Written by Gábor Pék
This is the second part of our !SpamAndHex series. You can read the first part here. Everything starts with a vision. It was in 2009 at the very beginning of my master studies at the Budapest University of Technology and Economics (in short BME) in Hungary when my advisor, Levente Buttyán (head of CrySyS Lab) contacted Engin Kirda who was tenured faculty at Institute Eurecom (Graduate School and Research Center) at that time if there is a project I could work on together with other iSecLab guys.
Malware analysis project in Vienna
Luckily, I got the chance to spend a couple of months on a malware analysis project under the guidance of Thorsten Holz at TU Wien. Beside the project which was interesting on its own, it was really amazing to share thoughts with so many bright people around me, for example, Thorsten, Paolo Milani Comparetti, Gilbert Wondracek, Clemens Kolbitsch* and many more. iSecLab has exceptional research results, but they invested huge efforts into system security education, too. The Advanced Internet Security course is a great example where students need to solve security challenges during the term to get qualified for the written exam. Students were also involved into CTF games and they regularly prepared for the annual iCTF competition which is organized by Giovanni Vigna together with the Shellphish team. iCTF is the world’s largest and longest-running educational hacking competition that integrates both attack and defense aspects in a live setting. During the last days of my stay, I participated the 2009 iCTF, the first CTF in my life, by joining the TU Wien team WE_OWN_YOU. All these moments heavily inspired my professional life later. Huge thanks for that for Levente, Engin, Thorsten and everybody from iSecLab TU Wien.
Our first iCTF game
After arriving back home and sharing my experiences with Levente and Bencsáth Boldizsár (aka “Boldi”), we decided to start something similar at our university, in Hungary. This time, we did not have a real system security course at the university as CrySyS Lab had a different field of interest (e.g., designing cryptographic protocols). But we had the vision to follow. The real steps delayed until the summer of 2011 (see the first part of this series). We did not only start to prepare for our first iCTF game as CrySyS Lab, but we launched our first CrySyS Security Challenge for all the BME students. We did not bind our security challenges to a university course, but opened it for all of our students for a couple of weeks. At the end of the competition, we rewarded top performers (e.g., with an iPad or phone) by the help of the generous support of our sponsors. The event was a great success. A few weeks later, these top students played together with other CrySyS Lab members on iCTF 2011 as Team.iCTF.CrySyS.A and finished 36th.
CrySyS Security Challenge
Next year we organized the CrySyS Security Challenge again, rewarded the best students and participated on iCTF as Team.iCTF.CrySyS.B and finished 23rd. We improved some position, but this result cannot be compared to the value of attracting some really bright students (e.g., Tamás Koczka, Gábor Molnár, Gábor Ács-Kurucz or Dániel Bali) who later became the key members of the !SpamAndHex team.
Reading Time: 9 minutes Security champions play a vital role in establishing and maintaining a security culture in an engineering organization. See how to turn your developers into security champions!
Reading Time: 6 minutes As the company grows the leadership wants to establish a security program to ensure the solid and undisrupted operation of the business. Security at this point is essential, especially when calculating the loss from a halted business, even for a few hours.
Reading Time: 9 minutes OWASP Top 10 Vulnerabilities in 2021 based on the non-official proposal of Phillippe De Ryck. Here is what we know.
Reading Time: 7 minutes Security champions represent an essential part of any security programs. They lead their teams on security projects, ensure internal security and help keeping security on the top of your mind. But how exactly they operate in a business? We asked Alexander Antukh, Director of Security at Glovo for professional insights.
Reading Time: 6 minutes For most companies, security is considered a side quest, which is partly related to the daily processes. In reality, security ought to be a strong foundation of any organization. To ensure the defense of the enterprise, the relevant teams need strong security knowledge and abilities.