Despite COVID-19 overshadowing almost everything going on in 2020, Perth’s fourth annual cyber security and hacking contest, WACTF (WA Capture the Flag), kicked off on Saturday 12th December with a bigger and more enthusiastic group of cyber sleuths than ever before. A CTF – is a cyber security event that pits contestants against a series of increasingly difficult security-related puzzles that, once solved, reveal a flag. Flags, in this case, are codes or files that contestants upload to the scoring system to receive points. Challenges are graded by difficulty; thus, points are awarded based on the complexity of the challenge and the contestant’s speed and accuracy.
WACTF has been incredibly successful in promoting cyber security as a legitimate career opportunity, and as awareness of the contest spreads throughout the state’s education and industry ecosystems, numbers are swelling each year. Back in 2017 when it all started, they had 134 registrations, and just five high-schoolers compete. In 2020, numbers swelled to 396 contestants and 78 high schoolers, which was incredible to see. The youngest contestant on record was just 12 years old, and 127 entrants were from local universities. Given this year’s diversity and range of ages, the contest is succeeding in identifying future talent and building a pipeline for our cyber workforce, from school, through college, and into the industry.
As a volunteer-run event, every challenge is created by members of the local security community, based on real-world cyber-related stories. Contestants have said this approach really brings each challenge to life and focuses their minds on the purpose of the job they are doing.
The contest is free to enter, and some amazing prizes are up for grabs for those not already working in the industry. A bunch of local companies, acting as founders and sponsors, covered all the costs of the venue, food and drinks, and having the event at Spacecubed in the heart of Perth’s CBD as well as at ECU in Joondalup made it really accessible for all. First prize winners scooped up conference tickets, professional training courses, penetration testing kits, and hardware bundles including a massive new monitor. Runners up got a few of the prizes awarded for first place, along with an excellent set of lockpicks from local specialist retailer, PickPals.
All in all, the competition lasted two full days and provided 52 challenges covering website hacking, cyber forensics, exploitation, cryptographic puzzles, incident response scenarios, and a variety of fun story challenges.
The first prize was scooped up by team 64Bit-GuessGods. You can look at the scoreboard here to see how they fared against the competition. Second prize went to team wide sprite, third to humorously named More flags than the UN, and fourth prize was scooped up by Port22Pirates. High schools such as Perth Modern were also significant challengers, and the top ranked high school this year ran under the codename of PID1337. It’s fair to say that this year the kids really gave the adults a run for their money, and as the future of WA’s cyber community, it is great to see such talent blossoming at such an early age. All the teams did amazing work and you can see the full leader board here.
This year’s WACTF 2020 awards ceremony kicked off at Palace Cinemas Raine Square on the 16th December, opened by Mr. Chris Tallentire MLA, Member for Thornlie, and Parliamentary Secretary to the Minister for Water; Forestry; Innovation and ICT; Science; Youth. The night’s festivities included awards and calls out to all the winners, recognition of the sponsors and volunteers, followed by the screening of the iconic movie, Hacker, from 1995.
A huge congratulations to all the winners and everyone who took part. These events are all about having fun and learning new skills while networking with a great bunch of people in the WA security community. Who knows, you might even meet your future colleagues as you start out on an exciting career path.
If you missed WACTF 2020, don’t worry, it’ll be back next year. For more information on WACTF, check out their website or follow #hacktheplanet on Twitter. If you are interested in learning more about CTF contests and how you should prepare, there are some great resources listed on the WACTF website, but if you are a total newcomer and have no idea how to even set up your laptop to get started, local expert Ryan Leyshon from Warnbro Community High School created the following guide.
Lastly, kudos to the founders and sponsors: Trustwave, Kinetic IT, Bankwest, Murdoch University, Spacecubed, AustCyber, WA Government, and CyberCX, and with additional contributions from BSides Perth, PentesterLab, Wahckon, ECU, and Offensive Security.