T2 Challenge 2018 Winner
This year the annual T2 conference decided that their “challenge” would be a little bit different than previous years. I visited the conference in 2016 after winning a ticket through the T2 challenge and I was very impressed by the high quality of the event. This year the challenge was to submit an application proving “To showcase technical excellence and prove you deserve a free ticket”. Being from Sweden, as anyone who know about Swedish culture, this required en enormous amount of willpower as boasting about your skills is about as un-Swedish as it gets. However, I pushed through an submitted a motivational letter in the form of a classic five paragraph essay. To my slight surprise and great joy, I won the challenge! This means I’m going to the T2 conference next week. I’m really looking forward to it and hope to see you there. Again casting aside my cultural heritage, I have published the text I submitted to deserve this below.
Hello T2!
This is my open application for the T2’18 annual challenge. With this letter I will try to convince you that I’m a suitable recipient of a free ticket for the T2 conference. I will do this by bringing your attention to three of my virtues: great technical skills, a hacker mindset as well as being a contributing force to the hacker community.
Most of my public display of technical skills is related to CTF competitions and other technical challenges. I am a member of one of the world’s best CTF teams, HackingForSoju, in which I have been a big contributor to our results. However, I also compete on my own regularly with multiple great results such as placing 3rd in the Palo Alto Networks LabyREnth reverse engineering competition with a prize pool of $34k[4]. My proudest competition moment however, was at the 2016 T2 conference. I had won the T2 challenge1, the last of its kind, by being the first to solve it. At the end of the conference, I got to present how I reversed a circuit netlist by hand to extract a passcode. This was met applause and a Twitter follow by Mikko (by number one start struck moment to date)2. Speaking of T2 and its crew. I once found myself in a surprise technical interview with Tomi Tuominen which I, without any preparation, would say I handled well.
Finding myself in an unprepared situation and emerging victorious, or at least with some honour intact brings me to my second point, the hacker mindset. A good example of this is a very recent story. Serge “q3k” Bazanski released a hardware CTF challenge on Twitter and after some back and forth I ended up trying to solve it on livestream3. I didn’t know nearly enough about the subject to manage within the timeframe of the stream but persisted. The following week (or at least the evenings) was spent learning about Verilog, low level protocols, RISC-V and formal verification. At the end of the week, I solved the challenge and presented my journey in another stream4. Another similar example was the RHme2 hardware CTF hosted by Riscure. I had no experience with hardware hacking but that didn’t stop me from jumping head first and learning as I went along. By quickly learning about AVR architecture, fault injections and side channel analysis in a fairly short timeframe, I managed to reach 6th place5. This resulted in being interviewed by popular hacking YouTuber LiveOverflow in a collaborative video write-up of one of the challenges6.
A video like that is part of the third and final point I want to bring up: giving back to the community. I have learned so much from a lot of different people and their hard work within the field. I am trying really hard to give whatever I can back to help current and future hackers in their paths. While I’m not doing as much I would like to, I try to write posts on my blog5, and more recently also my YouTube channel7 at regular intervals. I usually publish write-ups from challenges I have solved so that others can learn from it. One post I would like to emphasize a little bit extra is when I reversed some malware filled USB drives found in a parking lot in Gothenburg8. Media started speculating about Russian hackers and being a strong opponent of FUD I felt I had to step in and go to the bottom with it. I also try giving shorter technically oriented talks at conferences whenever I have something interesting to say and is given the opportunity9. Furthermore, after having played in so many CTFs, it was a pleasure to finally be able to host a competition of our own, Midnight Sun CTF. After a great online qualifier, we followed up with a hugely successful on-site finals in Stockholm with both student and pro teams battling. The competition was given top score on CTF Time1011. However, I think all of this is dwarfed by the effort I have, since graduating in 2015, put into running a weekly CTF meetup at my alma mater12. We meet once per week helping each other learn more about hacking and security through CTF challenges and also me giving a presentation on a topic within security. This has been very appreciated and resulted in several people entering a career of security which might not have happened otherwise.
In conclusion, during my fairly short passion and career within security, starting about five years ago, I’ve gone from knowing almost nothing about security to being a skilled hacker and contributing community member. I hope you will find this application to your pleasure and that I have convinced you of being a worthy recipient of a ticket to the T2 conference.
Kindest regards
Calle “Zeta Two” Svensson