In fields like computer science, theory can only take you so far. Hands-on work and practical application of your knowledge is the best way to get a better understanding of the subject. As a high school student, participating in computer science competitions can offer such invaluable hands-on experience. Not only will you test your knowledge but also hone your skills and give you a simulation of real-world challenges. 

One such well-reputed competition is the picoCTF, organized by Carnegie Mellon University's CyLab Security and Privacy Institute.

What is the PicoCTF?

PicoCTF is an annual cybersecurity competition designed for students. Its mission is to offer a hands-on learning experience in a gamified environment, covering various aspects of cybersecurity in the process. It was launched in 2013 by students of Carnegie Mellon University and has since then been hosted by the university, going on to include over 39,000 participants. The competition has options for middle, high school, and college students. In this article, we will be looking at the middle and high school track for students from the US (there are tracks for students from Japan and Africa as well).

All You Need to Know About PicoCTF: Dates, Cost, and Eligibility Criteria

Here are all the important details you need to keep track of:

Dates:

Registration opens: February 1, 2024

Competition dates: March 12, 2024 – March 26, 2024

Winners announcement: Mid-April

Cost: Free!

Eligibility Criteria:

• At least 13 years of age or older (students below the age of 18 need a parent/guardian’s consent)

• Be enrolled in a US middle/high school

• Participate solo or in a team of up to 4 students

• Some programming knowledge could be helpful but students with no prior experience can participate as well

Prizes:

1st place: $3,000 and the opportunity to visit CMU for the award ceremony

2nd place: $2,000 and the opportunity to visit CMU for the award ceremony

3rd place: $1,000 and the opportunity to visit CMU for the award ceremony

4th and 5th place: TCM Security training vouchers

How is the competition structured?

The picoCTF is a computer security competition based on a capture-the-flag framework. As a participant, you and your team will face cybersecurity challenges that must be solved by hacking, decrypting, reverse engineering, or more. Previous challenges have included deciphering encrypted messages, analyzing code for vulnerabilities, or uncovering hidden information in files. On solving the challenge, you will receive a ‘flag’ — a piece of text or code that proves your success. Based on the difficulty of the challenge, you will receive a score for each ‘flag’.

You can then move on to the next challenge. Through this hands-on process, you will learn about six primary domains of cybersecurity including general skills, cryptography, web exploitation, forensics, reversing, and binary exploitation. The platform also has the picoGym, where you can practice your skills by solving similar challenges before the competition.

Top 10 Tips to Win PicoCTF 2024

A large-scale challenge like the PicoCTF can be daunting, but with the right preparation and tools, you can give yourself the best possible chance. Here are 10 tips that can help you win the competition:

1. Understand the Scoring System: The competition’s rules say the team that solves the most challenges in the given time will win the competition. So it’s crucial to manage your time well, focus on speed as well as efficiency, and choose strategies accordingly.  
   

2. Use Official Resources: Since the rules offer no limit to the resources a team can use, make sure you are familiar with all official resources online such as websites like CyberChef, Linux distributions like Kali, and reverse engineering tools like Ghidra. The picoCTF website also offers learning resources including online lectures, video tutorials and learning guides. Additionally, keep track of the latest cybersecurity tools and techniques so you aren’t blindsided when faced with newer elements.
   

3. Look for Solutions to Previous Challenges: Platforms like Github and Medium often have the solutions to past picoCTF challenges. Going through the solutions can offer valuable insights and strategies that you can use for future challenges.
   

4. Find a Good Team: If you aren’t participating individually, your teammates are the most crucial part of the competition. Make sure you collaborate with individuals with skills that complement yours, so together you cover a wider area of cybersecurity. Additionally, look for helpful and cooperative students who can make your team a well-oiled machine.
   

5. Find a Good Mentor: The rules allow an outside advisor to help your team in certain ways while not directly assisting with the challenges. So, make the most of this and find an experienced individual in the cybersecurity field to be your mentor. Their advice, insights, and tools can help you navigate challenges effectively.
   

6. Start Preparation Early: Begin your preparation well in advance of the competition. Early preparation allows you to cover a broader range of topics and build a more comprehensive skill set. You can even participate in smaller competitions to get familiar with the competitive environment.
   

7. Build a Solid Foundation: A solid foundation in the field can ensure you are prepared to take on more complex challenges. So, strengthen your understanding of cybersecurity fundamentals, including cryptography, programming languages, and basic networking concepts. A variety of skills will also improve your chances.
   

8. Document Your Progress: Keep notes on all the different methodologies and strategies you use for different challenges. With proper documentation, you’ll be able to see a broader picture of which strategies work better and backtrack if you need to. It will also help you solve future problems.  
   

9. Practice Regularly: Consistency and practice will take your skills to the next level. You can solve similar gamified challenges on platforms like Hack The Box and OverTheWire to enhance your problem-solving skills. There’s also the picoGym where you can find challenges from previous competitions.
   

10. Collaborate and Learn from Others: Join online forums, communities, or local cybersecurity groups to exchange ideas, seek advice, and learn from the experiences of others. New perspectives and different opinions will help broaden your understanding of cybersecurity.  
    

If you’re interested in pursuing research in fields like cybersecurity or related fields, you could also consider applying to one of the Lumiere Research Scholar Programs, selective online high school programs for students I founded with researchers at Harvard and Oxford. Last year, we had over 4000 students apply for 500 spots in the program! You can find the application form here.

Also check out the Lumiere Research Inclusion Foundation, a non-profit research program for talented, low-income students. Last year, we had 150 students on full need-based financial aid!

Stephen is one of the founders of Lumiere and a Harvard College graduate. He founded Lumiere as a PhD student at Harvard Business School. Lumiere is a selective research program where students work 1-1 with a research mentor to develop an independent research paper.

Image Source: PictoCTF logo