Every August more than 20,000 of the world’s best hackers come to Las Vegas to battle in one of the biggest cyber wars at DEF CON. This year a joint team of hackers from Georgia Tech and South Korea won the competition.

For three days, teams competed in a hacking version of capture the flag (CTF). A team wants to get control the server while patching its vulnerabilities and attacking the 23 other teams with their own exploits. With each successful attack, the team captures a flag. The team with the most flags at the end wins.

The winning team, DEFKOR00t, is a union of DEFKOR and r00timentary. DEFKOR is a South Korean CTF team and r00timentary is from the Systems Software and Security Lab in the School of Computer Science. r00timentary team members include Assistant Professor Taesoo Kim and his Ph.D. students Insu Yun, Wen Xu, Soyeon Park, Jinho Jung, master’s student Po-ning Tseng, and alumnus Yeongjin Jang.

Putting together a team

The Tech team first formed in December 2016, holding weekly study groups to discuss new hacking techniques and playing CTF every month. Classes at Tech also complemented their knowledge base.

“The Information Security Lab class helped me to learn how to exploit and patch vulnerabilities through its intense curriculum,” said Jung.

Their hard work paid off when they qualified to compete in CTF’s final event in May and decided to join DEFKOR to be the most competitive team. r00timentary was adept at keeping the server secure by building automatic systems for managing attacks, finding vulnerabilities in services, patching, and analyzing other teams' attack. DEFKOR had one of the best hackers in the world on their team, Jung-hoon Lee (a.k.a. Lokihardt).

“Since he creates exploit code when other teams don't even identify where vulnerabilities stay, we gain much more attack points in CTF,” said Jung.

Teamwork enabled DEFKOR00t to tackle CTF in a strategic way. Team members split into several small units, including attack, patching (defense), fuzzing (assisting attack), King of the Hill (a specific game in the CTF), and maintenance. By combining DEFKOR’s hacking prowess with the research skills of r00timentary, DEFKOR00t was able to climb the rankings to first place.

Real-world research

Competing in a hacking competition is about more than just prestige. It’s a chance to use research in a practical way and find new fields of study.

“It's a three-day all-in-one cybersecurity lecture during which we can demonstrate our attacks, learn from the other's top-secret attacks by detecting them, and finally make our system secure by defeating such attacks,” said Jang. “DEF CON CTF is where the state-of-the-art techniques are required and demonstrated.”

Jang has been competing in CTF competitions since 2008 and even won third in the 2010 DEF CON CTF, the same year he started a Ph.D. in cybersecurity at Tech.

“The skillsets that I have obtained over the course of CTF games — reverse engineering, program analysis, exploit development, hardening programs (patching) — all enabled me to successfully finish my Ph.D. study at Georgia Tech,” he said.

The combination of his studies at Tech and the real-world experience helped him rise in the field and led to his current role as an assistant professor at Oregon State University.

But for Yun and his teammates, DEF CON CTF is also a way to take a break from research.

“I just want to enjoy games, and winning the game is the second goal,” said Yun. “I just do this for fun.”