GreyCTF 2022: Event Summary + Catching Up with the Student Leaders of Greyhats

Early this year in June, NCL and NUS Greyhats had the pleasure of organizing GreyCTF 2022. The event was sponsored by CSA, Guardrails and Ensign Infosecurity. The online qualifiers ran from 6 June to 10 June, while the finals ran from 18 June to 19 June. Over 354 participants took part in the online qualifiers, while 10 local teams fought their way to the finals, held at NUS i4.

<Finalists, organisers and sponsors>

The event was kicked off with speeches by representatives from sponsors CSA, Guardrails. Participants were then ushered to their respective allocated meeting rooms and the competition commenced. Following an intensive competition which ended the following day, the winning teams were finalized. All teams gathered for the prize ceremony, where representatives from Ensign Infosecurity closed the event with a motivational speech to all participants. The winners were presented prizes and all participants enjoyed a buffet spread prepared for them.

<Ms. Christine Wee – CSA>

<Mr. Stefan Streichsbier, CEO – Guardrails>


<Mr. Seow Chun Yong, Consultant (Cyber Adversarial Emulation) – Ensign InfoSecurity>


<1st Place - Catssg>


<2nd Place - Nushmallows>


<3rd Place - Stranglehold>


<All Winners, 1st to 3rd Place – Catssg, Nushmallows, Stranglehold>

Following the successful run of this competition, we caught up with Greyhats president Kel Zin and advisory member Daniel, and they shared their experience in leading and organizing the competition this year. They also offered some advice to students who may be interested in organizing their own CTF events.

Read on for this short Q&A with Kel Zin and Daniel.

1.       Was this your first time organizing a CTF competition?

Kel Zin: No if you take account of online CTF, yes if I only consider physical CTF. Before GreyCTF, I participated in the organizing team of Welcome CTF 2021 and CS2107 Assignment CTF. Both of them are completely virtual and only involve NUS students. GreyCTF is the largest CTF that I have ever organized.

 

Daniel: It wasn't our first time doing so as Greyhats as we annually organise a mini CTF for SoC freshmen. But we've never held one of such scale.

 

2.       What were some challenges you faced throughout the whole process of organizing this competition?

Kel Zin: I think the most challenging part of the competition is the lack of challenge creators.

 

GreyCTF is different compared to the previous CTF we had. It has 2 phases - the qualification and the finals. The qualifications run for about 5 days and we need many challenges to keep the players excited. The finals on the other hand need to be difficult enough to better distinguish the top 3 teams from the rest.

 

For the qualifiers, we expect to have at least 7 challenges in each category (Misc/Pwn/Web/RE/Crypto) so that will be around 35 challenges in total. Then we also plan for at least 4 challenges in each category for finals, which is 20 challenges.

 

Daniel: The toughest challenge was with handling the logistics. We started preparation quite late as we were busy with school work. During the short period of time we had left, we needed to rush the purchase of freebies like tshirts, hoodies, thumbdrives, etc. Other than that, it was also challenging to come up with enough good quality challenges for both the qualification and final round.

 

3.       What achievement from the competition were you most proud of?

Kel Zin: I am very proud that the participants recognise some of my challenges. A few international participants messaged me on discord and told me that they like my challenge! It is the most satisfying feeling ever.

Other than that, I am also very proud that we managed to complete the event despite the shortage of manpower. Although there are some hiccups here and there, I think we did a really good job for our first large-scale event. The event went pretty smoothly overall. Thank you team!

 

Daniel: I'm very proud that we could bring 30 young talents to compete with each other inside one building. As far as I know, there hasn't been any in-person local CTFs in the past 2 years since the covid outburst.

 

4.       What inspired you to create challenges in a novel and interesting way for the participants?

Kel Zin: As a frequent CTF player, I have a rough idea of what kinds of challenges are good and bad. I try to make the challenge less guessy and fun to solve. Usually, my inspiration for a challenge comes from a simple concept that I learned in class. When my prof introduced a new mathematical theory or concept, I always try to think about how these theories can be used to construct a cryptographic scheme. After the construction then I attempt to break it myself or simplify it if it is too complicated.

Other than that, sometimes I also get inspiration when I am solving other CTF questions. I will mix and match the concepts that I have learned and try to create a more interesting one for the players.

I am not too sure whether these challenges that I have created are interesting to the participants, but at least it looks pretty interesting to me!


Daniel: For myself, I like to make challenges that are relevant to things we may see in our life. So, I take inspiration from the different types of software that I use. For example, I made some challenges where a player needs to cheat in a game to get a very high score.

 

5.       Were you surprised by the participation rate?

Kel Zin: Initially I was very worried that GreyCTF has too few participants. I remember a few days before the start of the competition, there were only around 120 official teams (3 people per team). This number is quite low considering that Welcome CTF 2021 also has around 100 teams (4 people per team), which is restricted to only NUS students. However, the number starts to grow when the CTF started. Many international teams joined, and the total team number increased to around 500.

So yeah, I guess I am surprised that the number of teams was not significantly higher than Welcome CTF 2021.

 

Daniel: Not very surprised, because although quite high, it may have been lower than other CTFs.

 

6.       Do you have any words of wisdom / advice for students who may be interested in organizing such events?

Kel Zin: Start earlier, plan earlier. Find more challenge creators. Don’t do things last minute.

 

Most importantly you need to have passion for CTF!

 

Daniel: The obvious advice would be to start preparing early. Other than that, I strongly recommend organizers to stand in the shoes of the players when creating challenges, to think from the perspective of a player, what would they learn from this challenge, and whether the challenge is worth their time for learning this concept.

 

7.       Any words of acknowledgement for the sponsors, participants and organizing committee?

Kel Zin: I would first like to convey my appreciation to the main sponsors of the event - CSA, Guardrails, and Ensign. This event will not run so smoothly without their financial support.

 

Next, I would like to thank the team behind GreyCTF. I am really grateful to NCL for providing logistic and admin support for us. Thank you, Hannah, for being the main person of contact and helping us out throughout the event. Also, thanks to the member of Greyhats for sacrificing their summer break to organize the event.

 

Daniel: Our whole team is very grateful for our sponsors' generous support. Thanks to them, our participants had an enjoyable time during the event.

I also want to thank all participants for playing our CTF, otherwise our efforts would have been wasted!

Lastly, I'm thankful for all the hard work of my teammates from Greyhats and NCL. Everyone was busy with life but took the time to make this event a successful one.

-end-

Once again, NCL thanks all sponsors and student leaders for making this event possible!

Platinum Sponsor: CSA
Gold Sponsors: Guardrails, Ensign InfoSecurity

The Grey Cat the Flag Exco:





Comments

Post a Comment

Popular posts from this blog

GreyHats CTF 2023

Image
The GreyHats CTF 2023 event, jointly organized by the National Cybersecurity R&D Lab (NCL) and NUS Greyhats , took place from July 15th to 16th, 2023, at the School of Computing, National University of Singapore. The event witnessed the participation of 90 finalists who formed 15 teams , including 5 international teams and 10 local teams . These 90 finalists had previously competed in the GreyHats qualifier rounds and successfully qualified for the NUS GreyHats CTF 2023 event. The qualifier rounds attracted participation from more than 1600 individuals representing 454 teams (314 international teams & 140 local teams) . Greyhats is the largest student-led information security interest group based in NUS. The members of Greyhats are enthusiastic students with strong technical skills, keen to spread the love of cyber-exercises. NCL is a research lab established in 2015, funded by National Research Foundation, under the National Cybersecurity R&D (NCR) Programme. It
Read more

The Youth Cyber Exploration Programme (YCEP) - Central Capture-the-Flag 2023

Image
The Youth Cyber Exploration Programme (YCEP) Central Capture-the-Flag 2023 competition took place on the 25th of July 2023, in conjunction with WorldSkills ASEASN 2023, at Suntec Convention Centre witnessed close to 70 finalists from different schools. Photo by Cyber Security Agency of Singapore The competition was organized by CSA, with the support of National Cybersecurity R&D Lab (NCL) and Cisco Systems, aimed to ignite the passion for cybersecurity among young talents and foster a vibrant cyber community. We would like to extend our heartfelt appreciation to all students who showcased their incredible skills and determination throughout the competition. Congratulations to all the individual winners, as well as the top three group winners, Team 06, Team 13, and Team 10. Photo by Cyber Security Agency of Singapore We were honoured to have Mr. Tan Kiat How, Senior Minister of State for Communications and Information and Senior Minister of State for National Development,
Read more

Critical Infrastructure Defence Exercise (CIDeX) 2023

Image
National Cybersecurity R&D Lab (NCL) had the opportunity to support Critical Infrastructure Defence Exercise (CIDeX) 2023 from 22nd November to 24th November 2023 held at the School of Computing, National University Singapore (NUS). The event involves over 200 participants coming from DIS, CSA and 24 other national agencies across six Critical Information Infrastructure (CII) Sectors. Mr. Heng Chee How, the Senior Minister of State for Defence, and Dr. Janil Puthucheary, the Senior Minister of State for Communications and Information and Health, attended the Critical Infrastructure Defence Exercise (CIDeX) 2023 on 24th of November 2023. The event focuses on training and strengthening Whole-Of-Government (WoG) cyber capabilities to detect and tackle cyber security threats to Information Technology (IT) and OT networks that control the operations of critical infrastructure. NCL would like to express gratitude to MINDEF and Cybersecurity Agency of Singapore (CSA) for prov
Read more