoose from the University of Edinburgh who came first. Anonymoose also received an award from Context IS for being the first team to solve the (very tough!) Con Air challenge.
As always we would like to thank Frank Stajano, Graham Rymer and Michelle Houghton of the University of Cambridge for once again organising an outstanding event. We would also like to thank Palo Alto Networks and Context IS for the additional challenges they provided and the NCSC, BT, Microsoft, and Facebook for sponsoring the event.
As well as this we are grateful for all the support from the University of Southampton itself, including Vladimiro Sassone, Sarah Martin, Oliver Bills, Denis Nicole, and everyone else from the Cyber Security Group. Thanks also to Vladimiro Sassone and Jamie Scott for driving our teams there and back.