Serial entrepreneur Paul Graham, known as the father of entrepreneurship in Silicon Valley, once ridiculed programmers who are addicted to programming as "nerds" in the book "The Hacker and the Painter".
They are obsessed with a large number of numbers composed of 0 and 1, creating their own programs around the clock and changing the world at the same time. The Internet has changed people's lives and has become an important part of the world.
There are also such a group of people in China who, as "young people who are obsessed with computer technology", have struggled all the way and deduced a legendary story of my country's cyber security industry.
From barbaric growth to world champion
CTF, also known as Capture the Flag, is the most common event in the cyber security industry. It is closely related to the development of computers and can be traced back to the end of the last century. Among them, DEF CON CTF, the oldest event, is also the most influential event in the world, which can be called the Olympic event in the cyber security industry.
Since the first event in 1996, DEF CON CTF has developed for more than 20 years. While the competition system has become more mature, the difficulty has also risen sharply. At the beginning, it was mainly based on the problem-solving points system. The organizer gave a series of safety examination questions. Each team solves the problems, the more the problems are solved, the more the points will be, and the ranking will be determined by the points.
Now, the DEF CON CTF competition system has been upgraded to a mixed offensive and defensive mode. The participating teams must actively look for the security vulnerabilities of other team’s servers, and they must also pay attention to their own servers when launching attacks. This also encourages team members to do their own things. Work and cooperate with each other.
In the end, DEF CON CTF calculates the score based on the offensive and defensive effects, and adds up with the problem-solving score as the total score to determine the ranking.
The popularity of computers in my country is relatively late, and people are less aware of CTF events. Around 2015 and 2016, only a few teams such as Tsinghua Blue Lotus and Shanghai Jiaotong University 0ops were able to enter the finals of international events.
▲ 0ops team
The late start, the lack of technical atmosphere, and the lack of competitions are important reasons why our teams are unable to achieve results in international competitions such as DEF CON CTF.
Xie Tianyi, the core member of 0ops, was once a "young man who is fascinated with computer technology". He has been tossing about computers since he was a child, and he even unlocked the "Super Mario" game on the computer copy machine "China Learning Machine" by just using the reference manual. However, young people like Xie Tianyi are in the minority after all.
▲ Xie Tianyi
In addition, there is no professional competition atmosphere. According to Xie Tianyi, there are more and better safety test questions to promote the growth of players. For a long time, domestic CTF teams and related personnel have developed in a state of "barbaric growth".
Until the concept of network security gradually became popular, people realized its importance, and the competition was put on the agenda. Around 2015, there have been some CTF competitions in China.
Xie Tianyi is also a member of the trend of this batch of CTF events. As the former captain of the 0ops team, he participated in the Tencent Information Security Competition (hereinafter referred to as TCTF) organized by Tencent in 2017, and issued high-quality examination questions for domestic The CTF team in the field of external security provides a stage and a community for communication and promotion.
Various domestic CTF events have greatly promoted the growth of the technical level of each team. In just a few years, the Chinese team has moved from the finals to the championship stage and won the DEF CON CTF 2020 global championship.
▲Tencent A*0*E joint team won the DEF CON CTF 2020 finals championship
This championship means that those young people who were once obsessed with computer technology have justified themselves, and the country's cyber security industry has transitioned from a barbaric growth to "coming into the house."
Ten years of trees, a hundred years of trees
The big tree in the sky does not grow in a day. The huge trunks and vast branches and leaves are backed by countless watering and maintenance. The DEF CON CTF champion is also the same. The innovative CTF competition provides nourishment for the cyber security industry.
Tencent A*0*E, the champion team that won DEF CON CTF, is inextricably linked to the TCTF competition. Its current captain, Ma Huixin, is one of the players in the TCTF 2019 event.
It can be said that the Tencent TCTF competition provides a comprehensive and international competition environment for many domestic CTF teams. Take the participating teams as an example. The first TCTF held in 2017 attracted nearly 1,000 CTF teams from around the world. American Shellphish, Hungary! SpamAndHex this famous team.
Competing with CTF teams from different countries on the same stage is conducive to enhancing vision and promoting self-technical growth. More importantly, under the promotion of the organizer, Tencent Security Lab, the first TCTF event won the DEF CON CTF wild card qualification.
In other words, the team that wins the Tencent TCTF event can directly enter the finals of DEF CON CTF, the world's top cyber security event.
Secondly, the Tencent TCTF event is also quite sophisticated in terms of examination questions. As the former captain of the 0ops team and now the technical leader of TCTF, Xie Tianyi, in order to spend nearly a month with the team to adjust and polish the examination questions, and he included him. Basically all have rich experience in overseas competitions.
Even now, Xie Tianyi still often goes out to participate in well-known CTF competitions at home and abroad. While satisfying personal interests, he is also exposed to different types of CTF competition questions to prepare for TCTF competitions.
▲Xie Tianyi today
A good test question is not only a test, but also an exchange between the questioner and the contestant, so that the contestant can truly learn from the test questions and improve their abilities.
Regardless of the examination questions or the competition system, Tencent TCTF competitions have always valued practical ability. It can be a stage for players to practice and prove themselves, and it is also a ticket for countless network security enthusiasts to show themselves and move on to a new journey in life.
Although the TCTF event also emphasizes competition, in addition to the champion who enjoys the most attention, other players and teams can also find new positions. Wu Shi, the head of Tencent Security Coen Laboratory, once said that domestic security researchers are extremely scarce, even Tencent. Once faced with the dilemma of not being able to recruit people.
The problem is being improved. Now half of the new members of the Tencent Security Coen Lab come from TCTF events, and most of the players participating in the events have also moved to the cyber security industry.
In addition to linking talents, TCTF is also attracting more ordinary people, especially young people in colleges and universities, to promote the development of the network security industry. In Wu Shi's words:
Cultivating talents should be a positive-sum game, not a zero-sum game. It is something that requires everyone to participate and work together to do a good job. If you don't dig wells and you just want to drink ready-made water, this industry will not start, and everyone will have no water to drink.
More and more young people are joining the cybersecurity industry
In the book "The Hacker and the Painter", the author Paul Graham gave the reasons why ridicule programmers are "nerds". In his opinion, programmers are often extremely serious and intelligent, and can find unique beauty in huge codes— -Like painters, programmers are also creating great works.
Some of these programming works have provided new life tools, and some have changed the way of life for you and me. It is precisely because of the attraction of great works that programmers are willing to become "nerds" and ignore things outside the window. Concentrate on wandering in the ocean of code.
The major domestic CTF events are just such a window, showing people a variety of works, showing the charm of the code, Tencent TCTF events and the experience of the Chinese team winning the championship, acting as an amplifier in this process.
Thanks to the popularization of the Internet, many colleges and universities across the country have set up corresponding network security majors, which once became a popular major. Students of this major and technology enthusiasts also need CTF events of different strengths.
The Tencent TCTF security competition also thought of this situation. In addition to international competitions for major CTF teams around the world, there is also a "Rising Star Competition" specifically for college teams.
The event not only provides young people with a stage for comparison and self-improvement, but also allows more young people to understand the cyber security industry and even participate in it.
Another major domestic cyber security tournament, XCTF International Cyber Attack and Defense League, has shown a trend of younger generation, and even the proportion of players born after 00 reached 60% of the participants.
Compared with Xie Tianyis, young people now have a higher starting point than their predecessors and have a more comprehensive understanding of the Internet. Driven by events such as TCTF, they also have more opportunities to innovate and move forward.
On September 25th, the annual Tencent TCTF security competition will hold the finals. What kind of story the new and old players will stage to capture the flag is something that people will look forward to.
#Welcome to follow Aifaner's official WeChat account: Aifaner (WeChat ID: ifanr), more exciting content will be provided to you as soon as possible.