A Capture the Flag (CTF) cybersecurity challenge simulates real-world cyber threats and scenarios. Participants work to find the vulnerabilities in a system, with the goal of “capturing the flag”—usually a piece of information located within that structure. A CTF helps hone cybersecurity skills, fosters collaboration, supports critical thinking, and promotes friendly competition throughout the cybersecurity community.
From 3-5 November 2023, in Bentonville Ark., IEEE CS joined up with the University of Arkansas CyberHogs cybersecurity club to host the IEEE/CyberHogs Cyber Challenge project, a CTF event. Dubbed “RazorHack,” this event challenged participants to gain access to virtualized computer environments, identify vulnerabilities, and perform tasks to earn points.
“The Ozark Computer Society Chapter partnered with the University of Arkansas’ CyberHogs because they had experience in putting together cybersecurity puzzles and put most of the puzzles together for the event,” said Evan Glover, IEEE Computer Society Chapter Chair, Ozark Section. “They’re a very talented group.”
More than 130 people attended the opening banquet event, and 27 teams of three-to-four participants competed in the competition.
The full experience
Organized to convene the full event community and facilitate new connections, the opening banquet brought together RazorHack participants, IEEE Ozark Section members not competing, and guest speakers from organizations including FBI, Fortinet, Arvest Bank, Extra Hop, and Breach Bits. More than 130 guests were in attendance. This set the stage for the events of the next day and the launch of the competition.
As doors opened at 9 a.m. at the University of Arkansas Union Verizon Ballroom, there was a palpable enthusiasm in the atmosphere. Activities kicked off as game masters—those who created the program and monitored the competition—hosted an orientation and officially launched the CTF at 10:30 a.m.
Challenges included network scanning, social engineering, reverse engineering, binary exploitation, and hash cracking. In addition, the Idaho National Laboratory offered an escape room for participants to compete for points. The escape room featured a mix of traditional escape room puzzles and cybersecurity puzzles focused on wireless technologies, RFID, network discovery, and mixed reality. There were also lockpicking tables open that contained locks of varying difficulty that could be completed. Attendees spent 12 hours working to accumulate points, with the event not concluding until 10:30 p.m.
The next day kicked off a bit later at noon, and participants made their way through the activities they hadn’t had a chance to attack the day prior. RazorHack challenges remained open until 4:30 p.m., ensuring adequate time for all participants to complete the activities.
That evening, a formal awards ceremony was held at a closing dinner. A representative from Fortinet presented the grand prize to the “Trojan Horses,” a team composed of University of Arkansas students and graduates, who accumulated the most points at the competition.
Project impact
“RazorHack had a profound impact on the cybersecurity community in Northwest Arkansas,” said Glover. “It connected high school students, college students, businesses, volunteers, and other thought leaders. It was the first time many of the participants had attended a CTF event. RazorHack opened their eyes to another world of opportunities and connections that weren’t available to them before.”
Future plans
Glover remains grateful for the Emerging Tech Grant from IEEE CS that fostered the event and the community it has created.
“I founded this chapter because I wanted a way to fund cool events and connect with other people like me, with a long-term goal of throwing something like RazorHack,” he said. “Winning the grant happened a few months after chapter formation, so thanks to that, I was able to put it together faster than expected.”
The project team aims to continue RazorHack annually and is already planning for the 2024 event.
Henry Schmidt, the lead game master, summed up the event’s success by stating, “This has been such a rewarding experience for all of us. It took hundreds of hours to put this together and we would do it all again in a heartbeat. We learned so much through this process and can’t wait to build off it in the years to come.”
