UNB News
News and stories from one of Canada’s top universities

Students make national ‘capture the flag’ cybersecurity competition

Author: Alex Graham

Posted on Dec 13, 2023

Category: UNB Saint John , UNB Fredericton

Photo: UNB's winning team at the CyberSci competition from left to right: Matthew Toms-Zuberec, Jacob Pembleton, Micah Landry, Stephen White, Larissa Thorne.

There’s nothing this University of New Brunswick team likes to do more than get together on the weekends for a round of Capture The Flag (CTF). It's not the schoolyard game where teams try to physically take a flag from each other’s territory and bring it back to their own. In this game of CTF, the playing field is a computer network hosting a series of hacking challenges, and participants seek out the flags, a coveted piece of data.

“The way the challenge is set up, it’s meant to test your knowledge on a specific topic or skill set,” explained Matthew Toms-Zuberec, president of the UNB Cybersecurity Club. “To prove you actually solved the challenge, there’s usually some sort of ‘proof of work’, we call them flags. Hence Capture The Flag.”

Toms-Zuberec, along with teammates from UNB’s competitive cybersecurity team, “Shell We Hack?”, were the winners of the Atlantic region CyberSci national cyber security challenge held in Saint John this November, beating out teams from Dalhousie, Acadia and NBCC.

CyberSci included CTF challenges that tested their knowledge of coding, encryption and network vulnerabilities. The UNB team will head to Ottawa next summer to try to crack the code for winning the national championship.

CyberSci is one of many cybersecurity competitions happening across the region every weekend, where prizes and money are up for grabs to the best competitors. But several big components about CyberSci make it special.

Participants must be 25 or under and part of an officially recognized team. Members of the winning national team get to participate on Team Canada and go to international competitions like the International Cybersecurity Championship and Conference or the European Cybersecurity Challenge, which was in Norway in 2023.

The biggest benefit of competing in any of the challenges, even at the regional level, is the opportunity to meet with local employers looking for new talent. For a small fee, sponsors help pay for the events and get the chance to see potential employees in action, working on real-life challenges.

“They get to interview them at the end,” said Ben McHarg, Atlantic director of CyberSci. He and his team spend months “pounding the pavement” and engaging as many companies as possible.

“The feedback’s been great. Most of our sponsors return each year, making it easier. They see the value in actually getting access to a centralized pool of some of the best resources in the whole area.”

It’s not unusual for CyberSci competitors to walk out of the challenges with follow-up interviews or even job offers. It’s a win for the players and for the industry that gets to retain top talent that’s on the cutting edge of the technology.

“It’s very rewarding,” McHarg said of his work with CyberSci. “It’s definitely a program that helps students, helps industry, helps the whole Atlantic Canada cybersecurity ecosystem.”

Training for this kind of competition is a lot like sports. The Cybersecurity club is like a development team, where anyone from any discipline who is interested can show up and learn from the more experienced members.

There’s also a lot of training and preparation that goes into these competitions, and it’s happening all year round.

“For the past two years, Dal has beaten us, and last year was especially painful because it was with two minutes left. They just got one more solve than we did,” Toms-Zuberec recalled of the team’s previous attempts. “I made it my goal that this year, we were going to win it, no matter what. I definitely made sure we were well prepared.”

Club training coordinator Stephen White plans training sessions every Thursday night from 6:30 to 8 using online platforms that help hackers prepare for these kinds of competitions. Toms-Zuberec said he’s had students from disciplines ranging from the sciences to philosophy show up to the sessions and use the materials provided, and their own drive to become serious cybersecurity competitors.

“We call it zero to hero, where you start out knowing nothing, and we just toss you into the environment and give you the proper resources to learn, and then they just grow.”

Recruitment is a big part of the club’s game plan, according to member Larissa Thorne. Last year, the past president, Grace Kiely, went class to class in the computer science and engineering departments, singing a recruitment rap to bring more people to the club.

“It actually recruited a decent amount of people,” Thorne said. “She would do that in between classes. But this year, going to the clubs and societies fair, and there was one we did at the library as well, a few students from other disciplines and programs have come, which is amazing!”

Those new perspectives and fresh eyes on challenges can help make those last-minute solves that win competitions.

“Usually, they base the challenges on current events and new vulnerabilities that have just been found. It’s important that you keep up with general software and security news,” Thorne said.

“Even though it’s a competition, no one is competitive to where they won’t talk to other teams. Everyone is super interested in how you solve this or solve that, because there are so many different approaches and different ways you can solve all the challenges. Even though it’s not the intended solution there’s always workarounds that people find and they’ll discuss after.”

As for the competition itself, Thorne said that while it can be a bit of a pressure cooker, ultimately, it’s a great learning and networking experience.

“It’s totally fun!”