Plaid Parliament of Pwning
As we mentioned a while ago, PPP was able to qualify two teams for the final round of NYU Poly’s CSAW competition which was held on the last weekend in October.
Everyone had an awesome time at the competition, and in New York City in general. We also got to spend some time hanging out with some of the other teams: RPISEC, WCSC from USF, the two teams from Stevens Institute of Technology, [csg] from UTD, and Graham’s Crackers from Penn State. Many of the participants and judges we had met last year, so it was great to catch up with them.
We left for New York on Wednesday night, which unfortunately coincided with a large storm on the East Coast that caused lots of airplane delays. Luckily, just as all our laptop batteries had died, our plane was ready.
Still, we got to New York City with plenty of time to check into our hotel rooms and get some rest before Thursday’s events. We made sure to get to Poly with plenty of time to check in and get settled, which meant we ended up arriving about an hour too early — oops.
After we checked in and got settled, other teams started arriving. We spent the next few hours eating and mingling with lots of other teams until the first set of competition events began. It was great to see so many awesome people there not just for the CTF competition, but also from the Embedded Challenge and Highschool Forensics.
After a few interesting talks by some cool speakers, a few of the CTF teams participated in the preliminary round for the security quiz. We didn’t participate in the quiz last year, but decided to give it a shot this year, with all 8 of our members participating in pairs. We managed to get two pairs of teams to qualify for the final round the next day.
Although the competition didn’t start until 8am Friday morning, we were told we might get some problems early due to the short time frame we’d have at the competition itself. We stayed up working on the problems for a few hours until we decided we had better sleep so we could be prepared for the competition.
The competition had some really cool problems. We were sad we couldn’t have spent the time to solve more of the challenges, but that’s the way it goes! In the end, PPP1 had completely solved 3 problems, PPP2 had completely solved 0 problems, and a few teams had solved 1 problem.
A few of the interesting problems included writing an exploit for a machine with a kernel vulnerability, a “Hackers” (as in the movie) themed reverse engineering challenge which employed a custom steganography and encryption algorithm, and an authentication page that (we were told) can be broken with a timing attack.
We then ate a quick lunch, and went to the final round of the quiz competition. There were a lot of difficult problems that we couldn’t answer, but to our surprise, we were able to get both first and second place in the quiz! (though sadly with PPP2 coming ahead of PPP1)
After the announcements of results for the other cool competitions NYU Poly held, as well as talks on computer security, the final results for the CTF competition were announced and.. PPP1 and PPP2 got first and second! Due to the partial credit for explaining how to solve problems without having the final answers, PPP2 was able to squeeze ahead of RPISEC, earning them a top spot.
The competition hosts were then nice enough to have a small after party to celebrate how awesomely all the teams did in the competition. It was great to talk with the judges and other teams about the challenges and security in general, as everyone at CSAW had a lot to say.
Overall we had a great time working on fun problems and meeting cool people. And, of course, placing so well in the final competition is also very exciting for us. Hopefully we’ll be back at CSAW next year to compete another time and hang out again with fellow hackers!