Thank you very much, Berthold, for this introduction and thanks to the students. I think the applause was for me, for sure, or maybe for your teacher. First of all, we start with a short introduction. My name is Christopher Schütze. I would also like to welcome you to the cyberevolution, a really new format. I see a lot of people, really interesting, and I'm here with Sebastian, maybe again.
Hi, I'm Sebastian. I'm a professor of computer science at Berlin School of Economics and Law. So we don't have tech in the name, but we are quite techy. So we have some students for computer science, business computer science. They're also in the master's course, which we offer with a specialization in cybersecurity. Besides that, we are pretty broad and I'm doing research in intersection of machine learning and IT security and embedded systems engineering.
Yeah, it's a pleasure to be here. Thanks. Perfect. And maybe you ask yourself, or that was basically the question Berthold raised, why do we do that?
I mean, cybersecurity is really an interesting topic. There are a lot of threat challenges we've seen with the scenarios. How does the future look like? But we think it's also very beneficial for the audience and for sure also for the attendees to share a bit. How does real world hacking look like? What is it? How do attackers work and things like that? And I mean, is there any other or better format than something like a competition during the event where we can challenge or where the teams can challenge during the event?
And on the other hand, the audience can get some insights into how to deal with that. And that is basically the idea of the Capture the Flag event, which is in parallel mainly tomorrow. And Sebastian and I want to introduce that to you. So let's start with the first slide. Here we go. There's some delay. Capture the Flag has different formats. And let's start with the first one, Jeopardy.
Sebastian, what is that format about? Yeah, Jeopardy is like solving puzzles, right? Consider this, you are trying to capture the flag, which is at the end a string, usually in a special format, like if it's from Hack the Box, it's a HTTP end, then some string encoded with some curly brackets. And you need to find that somehow by solving puzzles, for instance, breaking some crypto challenge or invading a system and so on. Now we come to the categories later, but maybe next to the next one. What is attack and defense, Christopher?
Yeah, attack and defense is another possible format for a typical Capture the Flag where you have on the one hand red team, on the other hand the blue team. So really fighting one team against each other, trying to defend to get hacked, and the other team is trying hardly to get into other systems. And that's also a really interesting format, but it is a little bit difficult for conferences like that. This is more for real big Capture the Flag events because you need to know the teams, you need to be careful, but we will see this on the next slide.
And then there's also a third format, so no surprise, some kind of mixture, some kind of hybrid. So capturing the flag on the other side after attacking or defensing the attackers or the defense team. And a little bit forecasted is already we will do the Jeopardy style. So we have multiple single tasks that need to be solved with a different level of difficulty and that is what the teams need to solve tomorrow. Some words about the format, maybe Sebastian.
Yeah, we have two groups. So that's also why we do this together. So Christopher represents basically the enterprise teams and I represent the academic teams, but that's how we approached our network, that's the idea. And so we have teams that come from colleges, universities, universities, and teams are purely from enterprises. And we have eight challenges and we have a prize for every group. So each group, so students, both students and enterprise teams, the winner will be determined and then win a prize. Exactly.
And coming back to the attack and defense format, for sure we had in our mind as a first competition, let the students fight the professionals or the other way around. But at the end, one team would cry and this is what we don't want to have. That's why we decided we will have two winner teams. So one of the student teams and one of the enterprise teams will win the prize.
Okay, talking about the challenges. So there are multiple formats that can be used for those challenges and Sebastian and I picked some out and let's face or share some thoughts about it. The first one is a web challenge. What is it about? So web is what you would think of first, I guess. You have a web application running in a container or in some server, then you have some endpoints and then you try to exploit some vulnerabilities you find, for instance, by doing some injection attack, like SQL injection or doing a cross-site scripting, SSRF and so on.
And then by doing that, extracting the flag and then presenting this flag as evidence to the system that you have solved this challenge. Next one is forensics. What is that?
Yeah, forensic is, so we will also have two forensic challenges. It's basically from starting to analyze the log files, see what happened. For instance, if you became the victim of a ransomware attack, really trying to investigate what happened, which system are breached, where is anything you need to fix to solve. And that is more or less the category forensic.
Again, two of them and two of the web ones. The next one, Osind. Then we have open source intelligence, which means you find some, for instance, there also we have white box and black box challenges and then you find, for instance, in the white box, which means the source code is available, you find some hint, which then triggers your action to look for this in the open, in the internet, like social media and so on, which gives you in turn more information and then you can finally solve this challenge. Next one is cloud.
Yeah, cloud. I mean, you can do multiple things. Just think about APIs, how to access them, how to manipulate API accesses and things like that. This will be covered and no details about the challenge, because honestly, we also don't know the challenges. That's why Sebastian, by the way, has also two teams. We know nothing. I'm surprised as well. Maybe we will join in a third category to see.
Okay, next one, also typical one, reverse engineering. Reverse engineering is like trying to understand the inner mechanics of a system in general. For instance, a file that stores some information in a structured way and you need to find out how this is done and then understand it and use that information to extract the information.
Or more generally, you have a web application platform, which is like following a state machine and you try to find out under which conditions are these states followed and then you find specifically assumptions that the developers made, exploit those assumptions and then use that to extract the information. Crypto. And last but not least, cryptography. So for instance, you will receive some kind of document and need to decrypt. You need to find the secret, how to encrypt, how to decrypt and then you have the flag, the result.
These are our eight challenges that the teams will have to solve by tomorrow. We have different levels of difficulty.
So easy, medium, high and very difficult. There's only one very difficult and we will not tell which category. But it really depends. So I think if one team will solve everything, then it is really also it should be the winner. So it should be really interesting. So hint to the teams, focus on the things you're good in. And nobody should be disappointed because also some easy is in there and nobody should be done in 15 minutes or something. So this is good distribution, I guess. Exactly. And maybe a few words about the platform we use.
That's a very common platform, Hack the Box, with multiple things that basically offer a service to exactly do something like those capture the flag events, they prepare everything. Also the challenges, this is why we don't know the details and that was for a reason.
And yeah, that will be done by the platform. Let's start with the teams, the enterprise teams. So first of all, all students and enterprises should be now a little bit afraid because I have a microphone and we really try to share a little bit who is there. So I'm not 100% sure whether all teams are already there. Maybe we start with the telecom team. Lucky Meteorids, can you please stand up if you're here? That would be awesome. So no worries, I will only ask one question. How did you prepare for this challenge? Anything specific? We didn't really prepare, I guess.
I mean, we took part on Saturday on a CTF, but we didn't, you know, make some major efforts there. So, you know, we're just here having fun, I guess.
Perfect, thank you. And the second team? The next one is from Adidas, the Keepers. Are you here? The Keepers?
Ah, wow, okay. Don't be shy. I see next time we place the people strategically. Did you prepare on a specific purpose? Did you do some training before?
Well, I think that we prepare day to day in our work because we are trying to solve these kind of challenges every day, but nothing special. We are just here to have fun and do some teamwork.
Great, thank you. And then we have the next team. Next one is from E.ON, Power Rangers.
Perfect, thank you. I don't want to ask anyone a question, just to be a little bit afraid here.
Okay, then the next team. Then we have the next one. Please tell me how to pronounce it correctly.
Yeah, that is the most important. Okay, the Bank of Georgia.
Ah, okay, good. That would be the question.
Welcome, guys. And the question is basically how to spell your name. It just means like lions in Georgian, but with some twisting letters, as you've seen.
Yeah, perfect. Thank you.
Okay, then we have... And we have from Deutsche Bank, Fielfick Newtons.
Okay, perfect. Now Sebastian is able to run through the audience. Let's jump into the student teams. We have two pages, so we have five enterprise teams and seven student teams. And Sebastian is approaching his students right now. That's why they laugh, probably. Team number one is No One Way with Lukas, Benjamin, Philipp, Johannes and Azad.
Cool, awesome. Hey, guys. Any last words? We will fight to the end. You should have asked, do you know the answers already?
No, they don't. The next team is Hochschule Munich, which is the Red Cube.
Dominic, Yannick, Edward, Marius and Julian. Good.
All right, guys. How do you feel? Well prepared? I hope so. Probably it's going to be a long night preparing. Thank you. Then we have Dom4Shell.
It's Mark, Furuo, Tim and Benedikt. Cool. What about you? How do you feel? Well prepared? Not actually. This is the first time I am participating in such an event, so that's the first time hacking. Cool. Awesome. Yeah. Thank you. Amazing. Then we have Team Neuland, which is really a cool name, from Technische Hochschule in Ingolstadt with Jacob, Dominic, Michael and Jonas. Great to have you. Anything to share before the competition begins?
Yeah, we tried to rush up on our pawn skills and now there is no pawn challenge. So good start.
Yeah, sad. Next team is the SINNER team from Hochschule für Technik und Wirtschaft in Berlin.
Felix, Lukas, RK, Felix and Patrick. Are you here? Not yet here. So they will have a big disadvantage in not knowing what to do. And we have another team from Sebastian, Hochschule für Wirtschaft und Recht in Berlin, Pigeons Aren't Real with Alexander, Lisa, Aaron, Daria and Merle. So philosophical. Anything to add? Pigeons aren't real, so we can't lose. And the last team, maybe Serhil, Yehor and Ilja, stand up if you are here. Perfect.
Sebastian, I guess your question is obvious. Yeah, again, what about this hexadecimal number? It's just bit number eight. Okay. No deeper meaning. Perfect. Thank you very much. And as you can see, we have a lot of people here. And for the students and enterprises, for sure, they join the conference. And for the conference attendees, you can see what they will do tomorrow. And that is basically, that's why we have this slide with a plan, the schedule. So all of you participated right now, the introduction. Congratulations. And tomorrow, starting at nine o'clock in the morning till 5 p.m.,
we will have the main CTF challenge. It will be outside here on the tables, for sure, with some power supply and all the needed stuff. And not to disturb the teams too much, we will have three slots, 20 minutes each, where I will do some kind of insight. So I'm really trying to share a bit what are the challenges about, how did you approach, for sure, not explaining in detail for the competitors what is going on here. But that is more or less the idea, a little bit to share how to do something like that.
And for the participants of the conference, feel free to look at them, but don't touch them. Yeah, and the awards ceremony will be done on Thursday in the closing keynote as well. That is the plan for the Capture the Flag during the cyber evolution. I'm really looking forward to this cool format and cool event, which is also a new thing for us. And any famous last words?
Yeah, have fun. I hope everybody learns that and embraces the challenge, so nothing can go wrong. I think it will be a cool event. Looking forward to it.