Carnegie Mellon hacking team finishes 2nd at DefCon

Daniel Tkacik

Aug 9, 2021

PPP team member — **Source:** CyLab

A member of Carnegie Mellon’s hacking team, PPP, competes in the DefCon Capture the Flag competition in 2015. This year, the competed remotely.

Carnegie Mellon’s hacking team, the Plaid Parliament of Pwning (PPP), placed 2^nd this weekend at the annual DefCon cybersecurity conference’s Capture the Flag competition, widely regarded as the “Olympics of Hacking.”

“These are Olympic-level hackers who come from across the world to show their skills,” said Zardus, a pseudonym of a hacker who helped organize and run this year’s competition, at the DefCon closing ceremonies on Sunday.

As cybersecurity threats continue to grow and countless attacks make the daily headlines, competitions like DefCon's digital Capture the Flag give an opportunity for the most talented cybersecurity engineers to measure up against one another and learn about new techniques.

These are Olympic-level hackers who come from across the world to show their skills.
Zardus, pseudonym of a hacker who helped organize this year's competition

Over the course of the 72-hour hacking spree, teams of hackers worked to steal digital flags from their opponents’ computer servers while simultaneously trying to protect their own. Sixteen qualifying teams took part in this year’s competition, representing China, Israel, Italy, Romania, South Korea, Sweden, Taiwan, and the United States. Some teams participated in-person at the conference venue in Las Vegas, while others—including PPP—participated remotely.

DefCon scoreboard — **Source:** @oooverflow

The battle was absolutely fierce with the teams competing across several domains: web, bare metal ruby, network devices, and hyper visor escapes!

PPP was in 2^nd place overall heading into Sunday, with 693 points to team Katzebin from China with 783 points. On the final day of competition, all teams’ scores and placements were intentionally hidden by the organizers, sending everyone into a hacking frenzy.

“There was this war of attrition. Exploit after exploit, stealth attacks, strategic disclosure of vulnerabilities,” said Zardus. “It was wild.”

PPP came up just short of the top spot by the end. Katzebin finished with 869 points, besting PPP’s score of 825. While only 44 points separated first and second place, the third place team, Tea Deliverers from China, finished 274 points behind PPP with a score of 551.

PPP first formed in 2009 and began competing at DefCon in 2010. The team previously won DefCon titles in 2013, 2014, 2016, 2017, and 2019.