picoCTF hacking competition returns for its 11th year

From March 12–26, thousands of participants competed in the picoCTF competition hosted by Carnegie Mellon University’s CyLab Security and Privacy Institute. The more than 18,000 participants ranged from middle schoolers and their teachers to undergraduate university students. 

picoCTF’s first hacking competition took place in 2013, and featured around 6,000 participants. Eleven years later, it is now one of the most well-known hacking capture-the-flag competitions in the cybersecurity industry.

picoCTF includes challenges across several disciplines, including forensics, cryptography, reverse engineering, web security, and others. Challenges are designed by faculty, staff, and students from Carnegie Mellon University, many from the internationally acclaimed hacking team, the Plaid Parliament of Pwning.

Participants have to beat the challenge in order to find the answer, or “capture the flag,” and the challenges progressively become harder as the competition advances. All teams who manage to capture a challenge’s flag receive the same number of points in reward, regardless of how quickly it takes them to solve each individual challenge.

“Our goal is to encourage everyone, even new people with no background in it, to try cybersecurity,” said Megan Kearns, picoCTF Program Director.

After the 2018 competition season, participants reached out to Kearns asking for the challenges to be kept open so they could practice. This led to the picoCTF team developing picoGym, a noncompetitive space to practice hacking and cybersecurity techniques.

picoGym’s challenges consist of samples from previous years’ competitions, along with new challenges to solve. In addition, the picoCTF team hosts YouTube tutorials on cybersecurity practices for students and teachers.

The competition is an optional part of the picoCTF programming, and participants must register to compete in the weeks leading up to its launch. While this year’s competition involved an impressive 18,000 people, the platform as a whole boasts over 600,000 active users across the world throughout the year.

While most participants are based in the United States, picoCTF also serves a robust international community. Japan and Africa have their own regional leaderboards for the competition, which has helped to develop more robust young cybersecurity communities in these areas.

It’s easy to get involved, since signing up for an account on the picoCTF website is free and open to all. In order to stay accessible, the program mostly receives funding though sponsorships and grants.

picoCTF is established and widely known for its reputation as the place to begin learning about cybersecurity and capture-the-flag competitions.

Megan Kearns, Program Director, picoCTF

According to Kearns, the expansion of picoCTF into a year-round program was “how we blew up to what we are today.” Now, picoCTF is well-known in the field: Kearns always finds engagement at conferences, and students make connections with prospective employers through their shared experiences of picoCTF. This has resulted in a community built around cybersecurity.

“picoCTF is established and widely known for its reputation as the place to begin learning about cybersecurity and capture-the-flag competitions,” said Kearns. “Come in anonymously, play at your own place, and build up skillsets.” And it grows every year as it succeeds in its mission to introduce cybersecurity to a new generation of programmers.

Check out a list of this year’s competition winners below:

U.S. Undergraduate Individual Leaderboard:

• 1st place: enzocut
• 2nd place: obafgkm
• 3rd place: flocto

U.S. Undergraduate Teams Leaderboard:

• 1st place: gheeeedra
• 2nd place: UCSD SHS
• 3rd place: Open Parenthesis Colon

U.S. Middle/High School Teams Leaderboard:

• 1st place: smiley-face cartel
• 2nd place: les amateurs
• 3rd place: rip rythm