As the number of cybersecurity attacks continues to increase worldwide, hacking competitions like DEF CON’s Capture-the-Flag (CTF) provide cybersecurity engineers a chance to measure up against one another, learning and developing new techniques as they work through various challenges.
DEF CON’s three-day flagship competition, widely considered the “Olympics” of hacking, recently brought together some of the world’s most talented cybersecurity professionals, researchers, and students. During the CTF event, 12 of the world’s top teams (who qualified from a field of 1,742 teams) attempted to break each other’s systems, stealing virtual flags and accumulating points while simultaneously protecting their own systems.
In the end, the winningest team in DEF CON’s CTF competition history, Carnegie Mellon University’s (CMU) Plaid Parliament of Pwning (PPP), once again came out on top: PPP won its third consecutive title, its eighth victory in the past 12 years.
PPP joined forces with CMU Alum and University of British Columbia Professor Robert Xiao’s team, Maple Bacon, and hackers from CMU Alum startup Theori.io (The Duck), playing under the name Maple Mallard Magistrates (MMM).
Carnegie Mellon students, faculty, and alumni overcame some early adversity in the competition, finishing in third place on the leaderboard at the end of day one. The team moved up to second place on day two, before pulling away from its closest challengers in the competition’s final hours to secure the victory. For the win, the team earned eight black badges, the most elite recognition in hacking.
“It was exciting,” said Ethan Oh, PPP’s team captain for DEF CON Capture-the-Flag and a recent master’s alumnus from Carnegie Mellon’s Department of Electrical and Computer Engineering. “It was mildly worrying after the first day, but we kept climbing up. After the official portion of the contest ended each day, we quickly identified what needed to be done and who should work on what in order to win.”
PPP was first formed in 2009 and began competing at DEF CON in 2010. The team’s previous wins came in 2013, 2014, 2016, 2017, 2019, 2022, and 2023, with second-place finishes in 2015, 2018, 2020, and 2021. The team runs and competes in several cybersecurity competitions each year and recently won its third straight title at the MITRE embedded Capture-the-Flag event (eCTF).
“Our team’s hard work really pays off,” said Jay Bosamiya, former PPP captain and Ph.D. alumnus of CMU’s Computer Science Department. “Our secret to effective communication within the team is that we are a group of friends who love to hang out with each other, even outside of CTFs.”
Members of PPP contribute as problem writers to Carnegie Mellon’s annual student-focused hacking competition, picoCTF, developing challenges of varying levels of complexity. picoCTF has long been the go-to CTF for middle and high school students looking to build and hone their cybersecurity skills. In recent years, it has expanded to include an undergraduate leaderboard, as well as several country and continent-specific leaderboards.
Carnegie Mellon University is a leader in cybersecurity education and research. The Pittsburgh, PA university is home to the CyLab Security and Privacy Institute, U.S. News and World Report’s top-ranked undergraduate cybersecurity program, and several world-class graduate programs and courses.