How !SpamAndHex became a top hacker team (part 2)
Gábor Pék (CTO, Avatao)
This is the second part of our !SpamAndHex series. You can read the first part here. Everything starts with a vision. It was in 2009 at the very beginning of my master studies at the Budapest University of Technology and Economics (in short BME) in Hungary when my advisor, Levente Buttyán (head of CrySyS Lab) contacted Engin Kirda who was tenured faculty at Institute Eurecom (Graduate School and Research Center) at that time if there is a project I could work on together with other iSecLab guys.
Malware analysis project in Vienna
Luckily, I got the chance to spend a couple of months on a malware analysis project under the guidance of Thorsten Holz at TU Wien. Beside the project which was interesting on its own, it was really amazing to share thoughts with so many bright people around me, for example, Thorsten, Paolo Milani Comparetti, Gilbert Wondracek, Clemens Kolbitsch* and many more. iSecLab has exceptional research results, but they invested huge efforts into system security education, too. The Advanced Internet Security course is a great example where students need to solve security challenges during the term to get qualified for the written exam. Students were also involved into CTF games and they regularly prepared for the annual iCTF competition which is organized by Giovanni Vigna together with the Shellphish team. iCTF is the world’s largest and longest-running educational hacking competition that integrates both attack and defense aspects in a live setting. During the last days of my stay, I participated the 2009 iCTF, the first CTF in my life, by joining the TU Wien team WE_OWN_YOU. All these moments heavily inspired my professional life later. Huge thanks for that for Levente, Engin, Thorsten and everybody from iSecLab TU Wien.
Our first iCTF game
After arriving back home and sharing my experiences with Levente and Bencsáth Boldizsár (aka “Boldi”), we decided to start something similar at our university, in Hungary. This time, we did not have a real system security course at the university as CrySyS Lab had a different field of interest (e.g., designing cryptographic protocols). But we had the vision to follow. The real steps delayed until the summer of 2011 (see the first part of this series). We did not only start to prepare for our first iCTF game as CrySyS Lab, but we launched our first CrySyS Security Challenge for all the BME students. We did not bind our security challenges to a university course, but opened it for all of our students for a couple of weeks. At the end of the competition, we rewarded top performers (e.g., with an iPad or phone) by the help of the generous support of our sponsors. The event was a great success. A few weeks later, these top students played together with other CrySyS Lab members on iCTF 2011 as Team.iCTF.CrySyS.A and finished 36th.
CrySyS Security Challenge
Next year we organized the CrySyS Security Challenge again, rewarded the best students and participated on iCTF as Team.iCTF.CrySyS.B and finished 23rd. We improved some position, but this result cannot be compared to the value of attracting some really bright students (e.g., Tamás Koczka, Gábor Molnár, Gábor Ács-Kurucz or Dániel Bali) who later became the key members of the !SpamAndHex team.
We’d also love to hear your thoughts. Leave a comment below if you have any questions or feedback, or let us know what cybersecurity topic you’d like to read about next!
Reading Time: 8 minutes The purpose of this post is to present one of the most popular authorization manager open standards JWT. It goes into depth about what JWT is, how it works, why it is secure, and what the most common security pitfalls are.
Reading Time: 8 minutes Software development and application security go hand-in-hand. We asked the CISO of Skyscanner about this crucial relationship.
Reading Time: 10 minutes Every year, Ruby is becoming more and more popular thanks to its elegance, simplicity, and readability. Security, however, is an issue we can’t afford to neglect.