Carnegie Mellon Hacks and Cracks Its Way to Win at DEFCON 22


October 14, 2014

Carnegie Mellon University demonstrated its cyber prowess at DEFCON 22 by winning the "Capture the Flag" and "Crack Me If You Can" contests. DEFCON, one of the world's largest annual computer security conferences, took place Aug. 7-10 in Las Vegas.

Carnegie Mellon's computer hacking team, the Plaid Parliament of Pwning (PPP), took first place for the second consecutive year in the Capture the Flag (CTF) contest. Globally, hundreds of teams battle throughout the year for one of 20 slots at DEFCON's CTF competition, which has been called the "World Series of hacking."

CTF competitions are computer security war games in which teams solve complex problems by engaging in web hacking, binary reverse engineering, forensics, cryptography and other activities.

"Our team competed against universities and also against large defense contractors. This win is a huge accomplishment for our team," said team adviser David Brumley, an associate professor of electrical and computer engineering and technical director of Carnegie Mellon CyLab. The PPP team qualified for DEFCON for the last three years, and won first place in 2013 and 2014.

The PPP team is part of CyLab's Undergraduate Computer Security Research group, and it consists of 35 members from the College of Engineering and the School of Computer Science. At DEFCON 22, the team was limited to eight members: George Hotz, Ryan Goulden, Tyler Nighswander, Brian Pak, Alex Reece, Max Serrano, Andrew Wesie and Ricky Zhou. The final scoreboard is at, along with replays of the attacks over the entire contest.

"Our first day was a bit rough, but once we got in the swing of things we were able to take the lead pretty quickly," Nighswander said. "I think teamwork is really what gave us an edge and let us work so efficiently together."

A second CyLab team, simply named "cmu," won the Street Division category in the "Crack Me If You Can" contest. In this two-day event sponsored by KoreLogic Security, teams exposed or "cracked" encrypted passwords.

"The students leveraged what they had learned from our research studies to develop their winning strategy," says Lorrie Cranor, the director of Carnegie Mellon's CyLab Usable Privacy and Security (CUPS) Lab, "It is remarkable for a first-time team to win this competition."

- See more at:

Story originally published here.

Related People:

David Brumley

Related Groups:

Carnegie Mellon CyLab