With the emergence of new technologies such as big data, artificial intelligence, and 5G in the public eye, enterprises are facing increasingly severe cybersecurity threats. The competition in cybersecurity ultimately boils down to talent competition. As emerging technologies and industries continue to evolve, the competition for talent becomes increasingly intense. Capture the Flag (CTF), as the most popular global information security competition, is gradually gaining attention among cybersecurity professionals.
In order to promote technical exchanges among cybersecurity professionals and enhance their understanding and capabilities in vulnerability exploitation, UMS partnered with InsightSec to organize two security Capture the Flag (CTF) invitationals for UMS security professionals on July 17th and 18th at the Bund Center in Shanghai.
The CTF competition focused on common scenarios of web security and PWN vulnerability discovery and exploitation. To facilitate comprehensive technical exchanges, UMS invited two renowned CTF teams, Fudan University 0ops and Shanghai Jiao Tong University 0ops, to engage in a practical confrontation. After two days of intense competition, the teams worked together and demonstrated their abilities, achieving satisfactory results while also recognizing the gaps compared to top-notch experts.
Throughout the competition, participants were fully engaged and focused on the tasks at hand.
After the competition, there was a post-event debriefing and interactive session where participants were actively engaged in sharing their problem-solving approaches and insights with each other. The participants showed great enthusiasm and seriousness during the discussions, fostering a collaborative learning environment.
According to the final statistics, the team "3Years" achieved the highest dynamic score among the participating teams from UMS Merchant Services, earning them the title of "Champion Team" in this competition! The teams "NoName" and "CatchFlag" secured the second and third positions. Congratulations to all the winning teams for their outstanding performance!
The participants expressed that although they are highly focused on secure development and secure operations in their daily work and have experience in fixing system vulnerabilities, the field of offensive and defensive techniques was a new and challenging experience for them. They hope to apply the knowledge and experience gained from this competition to their future work, further enhancing their skills and contributing to the security of their organizations.
Appendix:
Capture the Flag (CTF) is a competition that originated from the world hacker conferences and is a significant avenue for exchanging security techniques. With the development of security offensive and defensive technologies, CTF competitions have gradually evolved into a form of cybersecurity competition, with various competition formats.
Jeopardy Mode:
In the Jeopardy mode competition, participating teams can compete online through the internet or on-site networks. This mode of CTF competition is similar to ACM programming competitions and informatics olympiads. Teams are ranked based on the scores and time taken to solve the cybersecurity challenge questions. The questions mainly cover categories such as reverse engineering, vulnerability discovery and exploitation, web penetration testing, cryptography, forensics, steganography, secure programming, and more.
Attack-Defense Mode:
In the Attack-Defense (AWD) mode of CTF competition, participating teams engage in attacking and defending each other in the cyberspace. They exploit vulnerabilities in opponent's services to score points and patch their own service vulnerabilities to prevent losing points. The real-time scoring reflects the competition status in the Attack-Defense mode, and the final result is determined by the scores, directly indicating the winner. It is a highly competitive, visually appealing, and transparent cybersecurity competition format. Typically, teams of 3-4 members work collaboratively and divide tasks.