We ran an interactive CTF challenge at UK Cyber Week!
We brought DevSecOps to UK Cyber Week with some tricky little challenges
Last week, Simon and Melissa headed down to London to exhibit alongside our new amazing partners, Capture The Talent, for the inaugural UK Cyber Week.
With our over-the-top multicoloured zebra shirts ironed and donned, we headed over to the Business Design Centre and found the lovely Capture the Talent team with whom we had spent the day before getting the stand built and prepared. Anyone who visited UKCW will undoubtedly agree that the Capture the Talent stand was pretty darn impressive! And that’s just going off looks. Add in the lockpicking village, escape room challenges, silent stage and all the other cool things they had going on and you have yourself the stand where everyone wants to be. As Punk Security recently became a partner of CTT, we had the absolute honour of being invited to join them on their stand.
If you follow us on LinkedIn or social media, you’ll know that we have been super busy building an epic CTF to celebrate our second birthday on May 4th. We decided that UK Cyber Week would provide an awesome opportunity to treat an audience to a sneak peek at what we’ve been working on. We set up the Punk stand with two terminals, each using a Raspberry Pi 4. Players could choose from four CTF challenges, similar to those you can expect to see in the birthday CTF. The challenges available to players were in vim, git, Jenkins or XSS with them needing to complete just one within around 15 minutes to earn one of the Punk Security flashing badges (more on these here) and to be entered into a prize draw to win some super cool Lego sets.
It is fair to say that we were totally blown away by how many people were up for giving it a go. The two CTF hot seats were occupied from the moment the doors opened on day one to the sound of the announcement on the tannoy declaring UK Cyber Week officially over the following day. In total we had over 50 people trying their hand at least one challenge, with many of those coming back to have a go at the others during the two days. We had people queuing to have a go and spectators watching to see how the challenges played out. Our most popular challenge was vim, with 25 people successfully capturing the flag and our most difficult challenge of all, XSS, being completed by just one person (who spent a while working through it and actually took out his own laptop for better performance and phoned a friend!). Their determination resulted in them being the only one to complete all four challenges!
Our players had a huge range of abilities, experience and ages. Many had never attempted a CTF before and walked away successful, having experienced and learnt something new (as well as becoming proud owners of a flashy badge!). We even had two young budding hackers, age 7 and 9 have a go (with a little help of course!) who enjoyed working through the steps with us as a bit of a story to help understand what was happening in terms that they could make sense of.
It was a pleasure to share a little bit of what we’ve been working on with some of the cyber community and the feedback we received was fantastic. During the two days we identified a couple of bugs that we were able to relay back to the rest of the Punk team who squashed them immediately and are working on some changes to the user login process.
We had the best time working alongside Amy, Shaun and the rest of the Capture the Talent team and hope to return to exhibit at UKCW in the future. Next time we will have to bring more of the Punk Security team so we can visit the other exhibitor stands and make it to some of the many brilliant talks on the various stages!
