image placeholder

We are pleased to announce that the UCSB team, called “Shellphish”, won the
“Capture The Flag” competition at DEFCON. The team was led by Professor
Giovanni Vigna from the Department of Computer Science and was mostly composed
of Computer Science graduate students.

DEFCON (http://www.defcon.org) is the largest underground hacker convention in
the world, and the “Capture The Flag” competition, which is held every year as
part of the convention, is regarded as the “world championship of
hacking”. Last year, the UCSB team placed second. This year we won the
competition.

To participate in the competition, the UCSB team had to pass a qualification
round in June. Out of around 180 participants only 7 teams were able to
qualify for the competition. The winning team from the previous year was
automatically admitted, bringing the number of competing teams to 8.

The actual CTF competition was held in Las Vegas on July 29-31. During these
three days, the 8 teams set up their systems in the central room of the
convention and waged hacker wars against each other. The competition was
organized by the Kenshoto hacker group (https://www.kenshoto.com/).

Each team was given access to a UNIX server (prepared by the organizers) that
contained a number of undisclosed vulnerabilities. The task of each team was
to find the vulnerabilities by analyzing the server’s software, fix the
vulnerabilities in their copy of the server, and exploit the same knowledge to
compromise the security of other teams’ servers. The goal of these attacks was
to steal or modify a number of secret files, called “flags”.

After three day of intense hacking, the UCSB team was able to perform the most
attacks, steal the most flags, and perform the most original hacks (19 in
total). The Shellphish team was announced as the winner during the conference
final ceremony. The team members received the recognition of the hacker
community and a number of “black badges” that will allow lifetime free
entrance to the convention.

The Shellphish team members were the following:

Giovanni Vigna (UCSB, CS Associate Professor)
Davide Balzarotti (Politecnico di Milano, UCSB visiting Graduate Student)
Greg Banks (UCSB, CS Graduate Student)
Wilson Chen (ex UCSB CS Graduate Student, now at Apple)
Ryan Dixon (UCSB, CS Graduate Student)
Vika Felmetsger (UCSB, CS Graduate Student)
Paul Haas (UCSB, CS Undergraduate Student)
Chris Kruegel (TU Vienna, Assistant Professor, ex UCSB Postdoc)
Darren Mutz (UCSB, CS Graduate Student)
Dan Nurmi (UCSB, CS Graduate Student)
Will Robertson (UCSB, CS Graduate Student)
Fredrik Valeur (UCSB, CS Graduate Student)

A huge “thank you” goes to the organizers of the competition, the Kenshoto
team (John Viega, Visigoth, and the others), for putting together such a great
event.

This announcement can be found at http://www.cs.ucsb.edu/~vigna/defcon.html

Pictures here.