How !SpamAndHex became a top hacker team (part 2)
Gábor Pék (CTO, Avatao)
This is the second part of our !SpamAndHex series. You can read the first part here. Everything starts with a vision. It was in 2009 at the very beginning of my master studies at the Budapest University of Technology and Economics (in short BME) in Hungary when my advisor, Levente Buttyán (head of CrySyS Lab) contacted Engin Kirda who was tenured faculty at Institute Eurecom (Graduate School and Research Center) at that time if there is a project I could work on together with other iSecLab guys.
Malware analysis project in Vienna
Luckily, I got the chance to spend a couple of months on a malware analysis project under the guidance of Thorsten Holz at TU Wien. Beside the project which was interesting on its own, it was really amazing to share thoughts with so many bright people around me, for example, Thorsten, Paolo Milani Comparetti, Gilbert Wondracek, Clemens Kolbitsch* and many more. iSecLab has exceptional research results, but they invested huge efforts into system security education, too. The Advanced Internet Security course is a great example where students need to solve security challenges during the term to get qualified for the written exam. Students were also involved into CTF games and they regularly prepared for the annual iCTF competition which is organized by Giovanni Vigna together with the Shellphish team. iCTF is the world’s largest and longest-running educational hacking competition that integrates both attack and defense aspects in a live setting. During the last days of my stay, I participated the 2009 iCTF, the first CTF in my life, by joining the TU Wien team WE_OWN_YOU. All these moments heavily inspired my professional life later. Huge thanks for that for Levente, Engin, Thorsten and everybody from iSecLab TU Wien.
Our first iCTF game
After arriving back home and sharing my experiences with Levente and Bencsáth Boldizsár (aka “Boldi”), we decided to start something similar at our university, in Hungary. This time, we did not have a real system security course at the university as CrySyS Lab had a different field of interest (e.g., designing cryptographic protocols). But we had the vision to follow. The real steps delayed until the summer of 2011 (see the first part of this series). We did not only start to prepare for our first iCTF game as CrySyS Lab, but we launched our first CrySyS Security Challenge for all the BME students. We did not bind our security challenges to a university course, but opened it for all of our students for a couple of weeks. At the end of the competition, we rewarded top performers (e.g., with an iPad or phone) by the help of the generous support of our sponsors. The event was a great success. A few weeks later, these top students played together with other CrySyS Lab members on iCTF 2011 as Team.iCTF.CrySyS.A and finished 36th.
CrySyS Security Challenge
Next year we organized the CrySyS Security Challenge again, rewarded the best students and participated on iCTF as Team.iCTF.CrySyS.B and finished 23rd. We improved some position, but this result cannot be compared to the value of attracting some really bright students (e.g., Tamás Koczka, Gábor Molnár, Gábor Ács-Kurucz or Dániel Bali) who later became the key members of the !SpamAndHex team.
Share this post on social media!
Learn about Insecure Direct Object Reference and the steps you can take as a developer to make sure your applications are safeguarded against cyberattacks.
Having the right security mindset is important, so we asked an expert about learning security and building security awareness!
Authentication and authorization both can be associated with common security vulnerabilities. Here are some ways to prevent them!