TRUST matters

April 2024

CTF Chronicles: The HSBC TL CTF 2024

Discover the exciting world of the HSBC TL CTF 2024! Join us as we revisit the thrilling journey of Capture the Flag competitions, where hackers from across the country competed in regional editions held in Pune and Hyderabad. From the intense virtual screening to the final showdown, this collaboration between HSBC Technology India and Trust Lab at IIT Bombay brought to the forefront the best of cyber talent and some amazing teamwork.

Capture the Flag (CTF) competitions are the hacking world’s equivalent of an adventurer’s treasure hunt, blended with the adrenaline rush of a crime investigation. In these high-stakes games of cyber-attack and defense, computer code is the weapon of choice as participants race to infiltrate vulnerable systems, decrypt secrets, and analyze digital evidence – all in pursuit of conquering challenges and capturing virtual “flags.”

In a recent collaboration, HSBC Technology India (HTI) partnered with Trust Lab at IIT Bombay to host regional editions of CTF in Pune and Hyderabad, with HTI as the event sponsor and Trust Lab as the organizer. From the exhilarating highs of registration to the nail-biting tension of the final showdown, the journey of CTF was a rollercoaster ride of epic proportions.

Partnering with top academic schools and leveraging young talent to pursue ideas is a key tenet of HSBC's innovation strategy in the markets we operate in. By collaborating with educational institutes like IIT Bombay, we tap into fresh perspectives and cutting-edge research, enabling us to stay at the forefront of technological advancements and deliver innovative solutions to our customers.

The journey began with a nationwide online screening round in mid-February, where over 800 hopefuls registered to prove their worth. 

The challenges weren’t your run-of-the-mill brain teasers; they were crafted by a four-member Trust Lab student team under the watchful eye of Prof. G. Sivakumar. Picture students huddled over laptops, plotting and scheming to create puzzles that would leave even the savviest hackers scratching their heads. From cracking codes to dissecting digital trails, each challenge was designed to push participants to their limits.

Setting the Challenges

– Nilabha Saha 

Creating a good CTF challenge is a challenge in itself. After all, just making a CTF challenge is not difficult, the curve rises when you don’t want just any CTF challenge, but a good one. What constitutes a good CTF challenge is subjective, but in my opinion, it’s one that teaches something to the solver irrespective of their skill level, has that aha moment that makes the time spent thinking about the challenge worth it, and one that focuses on the security or exploitation aspect to the fullest extent instead of relying on guessing (an unfortunate occurence in multiple CTF challenges these days).

Coming up with a challenge in the intersection of all the three above criteria requires a good bit of work, thinking, and reading up. Sometimes, we take real-life attacks we’ve seen around us and base our challenges on that, those have a direct correlation to real attacks and form some of the most practical challenges.

 

The CTF Challenge Setters from left to right: Khushang Singla, Nilabha Saha, Shubham Roy, Hrishikesh Deshmukh

Sometimes, we take a part of what could be a larger full fledged attack and make a challenge on that; quite often, it’s significantly nasty to get these right.

Overall, CTF challenge making is an experience which teaches one a lot of things CTF solving never would, and, in its own way, it’s extremely rewarding. Making a good challenge requires trying out a lot of ideas and parameters to figure out what might be of most use to an invested solver, and the learning experience includes all those discarded ideas and parameters a challenge solver never gets to see. In the end, the real prize for a challenge maker is to see the effect of their challenge when released to the public. It’s an incredible feeling to realise that potentially hundreds of hands and minds are working on a challenge which is your brainchild. And finally, as the participants give you their feedback on their challenge-solving experience, it’s a very enlightening experience to hear out the ways they tried attacking the challenge, the ideas which worked for them, and the ones that didn’t; and it feels thrilling to know that the challenge, a piece of your mind, ignited so much of thought and innovation across so many minds.

On the day of the grand finale, the scene on Pune’s PICT campus was nothing short of magical. As the participants and the organising team set foot on the grounds, they were greeted by an eager swarm of enthusiastic student volunteers, ready to ensure that every aspect of the CTF event ran smoothly. It was clear that no detail had been overlooked. The volunteers added their own creative flair with a supersized rangoli, perfectly orchestrated photo moments, and a grand inauguration ceremony, showcasing the thoughtful curation of every element.

The Hyderabad student team proved to be formidable partners, matching their Pune counterparts in their efforts to make the event a resounding success. They ensured that the CTF concluded on a high note, filled with celebration and cheer.

At each location, top leaders from HSBC HTI and Trust Lab graced the stage, delivering keynote addresses that emphasized the crucial role of cybersecurity in today’s digital landscape. They encouraged the participants to embrace the challenges ahead and seize the opportunities that awaited them. The inspiring words from these industry leaders added an extra layer of motivation and excitement to the already charged atmosphere.

As the clock ticked down to the start of the grand finale, the tension in the air was palpable. Contestants exchanged nervous glances and fidgeted with their keyboards, their minds racing with strategies and possibilities. But amidst the nerves and the fierce competitive spirit, there was also a strong sense of camaraderie. After all, in the world of cybersecurity, teamwork is key—even if you’re competing against each other.

As the challenges flashed on the screen of Trust Lab’s CTFD platform, the air crackled with the sound of furious typing and the occasional triumphant cheer.  Team members  huddled together, their faces illuminated by the glow of their screens, as they exchanged ideas and strategies in hushed whispers. The clock ticked relentlessly, urging them to push their limits and capture those elusive flags. The challenges were not for the faint of heart, but the contestants rose to the occasion, showcasing their technical brilliance and creative problem-solving skills.

The stakes were high, with a total prize pool of INR 1.5 lakhs up for grabs. The top three positions in each city would walk away with cash prizes, while six consolation prizes were also on offer. But the rewards went beyond mere money; the winners had the chance to catch the eye of HSBC, with potential job or internship opportunities beckoning on the horizon.

Congratulations to all the brave souls who embraced this adventure, from the wide-eyed newcomers to the seasoned veterans.

Winners of the CTF Pune finals:

First Position | Team PIE & ASLR | AJAY SK
Second position | Team Quark | Harsh Patil & Gourav Suram
Third Position | Team 0xC0000005 | Siddh Shah & Vedant Farkade

Consolation Prize
Team CodeXplorers | Kartik Soneji
Team TTY_L4T3R | Sharez Shaikh and Rhea Rajput

Winners of the CTF Hyderabad finals:

First Position | Team ScareCr0w | Sanjay Vardhan Padala & Mohith LS
Second Position | Team $IdlySambar | Lakshmesh Kumar & Arun Balaji
Third Position | Team U3FI | Jayanth Katragadda & Nandu S Pillai

Consolation Prize:

Team OwlAndCat | @Pritham P & Sivasurya M
TeamTh3_Ap0c4lyp5e | Arul Sujith S & Sree Sharvesh S S
Team Byt3_B4nd1t$ S | Mohana Vamsi Sowdepally & Mukesh R 
Team PRIVATE USER | Gurupreet Singh
Team Exiftool | Md Asadullah Abbasi & Yusuf Ejaz
Team Hackwithsonu | Sonu Kumar & Harsh Chauhan

Beyond the numbers and competition, what truly warmed our hearts were the connections made and the collective memories forged. Students from across the nation came together, united by their passion for cybersecurity. The camaraderie, the smiles, the cheers, and the shared moments of celebration were just as memorable as the cybersecurity puzzles they solved.

In the end, the HSBC TL CTF 2024 wasn’t just a competition; it was a celebration of talent, innovation, and the power of collaboration. As the day drew to a close, the exhausted but exhilarated contestants departed from the venue  filled with a sense of accomplishment, knowing they had been part of an unique experience.

Special thanks go to the Pune Institute of Technology (PICT) and the Department of AI at IIT Hyderabad for their unwavering support. And to the Trust Lab’s student team, whose devious challenges added a zing to the competition—they may have driven the contestants to the brink of madness, but we are sure that even the contestants wouldn’t have had it any other way.

 The success of this event not only marked a milestone collaboration between Trust Lab and HSBC but also showcased the wealth of talent across the country.  With plans to expand to major Indian cities and continue pushing the boundaries of cybersecurity education, Trust Lab and HSBC are ready to lead the charge into a new era of cyber warfare. So, buckle up, cyber warriors. The adventure has only just begun.