ExpressVPN: Stars on the global cybersec stage
Want to work with the best and brightest minds in cybersecurity, and keep your skills sharp competing against other global leaders? Join ExpressVPN and be part of our CTF competition teams!
The past year has been a banner one for ExpressVPN's cybersecurity team, which placed in not one, not two, but three global Hack the Box (HTB) and Capture the Flag (CTF) competitions.
At this summer's Hack The Box Business Capture The Flag (HTB CTF) and Splunk BOTS, two teams consisting of ExpressVPN’s talented cybersecurity experts and hackers came together to solve complex technical puzzles and real-world security incidents across various cybersecurity disciplines.
The Splunk BOTS team placed first, beating out government institutions, banks, and other cybersecurity companies from Singapore and beyond. Meanwhile, the HTB CTF team ultimately placed 11th out of 374 teams competing from all around the globe—putting them in the top 3% of global competitors!
To wrap up an amazing year of hackathons in 2021, the cybersecurity team came away with its best showing yet at the MetaCTF in early December, placing third overall out of 623 teams of active professionals.
We spoke to ExpressVPN team members Cherlynn, Dave, Walter, and Yordan to learn more about their experience participating in the various competitions and find out why CTFs are both super fun and critical to keeping skills sharp.
A way to benchmark skills
According to Walter, the engineering CTF team at ExpressVPN arose from a desire to learn, compete, and have fun.
“One of our threat hunters asked about joining one of the local CTFs last year. A couple of us from the security and development team came together, and we took part,” he shares. “We did really well—coming in 10th out of 437 teams—earned some cool swag, and learned a ton in the process. From then on we decided to build a dedicated CTF team up formally and got the whole company involved.”
Joining a CTF enables our teams to build their critical thinking skills, which is so crucial when security is one of those fields where "discovery" is 99% of the problem.
"That’s because nobody knows what security issues exist until they are found," explains Dave. "A CTF lets people practice trial and error and discovery skills as well as persistence and perseverance. Sometimes your gut just tells you something doesn’t smell right, and part of a security team’s job is to dig until we either find what smells or reasonably prove that it doesn’t. CTFs help us build those skills so we can use them in the real world.”
HTB challenges simulate vulnerabilities and realistic scenarios, and provide a means of testing and benchmarking the team’s skills against others in various industries. This year’s competition saw teams from 66 countries across cybersecurity, finance, IT, and even e-commerce competing.
One of the challenges required the team to find and exploit a ZeroLogon-like vulnerability to retrieve secrets from a server, a fairly nuanced cryptographic flaw that evaded the best security researchers for decades.
For the cybersecurity team, competing in CTFs is part of its broader team objectives. “We want to compete in at least one competition per quarter. This way, we can continue learning, and exploring new fields to make our organization more secure whilst building trust within our organization as a highly capable function,” says Cherlynn.
At the BOTS competition, the team tackled seven different scenarios to find security threats relating to Kubernetes, AWS, Google Cloud Platform, and Cisco ASA/Zoom, as well as dealing with Advanced Persistent Threat actors on more traditional networks.
Meanwhile at MetaCTF, the team solved a total of 51 (out of 66) challenges and was one of the few teams that managed to solve challenges across all categories comprising forensics, web exploitation, and reverse engineering.
A true team effort
Competition strategy generally involves leveraging the strengths of each team member. The security team even had an open conference call line for team members working abroad to allow for quick collaboration and communication on challenging questions and tasks.
For example, in solving one of the forensics challenges, one of the team members built a Volatility profile for the forensics artifact and handed it to another member for analysis. That team member was more familiar with this scenario and quickly hooked up a library to extract the SSH keys needed to decrypt secret messages.
“It’s gratifying when we’re able to pave the way for another member to complete the challenge,” says Walter.
“In one of the past CTFs we did, one of the developers was stuck on a hardware challenge, and a member of the Red Team found an insecure and outdated component that we quickly used to gain a foothold in the platform. With that initial foothold, the developer could quickly write a piece of code to interact with the service within, and we exfiltrated the flag.”
All in all, knowing how to collaborate with each other in a simulated environment ultimately allows the team to apply these learnings in the real world.
Outranking the competition
At the HTB CTF, ExpressVPN competed with security teams from companies such as Standard Chartered, ING, Orange Telecom, and even IT security consulting firms like Xormatic and Synacktiv. The team ultimately finished 11th out of 374 teams, placing them in the top 3%. ExpressVPN was also one of the few teams that solved 100% of the challenges across the Cryptography, Reversing, and Forensics categories, beating the global average solve ratio (see below).
“The security team at ExpressVPN recognizes that cybersecurity is a hard topic and if you don’t continuously improve it is easy to suffer the ultimate cost. This is why we keep our skills sharp through competitions like these, where we can get live practice and baseline where we can improve and how we can grow as professionals and as a team. These competitions are also an incredible team bonding opportunity and we highly recommend everyone to give them a try,” says Yordan.
Not just cybersecurity
CTFs are an excellent way for people to bond and learn new things because there are different challenges that the average person in cybersecurity might never encounter.
And at ExpressVPN, we don’t just restrict CTFs to our offensive teams. People from our Security Operations Center and Security Engineering teams also join. We've opened our CTF team up to the greater company for some competitions, allowing anyone to join. We’re a security and privacy-focused organization, after all, so we have plenty of people interested in learning and improving their skills.
In fact, at one CTF, someone from the internal apps development team joined in with a uniquely valuable set of skills.
“That developer kicked butt at all hardware challenges!” Dave recalls. “That was fun to watch and helped build valuable relationships between the developers and security teams.”
Hack to the future
“There was a great show of amazing teamwork,” reflects Walter. “A we learn to collaborate with each other in this simulated environment, so we can do better in the real world.”
“There have been plenty of learning points from this competition for our team. We learned how to sift through significant volumes of data and understand hacker activity better," agrees Yordan.
"Having a strategic mindset and visualizing the bigger picture is also a highly valuable learning point in understanding what could have led up to this event being first observed in the logs and what the attackers were trying to achieve."
At HTB, the team spent a whopping 54 hours over one weekend working on the challenges. The team collaborated mainly over Slack, and there were often two people working on problems together.
It’s undeniably a time commitment, but the training, team bonding, and overall enjoyment of the experience make it worth it. Not to mention the trophies and bragging rights!
“At the end of the day, we received hands-on experience in simulated environments that help us to prepare for dealing with real-life incidents," reflects Yordan. "There are always new ways that hackers use to exploit systems, and continuous improvement is key to staying ahead of the curve and protecting our customers, partners, employees, and organization as a whole.”
Looking to join the security team? Check all available positions below and apply today!