A dozen teams competed in cloud, IoT, OSINT, forensics, and machine learning challenges

A Romanian team has ended a run of near misses to be crowned the 2021 winners of Trend Micro’s Raimund Genes Cup.

PwnThyBytes finally topped the leaderboard at the final of the annual Capture the Flag (CTF) cybersecurity competition after finishing second in 2020 and 2019, and third in the 2018 edition.

Chinese outfit Bad Guesser finished second, while Korean team CodeRed – repeating their 2020 ranking – finished in third position.

Breaking the deadlock

Spanning 24 hours across December 18-19, the all-virtual final saw 12 teams from 14 countries competing in 17 infosec challenges in areas such as cloud, mobile, OSINT, forensics, Internet of Things (IoT), and machine learning.

The top two teams were neck and neck for every category bar ‘reversing’, where PwnThyBytes gained a commanding lead.

PwnThyBytes netted ¥1 million ($9,000) in prize money, while Bad Guesser and CodeRed took home ¥300,000 ($2,600) and ¥200,000 ($1,800), respectively.


Catch up on the latest security events news


Players on the winning team also earned 15,000 Zero Day Initiative (ZDI) rewards program points, and PwnThyBytes will be seeded for the 2022 competition.

The final used a ‘dynamic jeopardy’ scoring method, which adjusted point totals based on how many teams solved a particular challenge.

Ten of the finalists qualified via a 24-hour, online qualifying event in September.

‘Crucial enterprise strategy’

“The sheer volatility of today’s threat landscape and the size of the modern corporate attack surface is pushing existing security practitioners to the limits,” said Mike Gibson, vice president of customer success and security research for Trend Micro, an American-Japanese infosec firm.

“In this fast-moving world, organizations must ensure their IT security teams have the right skills for the job. The talented participants in this year's Capture the Flag stand as a strong reassurance about the future.”

Jonn Perez, senior director of vulnerability response and critical support operations for Trend Micro Research, told The Daily Swig: “Overall the event went very smoothly considering the global security world’s laser-focus on the Log4Shell vulnerability, but it provided a fun and educational outlet for both the CTF event hosts and hopefully the competitors.”

Perez said Trend Micro was hoping to revert to a hybrid format – online qualifiers followed by an in-person final in Toronto – for the eighth edition in 2022, after the 2020 and 2021 finals were held virtually via a Discord server due to Covid-19.


RELATED Ukraine hosts large-scale simulation of cyber-attack against energy grid