At Levi9, the Secure9 conference is traditionally held every year, featuring a competition called Capture The Flag (CTF9) – dedicated to cybersecurity and representing one of the most interesting formats for testing technical knowledge and creative problem-solving among levininers.
At the last competition, the team “We only want your cookies” (Dunja Maksimović, Kosta Aćimović, and Mirko Tomić) won first place. Because of this, we took the opportunity to ask them about their impressions from the competition, as well as their thoughts for this year.
Challenges and atmosphere
The competition lasted four hours, and the tasks covered various areas of application security – from web applications, scripting, HTTP/REST protocols, PHP and Python, to databases. According to Mirko, for whom this was his fourth CTF9, the tasks ranged from easier to really difficult and covered multiple areas of application security.
“The tasks were well-designed and each had an additional hint that guided us in which direction to think,” explains Dunja. “The best feeling is when, after prolonged thinking and connecting pieces of the puzzle, the ‘aha!’ moment comes and we discover where the solution is hidden.”
For Kosta, who encountered this competition format for the first time, the experience was exceptional. “Thanks to Mirko and Dunja on the team, every task made sense and it actually seemed like the answers were always right under our noses – although it didn’t seem that way at the start!”
Motivation for participating
“You don’t need to be an expert to participate,” says Mirko. “What’s important is to try and learn from each challenge.” He adds that for those who want to prepare, there are plenty of free resources such as PicoCTF, HackerDNA, and Natas. CTF competitions are an excellent opportunity to gain important knowledge about security vulnerabilities in web applications and APIs, how to recognize them, and along the way get acquainted with new technologies.
“CTF combines technical knowledge with the experience of an escape room, which makes it a unique experience,” says Dunja, who warmly recommends everyone to inquire about the competition: “I recommend colleagues to sign up regardless of previous experience because CTF9 is an excellent opportunity to learn something new and engage your brain in an exceptionally interesting way. It’s also a good opportunity for learning, exchanging experiences with colleagues, and socializing.”
*
Last year, 45 “hackers” from Levi9, alumni, and partners joined forces to solve real-world security challenges in categories such as web, cryptography, and reverse engineering. We are proud of the fact that the atmosphere was exciting, with the right dose of teamwork and competitive spirit. Congratulations to the winning team!
