Carnegie Mellon’s hacking team wins 7th DEF CON Capture-the-Flag title
Ryan Noone
Aug 13, 2023
The winningest team in DEF CON’s Capture-the-Flag (CTF) competition history, Carnegie Mellon University’s Plaid Parliament of Pwning (PPP), was back at it again, as the team defended its title, earning its seventh victory in the past eleven years.
PPP joined forces with CMU Alum and University of British Columbia Professor Robert Xiao's team, Maple Bacon, as well as hackers from CMU Alumni and PPP founders Brian Pak and Andrew Wesie's startup Theori.io (The Duck). Together, the group competed under the name Maple Mallard Magistrates (MMM).
DEF CON’s three-day flagship competition, widely considered the ‘Olympics’ of hacking, brought together some of the world’s most talented cybersecurity professionals, researchers, and students, as twelve of the world’s top teams (who qualified from a field of 1,828 teams) attempted to break each other’s systems, stealing virtual flags and accumulating points while simultaneously protecting their own.
As the number of cybersecurity attacks continues to increase worldwide, competitions like DEF CON’s Capture-the-Flag provide the opportunity for leading cybersecurity engineers to measure up against one another, learning and developing new techniques as they work through various challenges.
Carnegie Mellon students, faculty, and alumni once again demonstrated the University’s prowess in cybersecurity, finishing in the top spot on the leaderboard at the end of days one and two, and holding on in the competition’s final 24 hours to secure the victory. For the win, the team earned eight black badges, the most elite recognition in hacking, bringing PPP's count to 56.
“It feels great to win once again, and the team is incredibly pleased that we built and maintained a lead throughout the entire contest,” said Jay Bosamiya, PPP’s team captain for DEF CON Capture-the-Flag, a Ph.D. student in Carnegie Mellon’s Computer Science Department, and member of CMU’s CyLab Security and Privacy Institute. “Our victory as MMM shows how well our three teams work together.”
“It’s hard to understate the impact our students have in cybersecurity," said David Brumley, Professor in CMU's Electrical and Computer Engineering Department. "Aside from DEF CON, CMU students were the first to hack a Tesla and the iPhone, have founded multiple successful companies like Theori, ForAllSecure, and Comma, and have become professors at top universities. Graduates of CMU's cybersecurity programs are simply among the best in the field, and DEF CON is just one very specific way that proves it.”
PPP was first formed in 2009 and began competing at DEF CON in 2010. The team’s previous wins came in 2013, 2014, 2016, 2017, 2019, and 2022, with second place finishes in 2015, 2018, 2020, and 2021. The team runs and competes in several cybersecurity competitions each year, and recently defended its title at the MITRE embedded Capture-the-Flag event (eCTF).
Members of PPP contribute to Carnegie Mellon University’s annual student-focused hacking competition, picoCTF, developing challenges of varying levels of complexity. picoCTF has long been the go-to CTF for middle and high school students looking to build and hone their cybersecurity skills, and in recent years has expanded to include an undergraduate leaderboard, as well as several country and continent-specific leaderboards.
Home to the CyLab Security and Privacy Institute, U.S. News and World Report’s top-ranked undergraduate cybersecurity program, and several world-class graduate programs and courses, Carnegie Mellon University continues to lead the way in cybersecurity education and research.
For media inquiries, contact Ryan Noone at rnoone@andrew.cmu.edu