The Bushwhackers team from Russia has won the final of Kaspersky’s Capture the Flag (CTF) competition, which ran across two rounds and attracted more than 840 participating teams from over 80 countries. A US$18,000 prize pool was awarded to the winning teams during the finals, held as part of Kaspersky’s Security Analyst Summit (SAS) 2024 in Bali on October 22.
In May 2024, the CTF qualifier drew 846 teams from around the globe. During this stage, participants faced 25 complex tasks, with only 119 teams managing to solve at least one challenge. The qualifier included diverse categories such as reverse engineering, binary exploitation, web security, forensics, steganography, and programming. Several tasks were inspired by real-life research conducted by Kaspersky’s global centers of expertise, including Global Research and Analysis Team (GReAT), Industrial CyberSecurity (ICS) CERT, and Threat Research teams.
The top eight teams advanced to compete in finals, including Bushwhackers (Russia), C4T BuT S4D (Russia), thehackerscrew (international), and P1G SEKAI – a collaboration between two professional teams, r3kapig (China) and Project Sekai (International). The Top-1 Indonesian team SKSD, as well as the Top-1 Japanese BunkyoWesterns, also took part in the competition.
The Attack/Defense final was a test of both offensive and defensive skills. Each team was given a vulnbox — a virtual machine running vulnerable services. The objective for each team was to identify vulnerabilities, patch them to defend their services from other teams' attacks, while also developing exploits to attack others within the network. The team’s score was multiplied by their SLA (Service Level Agreement), reflecting the time their service remained operational and fully functional. The entire infrastructure was hosted in the cloud, reflecting a modern approach to service management.
While
the winning Bushwhackers team received $10,000, the runner-up teams — P1G SEKAI
(international) and C4T BuT S4D (Russia) — received $5,000 and $3,000
respectively for second and third places.
“It’s an incredible feeling to win this year’s SAS CTF! The competition was intense, and every challenge pushed us to think critically and act fast. Competing in such a prestigious event alongside participants from all around the world has been an unforgettable experience. We had to stay focused, collaborate closely, and adapt to new situations constantly, even though the ocean view was distracting us all the time,” commented Maxim Malkov, head of the Bushwhackers team, the winners of SAS CTF 2024.
“This year's Capture the Flag competition has once again proven the incredible skill and dedication of the global cybersecurity community. The tasks presented were not only complex but directly connected to the real-world challenges that organizations face today. As cyberthreats continue to evolve, competitions like this help push the boundaries of what is possible in defending against them. We are proud to host an event that fosters collaboration and innovation, and we look forward to seeing how the solutions and ideas generated here will shape the future of cybersecurity,” says Igor Kuznetsov, Director of Kaspersky’s Global Research and Analysis Team (GReAT).
In addition to competing, the finalists attended SAS 2024 as full participants, gaining access to cutting-edge talks and networking opportunities with leaders in cybersecurity.
SAS CTF is an international competition for cybersecurity experts, running alongside the Security Analyst Summit from October 22-25, 2024. Established in 2009, SAS is considered one of the most important events in the cybersecurity calendar for many professionals and researchers.
For more information about the Security Analyst Summit 2024 please visit the official site.