Two Georgia Tech College of Computing students emerged victorious in the annual DEF CON hacker conference’s Capture the Flag competition, held Aug. 6-9 in Las Vegas.

School of Computer Science PhD students Yeongjin Jang and Insu Yun were members of DEFKOR, a team of 14 security researchers from private industry and Korea University. DEFKOR defeated two-time, consecutive champion Plaid Parliament of Pwning from Carnegie Mellon University for the top prize.

The competition is an attack and defense-style hacking competition. Participants are required to break into other team’s systems and to steal digital flags to earn points. Teams also must defend attacks so as not to lose points. The experience for participants is comparable to real cyber attacks, Jang said.

“One must bypass several security mechanisms running on the latest operating systems and also be skilled in writing attack payload code,” Jang said. “Defending your flag is similar to the required effort in patching security bugs.”

Jang ran DEFKOR’s attack code and collected flags from other teams. Yun was tasked with making security patches to the program to defend against possible attacks from others in the competition. Jang plans to adopt lessons from the experience into his current security research at Georgia Tech.

“The competition highly resembles real cyber attacks,” Jang said. “We learned a lot by studying the cutting-edge technologies used for attacks. Knowledge achieved from the competition can be directly applied to our current security research.”

Jang is currently researching ways to make ‘private browsing mode’ on varied web browsers more private. His goal is to allow users to personally configure their ‘private browsing’ mode regardless of what a particular browser or application supports. He’ll present the research at the ACM’s Conference on Computer and Communications Security in October.

Meanwhile, Yun is currently helping to develop a software bug detector for programmers’ coding errors. The detector automatically extracts general usage patterns contained within software security checks and then detects API misuse by programmers.    

Jang and Yun received the famed ‘Black Badge’ for their team’s victory, which entitles them to lifetime free entry to DEF CON and inclusion in the conference’s Hall of Fame.

“Getting the ‘Black Badge’ is the dream of most hackers in DEF CON,” Jang said.

The victory was Jang and Yun’s first following three attempts.