KTH Students compete to become the best hackers in the world

Published Aug 08, 2023

535 teams participated in this year's qualifiers for the world's most prominent hacking championship, with only 12 advancing to the finals at the DEF CON conference in Las Vegas. The team includes six KTH students.

During the world's largest cybersecurity conference, DEF CON in Las Vegas, the competition known as the World Hacking Championship takes place. This year, it will be held from 11–13 August. Erik Mickols, Mattias Grenfeldt, Leopold Hermansson and Karl Lindblad are four out of six KTH students competing.

Update: the results

Norsecode placed 6:th at the CTF finals i Las Vegas 2023. This is the teams' best DEF CON placement ever. So far.

To determine the teams that will participate in the finals, a 48-hour-long qualifying round with various challenges is held. This year, 535 teams participated in the qualifiers worldwide, with 50 to 200 hackers in each of the top team.

DEF CON

The DEF CON cybersecurity conference started in Las Vegas in 1993. Approximately 30,000 people participate each year.

Every year, the bar is raised higher for qualifying for the finals. It is difficult for new teams to enter. The tasks are incredibly challenging and time-consuming for smaller teams. That's why super teams are formed by merging several teams into one. The students from KTH, together with other teams from the Nordic countries, have formed Norsecode, consisting of around 100 hackers.

"We went to Copenhagen to compete in the qualifiers alongside people from Iceland, Denmark, Norway, and Finland. Two hours before the end, we hadn't qualified. Then we solved several challenges quickly and made it through. The team was ecstatic," says Mattias Grenfeldt.

Attack and defense at DEF CON

The competitive form of hacking is called Capture the Flag, CTF, where teams of hackers compete to solve challenges and collect flags to prove that the challenge has been solved.

Within CTF, there are two main competition types. One is called Jeopardy, with several challenges divided into categories like the quiz show. The other is called Attack and Defense, where all teams control the same type of computer systems, and the challenge is to defend their systems while exploiting the opposing teams. The finals at DEF CON are an Attack and Defense competition.

"It's about finding vulnerabilities, exploiting them in other teams while fixing your own," says Erik Mickols.

In addition to eternal glory and lifetime access to DEF CON, winning is prestigious to have on one's resume. The competition is highly regarded in the cybersecurity industry.

"It also shows that you can work under pressure, in a team, and quickly learn new things," says Leopold Hermansson.

Exchange between studies and competition

KTH's hacking society is called RoyalRoppers. They often organise gatherings for their members and have outstanding achievements in national and international competitions.

RoyalRoppers

RoyalRoppers comes from Return Oriented Programming, ROP, an exploitation technique for reusing small parts of a program's code to write new programs within the program itself.

"There are competitions almost every weekend. For example, from Google, the Security Service, Military Intelligence and Security Service, and the Swedish Defense Radio Establishment. Current events often influence the competitions," says Grenfeldt.

One of the tasks in the qualifiers was to trick ChatGPT into revealing what it was programmed not to disclose. Many of the challenges are based on new research.

"One of the best things about competing in hacking is that you learn quickly in a fun way," says Karl Lindblad.

The foundational knowledge used in hacking comes from their studies at KTH, and what they learn in competitions can be applied to their studies and vice versa.

"The courses in digital design, operating systems, and compiler construction have been the most rewarding in understanding how computers and programs are built. It makes solving the competition's challenges easier," says Erik Mickols.

Karl Lindblad adds, "I can learn to approach problems in new ways during the competition, recognise patterns in problems and solutions, and gain an advantage in my studies."

KTH students participating in the team

Leopold Hermansson: studying master’s programme in Engineering Physics, starting the Machine Learning programme in the autumn semester of 2023.

Erik Mickols: studying Cybersecurity master’s programme.

Mattias Grenfeldt: studying Computer Science master’s programme, Security and Privacy track.

Karl Lindblad: studying master’s programme in computer science, starting the Machine Learning programme in the autumn semester of 2023.

Find out more and join the hacking team at RoyalRoppers .