Carnegie Mellon hosts 10th annual picoCTF Hacking Competition

Ryan Noone

Apr 7, 2023

On March 14th, hackers from around the globe flocked to as Carnegie Mellon University’s 2023 Capture-the-Flag competition kicked off.

In its 10th year, picoCTF saw more than 18,000 middle, high school, and undergraduate students who worked through 45 progressively difficult challenges.

“We take great pride in the ongoing growth of picoCTF,” says Program Director Megan Kearns. “The competition started as the go-to beginner-friendly CTF for high school students, and we are now delighted to witness a surge in participation from a broader age range of students.”

Many of the competition’s challenges were developed by members of Carnegie Mellon’s internationally acclaimed competitive hacking team, the Plaid Parliament of Pwning. The team has won first prize in numerous prestigious competitive hacking events, including six of the last ten DEFCON Capture the Flag competitions.

While many of this year’s picoCTF competition participants were from the United States, the event saw thousands of international students, demonstrating picoCTF’s commitment to expanding its global outreach. Several countries, including Africa and Japan, have leveraged Carnegie Mellon’s competition to help inspire their students to pursue cybersecurity careers by sponsoring picoCTF and hosting country and continent-specific leaderboards.

“The success of the outreach initiatives by our partner sponsors, CMU Africa in Rwanda and Cognitive Research Labs in Japan is evident in the remarkable growth in student participation numbers,” says Kearns.

This year's winners are:

Individual Leaderboard:

  • 1st place: neyccds
  • 2nd place: vEvergarden
  • 3rd place: r0b0ter

Undergraduate Leaderboard: 

  • 1st place: redpwn
  • 2nd place: UofTCTF
  • 3rd place: idk jack

U.S. Middle / High School Leaderboard:

  • 1st place: pb1c_jar
  • 2nd place: crusaders of redpwn jr
  • 3rd place: les amateurs

Although this year’s competition has come to a close, picoCTF’s year-round platform offers users a wide range of educational resources to help individuals gain experience in cybersecurity. The platform offers learning guides and a YouTube lecture series introducing fundamental cybersecurity principles such as cryptography, web exploitation, forensics, binary exploitation, and reversing. Additionally, the picoGym enables users to put their knowledge into practice by providing access to newly released challenges and past picoCTF competition challenges.

“Whether you're an accomplished cyber security professional, seasoned hacker, or new to CTFs, the picoGym offers captivating challenges that can be tackled at your own pace,” says Kearns.

With over 350,000 active users worldwide, the free platform is a gateway into the field of cybersecurity, enabling anyone with access to a computer and the internet to start building their skills.

“Cybersecurity is not something we memorize by reading text. To build the necessary skills, we need continuous practice to sharpen our understanding,” says Hanan Hibshi, an assistant teaching professor at CMU’s Information Networking Institute (INI) and research advisor for picoCTF. “Unfortunately, not every school and country is equipped to provide resources for practical exercises. picoCTF provides the platform for students to practice and sharpen their cybersecurity skills no matter where they reside or the number of resources available to them.”