Everything You Need to Know About CMU's PicoCTF Competition
As our digital age advances at a breakneck pace, cybersecurity is a subject that’s gaining more attention and specialization. As a high school student interested in computer science, cybersecurity is a great field for you to specialize in if it captures your interest.
To this end, competitions like CMU's PicoCTF are an excellent opportunity for educational growth, practical experience, and college application enhancement. This blog covers how this competition can significantly set your application apart, by building and proving your problem-solving capabilities, core cybersecurity knowledge, hands-on experience and showcasing your dedication to advancing your skills.
What is CMU's PicoCTF?
PicoCTF, offered by Carnegie Mellon University (CMU), is a cybersecurity competition for middle and high school students that gamifies the learning process through engaging challenges. In it, you will have to reverse engineer, break, hack, decrypt or investigate viable solutions to solve a series of challenges. The CTF stands for “capture the flag”, the specific type of cybersecurity competition where you’re given challenges across a number of categories, each yielding a string or “flag” that is then submitted for scoring.
It was created by CMU with the aim to provide educational insights into cybersecurity in a legal and ethical manner for students at various levels, from beginners to those seeking to master the field. Through innovative platforms like the picoGym and the picoPrimer, it offers a comprehensive suite of learning and practice tools. These resources are designed to guide you through the nuances of cybersecurity, making the competition not just about winning but about gaining a solid understanding of security principles.
Is PicoCTF prestigious?
The prestige of PicoCTF lies not only in its association with CMU, one of the nation’s top institutions in several STEM fields, but also in the depth of its challenges. The competition offers a unique platform to test and expand your skills - applying knowledge in a practical, real-world context, challenging you to think critically and creatively. Winning or even participating in it demonstrates a commitment to learning and an ability to tackle complex problems—qualities that are highly valued in both academic and professional spheres.
Aside from being eligible to win thousands of dollars, it can also help you in securing placements in top universities or even landing roles in leading tech companies. The previous iteration of PicoCTF in 2019 boasted over 39,000 participants, and the competition is sponsored by such names as Boeing, Ford, General Motors, SAP, CISCO, and the National Security Agency.
Who is eligible to participate?
To be able to participate in PicoCTF, you must:
Be at least 13 years old.
Be enrolled in a US middle or high school.
Either form a solo team, or with up to four other eligible participants from other US middle/high schools.
How does the application process work?
Applying for PicoCTF is quite straightforward - registration opens on February 1, and spans a dedicated competition period from March 12-26, 2024. You can form a team of up to 5 players, and it involves registering together and agreeing on a team name. This applies even if your team consists only of you.
There is no enrollment or registration fee whatsoever, PicoCTF is fully free to participate.
How is PicoCTF structured?
Through its two-week competition period, PicoCTF presents a series of challenges, each designed to test different aspects of cybersecurity. These challenges range from cryptography and binary exploitation to web exploitation and forensics. Solving these challenges requires a blend of technical skills, logical thinking, and creativity. You will have to decipher codes, find vulnerabilities in systems, and secure or exploit software, mimicking the tasks of real-world cybersecurity professionals. Note that the competition is asynchronous. The problems are provided in series on the PicoCTF platform, and you and your teammates can spend as much or as little time as you need on it during the challenge period.
Scoring in PicoCTF is based on the complexity and difficulty of the challenges solved. Each challenge is assigned a point value, with more complex challenges offering higher points. The speed of solving challenges also plays a role, with faster solutions potentially earning bonus points. The ultimate goal is to accumulate as many points as possible within the competition period, with the top scorers and teams receiving special recognition and prizes.
7 tips to help you win
Use the resource library: PicoCTF has a vast library of online resources covering every aspect of computer science and cybersecurity that is tested in this competition. The most important of this is the PicoPrimer, a massive document that painstakingly covers every single topic relevant to the challenge, and that should be your go-to at all times.
Then there are dedicated sections on general programming, cryptography, web exploitation, forensics, binary exploitation and reversing. There are also some highly valuable YouTube videos that provide detailed explanations of previous year challenges, as well as a list of external resources. This page should be your top priority for bringing yourself up to speed and practicing in your free time. Mastering these fundamentals will dramatically increase your chances of success.
Leverage the picoGym: The PicoGym is a tool you can use to build your CTF skills using mini-competitions that simulate the main event, while keeping track of how much your score is improving each time. You can freely use this once you’ve registered on the PicoCTF website, and in conjunction with the resource library mentioned above, it is without a doubt the most important tool at your disposal to maximize your chances of winning.
Work with a teacher / mentor: As you may have surmised, PicoCTF is an intense competition that covers several highly advanced topics in computer science. Securing the help of a teacher or a mentor who can guide you in structuring a lesson plan, helping you stay consistent, and most importantly help you master the required topics is quite helpful. Teachers can even create classroom dashboards so that you and your team can practice together in an efficient and effective fashion, which brings us to the next tip.
Develop team synergy: While you can participate individually, the large syllabus and complex topics mean that you’re much better off working with a team. It is important to ensure that your team's skills are complementary, allowing all of you to tackle a broader range of challenges effectively and rapidly, as both accuracy and speed are of the essence in securing a good score.
Have a strict time management strategy: Two weeks may seem like a lot, but the time will fly by as you start working on the CTF challenges. Working with your mentor and teammates, you should be ready with a coherent strategy on how to approach the challenges. Prioritize challenges that match your strengths, have team members specialize and dedicate themselves to each sub-topic, and have a strict schedule in place that will allow at least one person to be working on the challenges at almost all times.
Don’t stop learning: The whole aim of PicoCTF is to ensure its participants are constantly learning, practicing and advancing their skills in cybersecurity. What this means for you is that you should be spending every spare moment practicing in the PicoGym, poring over the resource library, or brushing up your concepts in the PicoPrimer. There is also a Discord and a Facebook group that you can and should join to engage with other people in the same boat as you, hopefully learning from your exposure.
Be prepared for roadblocks and failure: When the competition is this intense, there are bound to be some setbacks. Keep your morale up and don’t lose heart. Not every challenge will be instantly clear, and some might be real headscratchers. Remember that even in a worst case scenario, you can always come back stronger, more prepared and wiser next year, as there’s no registration fee.
If you’re looking to build unique projects in the field of AI/ML, consider applying to Veritas AI!
Veritas AI was founded by Harvard graduate students, and through the programs, you get a chance to learn the fundamentals of AI and computer science while collaborating on real-world projects. You can also work 1-1 with mentors from universities like Harvard, Stanford, MIT, and more to create unique, personalized projects. In the past year, we had over 1000 students learn data science and AI with us. You can apply here!
Image Source - PicoCTF Logo