August 6, 2024 | Samuel J. Morris
With the Olympics and DEFCON overlapping with each other this year, I started to think about what the “Olympics of Cybersecurity” are; and it just might be the competitions at DEFCON. Although it happens every year compared to every four, hackers prepare themselves year-round and compete in various competitions to earn their team a spot in one of the in-person events that occur at DEFCON. Not only are there the events you need to qualify for, but DEFCON lets everyone in on the fun, hosting numerous capture the flag (CTF) style challenges that any attendee can take a stab at. In preparation for DEFCON, I wanted to write about some of my favorite events from previous years as well as some of the ones I’m looking forward to this year.
Hack-a-Sat
Hack-a-Sat is one of the coolest, most unique CTF challenges at DEFCON. For DEFCON 2023, the Air Force sponsored the event in order to bring interest and help find gaps in aerospace cybersecurity. For the final at DEFCON, a small satellite was built out and put into orbit by SpaceX. The teams were then tasked to craft attacks, find flags, and complete challenges (such as taking a picture with the on-board camera). With the satellite in orbit, the teams were only able to attack during certain periods of time when the satellite was in range. Nevertheless, they were able to take pictures, upload scripts, and even redirect the satellite. Unfortunately, Hack a Sat 5 will not be happening at this year’s DEFCON.
AI
With the biggest buzzword of the year come some of the biggest competitions. AI and chatbot cybersecurity have been a huge topic of concern, and so, DEFCON strives to help find some of the issues. At DEFCON 2023, there were various CTF style challenges against AI chatbots, one of which was trying to make bots say slurs and other profanity. Similar to the Hack-A-Sat being sponsored by the Air Force, the US government and DARPA are sponsoring an AI event this year, with the semi-final being hosted at DEFCON. Last year around this time, the Biden administration announced funding for prizes for AI cybersecurity competitions in partnership with companies like Google and OpenAI. This year’s challenge by DARPA is to design AI to help identify vulnerabilities and secure code.
Car Hacking
I know we all worry about self-driving cars acting without orders and driving into things. This year’s DEFCON aims to help ease (or confirm) those concerns. This year DEFCON will host an AutoDriving CTF where participants will try and upload malicious patches, inject scripts, etc. into cars with self-driving features. Car hacking is no new thing and has been around for decades but there is a difference in being able to turn on or unlock a car with hacking and being able to control it like a RC car.
Layman CTFs
I’ve mentioned some of the big competitions that have happened or are going to happen. But what is always exciting is watching regular attendees take a stab at the CTFs and hacking challenges available to all. Some of my favorite ones of the past are the Starlink CTF, Biohacking CTFs, and it is always fun to figure out the secrets of the yearly badge. I look forward to looking back this time next year and seeing what is in store for DEFCON 2025 (hopefully Hack-a-Sat 5).