Capture the Flag competitions (or CTFs for short) are the exhilarating battlegrounds where talented cybersecurity experts and hackers come together to solve complex technical puzzles and real-world security incidents. These intense competitions aren’t just about showcasing skills but also fostering team bonding and learning.
ExpressVPN’s Security Team has consistently shone on the global cybersec stage, recently achieving an impressive 20th-place finish out of 982 teams in the highly competitive HTB Business CTF 2023.
Join us as we delve into the team’s journey and accomplishments in the world of CTFs. Discover how these achievements not only reaffirm the reputation of our cybersecurity talent but also display our commitment to security.
What are CTFs and how do they work?
CTF competitions are events where individuals or teams compete to solve challenges, usually cybersecurity-focused ones simulating vulnerabilities and real-life scenarios, allowing participants to test their skills in ethical hacking, forensics, reverse engineering, and more. Teams must analyze code, exploit system weaknesses, and uncover hidden information to earn points for each solved challenge. This process highlights the qualities valued in a cybersecurity expert: Determination, skill, and the ability to excel in high-pressure environments.
For example, cybersecurity experts need a deep understanding of complex systems, coding proficiency, familiarity with network protocols, and a solid grasp of system architecture. CTF challenges allow ExpressVPN’s Security Team to display these attributes, demonstrating their competence in the field and commitment to maintaining a secure online environment.
ExpressVPN’s cybersecurity competition highlights
From securing podium finishes to outperforming global giants, we highlight the impressive achievements and triumphs of ExpressVPN’s Security Team in various prestigious competitions held from 2021 to 2023 (in reverse chronological order).
HTB Business CTF 2023
Outcome: 20th out of 982 teams
The highly anticipated Hack the Box (HTB) Business Capture The Flag (CTF) event, sponsored by ExpressVPN and held from July 14 to 16, 2023, revolved around a futuristic scenario set in the year 2244. Earth faced a monumental crisis with depleted fossil fuels, scarce water, and limited power. As tensions escalated, two powerful states emerged, each striving to establish a colony on Mars and harness an alternative power source called Vitalium.
These scenarios involved forensics challenges, where teams needed to investigate simulated malicious activities executed by a rogue state. Additionally, participants engaged in reverse engineering software to manage Vitalium resources and launched attacks on cloud infrastructure to gather information on the Mars colony. They also identified and exploited various vulnerabilities such as web, binary, and server issues.
“Although these scenarios were simulated and designed to fit with the dystopian theme of the CTF, the skills required to solve the challenges were very real,” explains team member Brian. “These are the same skills the security team uses on a daily basis to keep ExpressVPN’s products and users safe.”
Among the 982 participating teams, including Microsoft, Puma, Accenture, and Toyota, ExpressVPN’s Security Team achieved an impressive 20th-place finish, further cementing their reputation as a formidable force in the world of digital defense.
Splunk BOTS 2022
Outcome: 4th out of 84 teams
In the highly competitive realm of Splunk Boss of the SOC (BOTS) 2022, our cybersecurity team once again showcased their prowess, securing a commendable fourth-place finish out of 84 highly skilled cyber defense teams from companies across the APAC region.
The competition posed challenging scenarios, including investigating a supply chain compromise in the cloud, ransomware, malware, and other security threats. The team’s ability to excel in such a demanding environment earned them praise and recognition from peers and industry experts.
Hack the Box 2022
Outcome: 8th out of 650 teams
Hack the Box 2022 was a big event for ExpressVPN, as we not only entered a team but also sponsored the competition. Despite facing stiff competition from over 650 teams worldwide, the ExpressVPN Security Team displayed exemplary performance, securing a noteworthy 8th place.
The competition focused on money-related security challenges, encompassing crypto laundering, phishing campaigns, wire fraud, malware, ransomware strains, and more. Team member Walter expressed his pride: “There was a great show of amazing teamwork. As we learn to collaborate with each other in this simulated environment, we can do better in the real world.”
Outcome: 3rd out of 623 teams
During the MetaCTF competition, our cybersecurity team secured a coveted third-place finish out of 623 teams of active professionals. The team successfully solved a total of 51 (out of 66) challenges and were among the few teams that managed to conquer challenges across all categories, which included forensics, web exploitation, and reverse engineering.
The event also served as an invaluable opportunity for team bonding and learning, where players forged strong connections.
Splunk BOTS 2021
Outcome: 1st out of 34 teams
In the Splunk BOTS 2021 competition, ExpressVPN’s cybersecurity team emerged as the champions, outperforming government institutions, banks, and other cybersecurity companies from Singapore and beyond. Their victory demonstrated their unrivaled expertise in analyzing and responding to security threats across diverse platforms.
Cherlynn, a member of the winning team, shared her aspiration, saying, “We want to compete in two to three competitions a year. This way, we can continue learning and exploring new fields to make our organization more secure whilst building trust within our company as a highly capable function.”
HTB Business CTF 2021
Outcome: 11th out of 374 teams
In the challenging arena of the HTB Business CTF 2021, our experts proved their mettle once again, securing a commendable 11th place out of 374 teams competing from all corners of the globe.
3 reasons why CTFs are important for cybersecurity-focused companies
1. Enhanced skills through real-life scenario simulations
Joining a CTF competition enables ExpressVPN’s teams to build critical thinking skills, a crucial aspect in the field of cybersecurity, where “discovery” is 99% of the problem. These competitions also often simulate real-life scenarios that allow the teams to gain practical experience in a dynamic environment. For instance, they sift through significant volumes of data to better understand hacker activity, which enhances their ability to detect and respond to threats effectively. These insights help the team comprehend the sequences of events leading up to security incidents and an attacker’s objectives.
As one team member, Dave, explains, “A CTF lets people practice trial and error and discovery skills, as well as persistence and perseverance. Sometimes your gut just tells you something doesn’t smell right, and part of a security team’s job is to dig until we either find what smells or reasonably prove that it doesn’t. CTFs help us build those skills so we can use them in the real world.”
2. Exploring novel attack methods
Cybersecurity is a fast-changing world, in which adaptation is essential. CTFs offer the opportunity to explore different attack methods. Cherlynn explains, “At the end of the day, we receive hands-on experience in simulated environments that help us to prepare for dealing with real-life (cybersecurity) incidents. There are always new ways that hackers use to exploit systems, and continuous improvement is key to staying ahead of the curve and protecting our customers, partners, employees, and the organization as a whole.”
3. Fostering collaboration and fun
Lastly, CTFs are great for team building and networking (when done in person). And because they play a pivotal role in learning and skill development across various cybersecurity and engineering domains, we understand the importance of broadening participation beyond our security team. Individuals from our engineering departments actively engage in these competitions, leveraging their skills to effectively pinpoint and exploit vulnerabilities. We’ve also extended the invitation to join our CTF team to all members of the organization, embracing anyone keen on enhancing their cybersecurity skills and knowledge.
FAQ: About capture the flag competitions
What’s the difference between a hackathon and CTF?
Hackathons and CTFs are both technical events, but hackathons focus on creating projects, while CTFs are usually about cybersecurity challenges.
– Hackathons are about building new software or hardware projects in a collaborative environment within a short time frame (typically 24-72 hours). They emphasize innovation, creativity, and practical implementation.
– CTFs (Capture the Flag) are cybersecurity competitions where participants find and exploit vulnerabilities in computer systems. Challenges can include reverse engineering, cryptography, and web hacking, aiming to improve participants’ cybersecurity skills.
How to prepare for a CTF competition?
Improve your performance by preparing for a capture the flag competion with these steps:
– Research the CTF: Start by thoroughly researching the CTF you’re planning to attend and think about the skills you may need to help you solve challenges. Understand its theme, rules, regulations, and the prizes offered (if interested in prizes).
– Assemble a team: CTFs are more enjoyable and productive when you work with a team, and they’re a great bonding activity. Look for individuals with complementary skills and a shared passion for the CTF’s theme. A diverse team can bring unique perspectives and expertise to your project. Make sure you have a good way to communicate and share ideas as you progress through the challenges if you’re not all physically in the same room. We’ve found Discord, Slack, and Google Meet really useful.
– Practice coding skills: You will need some coding skills, and practicing beforehand will give you a competitive edge.
– Pack your gear: Ensure you have everything you’ll need for the CTF. Bring your laptop, charger, and necessary software. Don’t forget to pack snacks, drinks, a power strip, extra cables, and a first-aid kit for any unexpected situations.
– Get a good night’s sleep: Since CTFs often involve staying up all night coding, it’s vital to be well-rested before the event. A good night’s sleep will help you stay focused and be more productive during the event.
How to participate in a CTF or hackathon?
To participate in a CTF, the first step is to find a suitable event. There are numerous CTFs happening all over the world, so you’ll need to do some research to find one that aligns with your interests and schedule. You can search online for hackathons in your area or explore platforms like Devpost or HackerEarth, which list various hackathon opportunities. Consider factors such as the hackathon’s theme or focus, length, prizes, and location when making your choice.
Before you sign up for a CTF or hackathon, it’s essential to read and understand the event’s rules and regulations. Each hackathon has its own set of guidelines, which may include rules about teamwork, the technology you can use, and intellectual property rights. Familiarizing yourself with these rules will help you know what’s expected of you as a participant and ensure a smooth experience throughout the event.
Protect your online privacy and security
30-day money-back guarantee