European Cyber Security Challenge 2016

What is this?

The European Cyber Security Challenge (ECSC from now on) is a competition that gathers national teams to compete against each other in a capture the flag(CTF) styled contest. Think of Eurovision, but with young hackers1.

Every country will select (somehow) their team, which should have 10 members: max 5 seniors (>20 years) and the rest juniors (<=20 years). Romania for example had an online qualifier and the top 5 seniors and juniors were selected to be part of the final team.

I was part of the Romanian team last year also. I didn't write a post about it though because we got 5th place (out of 6) and maybe more importantly, I did not have a blog.


The online qualifiers have nothing to do with the ECSC contest whatsoever. From what I can understand they are there, just to make sure that the selected people have enough technical skills to get through the training.
Personally I like the selection process because it is challenging and fun (please don't change it Bitdefender people). With that said, I want to point out that the tasks could be a bit easier.


So you get selected, now what? The Romanian team does a boot camp (one week - maybe we can improve this?) in which we prepare for the contest (strategies, tools, soparla). We also have team-building activities which we mostly find frustrating because we like the technical stuff.

The major problem with the training is that you never know how the contest will be exactly, thus you try to learn a little bit of everything and in the end, the most valuable skill you have acquired is the ability to improvise.


This year the final was held in Düsseldorf, Germany. As I stated above, I participated last year also (Lucerne, Switzerland) so I can make some comparisons. The organization was good in general and Düsseldorf is a beautiful city (especially the old town) but there were some downsides also:

  • the accommodation was alright at best - we stayed 5 people in rooms of 4, which I guess is alright but also a huge downgrade from last year's Radisson Blu 2 person rooms.
  • the food was okay as breakfast but not as lunch and dinner also (yeah the same food).
  • internet connectivity at the hostel was not good, fortunately Orange had provided us with 4G data connections and we were able to use that.

There were prizes for the winners of the competition, so I could endure all of the above again if there will be prizes next year also (assuming I will be part of the Romanian team again).


The competition itself is a "mixed" CTF that combines attack-defend with jeopardy tasks. The scoring itself is interesting because you get points "per tick" (each tick occurs once every 4 mins) and the amount of point you get is determined by how many challenges you solved, how many flags you stole from other teams, how many flags you lost and so on. Hacking Lab, the guys who organize the contest, improved a lot since last year. We had very few problems2 with the connectivity and the infrastructure in general.

What I liked especially is that every team had a set o speakers on its table and every time you submitted a flag, a predefined music would play (maybe let us choose our music next time though). At some point in time we were scoring so many flags that even the UK team (which was next to us) started enjoying our music.

I played as one of the team's defenders. My responsibility was to provide access (and eventually up-time) to our team's servers as well as monitor the network traffic. Close to the end of the competition I switched to attack since we found a last minute vulnerability for which it was hard to build an automated exploit, so we kind of did it manually.


I proudly announce that Romania took the 2nd place this year, 1st being Spain (these guys trained a lot, they deserved the win imo). It is an honorable place I think, considering there were 10 teams this time. All in all, it was a great experience. Ok bye.

PS: Sorry for the low res photo, probably taken with a potato.


  1. or people that like to think they are.

  2. last year there were a lot of problems.