group 3

An Adventurous Trip to Skövde, Sweden

intro

From March 26th to April 1st 2023, our group, Dieter Bequet, Sabbe Volckearts, Wout Van Brussel and Raf Coulier participated in an international project in Skövde, Sweden. During this project our security skills were thoroughly tested as we learned to use both the offensive and defensive sides of hacking.

The project consisted of an environment that had to be protected while attacking the environments of the other groups. We received points for every successful attack or defense and lost points every time we were hacked or our services were offline. In addition to all that, we thoroughly enjoyed the beauty of Sweden and made new friends.

reinforcing photo of day zero

Day zero: On the move

On Sunday March 26th, our long journey to Skövde, Sweden began. For many of us it had been a while since we were on a plane, and for some it was their first time. So naturally the nerves were present. Finally, arrived at Stockholm Arlanda Airport, we picked up a rental car and started our ride to Skövde.

In Sweden trains work a bit like planes, with prices varying based on demand so it was more cost-effective to rent a car. It also gave more freedom to explore the area and places around Skövde. After a 4-hour long drive through the beautiful landscape, we arrived in the snowy but cozy Skövde late in the evening. Once settled in the hostel and our beds were made, we set out to explore Skövde city, stopping for a drink in a cozy pub.

reinforcing photo of day one

Day one: The first meet

On the first day, after enjoying a tasteful breakfast, the full group walked to the university where we would be working on the project. The teacher unintentionally guided us into several wrong classrooms before finally discovering the correct one. As it came into view, we made our initial contact with the Swedish students and teachers. Some short introductions and a full explanation of the project were given before it was time to divide into groups and start working.

Each group was given four virtual machines: one with Windows XP and the three others with an old Linux version. These machines hosted a Webshop, two development environments, and an admin center. Our task was to protect, secure, and monitor these machines throughout the week so that the other students could not attack or destroy them. Everything should be available at all times for outside users, which was monitored by the teachers. On this first day, we tried to learn as much as possible about these machines and took note of any security issues found so we could patch them later.

At lunchtime, both Belgian and Swedish students went out to eat to get to know each other. Despite Sweden being notoriously expensive, most restaurants and pizzerias offered affordable student prices at lunchtime, which we gratefully made use of. At 4 o'clock in the afternoon, the Swedish teachers invited us for a brief tour of the campus and Skövde city. The beautiful church in the picture is kind of used as a reference point in Skövde, it is very often used to meet with someone. Because everyone started to get a little bit tired from walking, we ended up at some shops to stock up on food and drinks to re-energize. To finish off our first day, the group went out and had a few drinks at the nearest pub, which lateron changed towards our favorite pub during this trip.

reinforcing photo of day two

Day two: Getting to know the environment

On the second day, before walking to the campus we enjoyed another delicious breakfast with eggs provided by the Swedish teachers. Knowing the Swedish students a bit better, the project tasks were divided and splitted up equally amongst the Swedish and Belgians. This encouraged the most efficient possible way of working. Having some knowledge of the environment from the previous day, the work went a lot more fluent and less hectic.

The plan for this project was to explore and experiment on our own machines the first two days, after which we had half a day to reset our environments and implement fixes, patches, and secure everything we found in the first two days. Finally, on the last days, attacking other groups was allowed and encouraged, which would round up the project. In the afternoon, we worked together to review what everyone had found on their machines and come up with a plan to solve any issues and vulnerabilities. Everything was noted down to ensure quick implementations and adjustments on Wednesday morning.

This day, we worked quite late to make sure everything about our machines was understood and the outcome was not determined by luck alone. That evening, a few students stumbled upon a broken-down car, which we offered our friendly help to and got it back on the road. How that car was road legal and able to ride in the first place is still unclear to us till this day. Finally, after a long day, some beers in our favorite pub closed the day with a big smile.

reinforcing photo of day three

Day three: Let the attack begin

On Wednesday morning, Skövde was covered in a beautiful, white layer of snow which had melted in the previous days. On our way to campus, we all had some fun in the snow and had a big snowball fight. Exhausted and wet, the group arrived on campus and started working on securing everything, as planned the previous days. Every bug, security issue, and weakness that had been found needed to be fixed before one o’clock when everyone would be allowed to attack. As a group we divided up the tasks and assigned who would secure which machine and how. By working closely together as a team, the Belgians came to the realization that the Swedish students had less experience in security and penetration testing than expected, which made it more difficult. However, no one was left behind and everyone managed to help each other and secure the machines just in time.

When the attacks finally started, someone from the other groups quickly discovered that our group had forgotten to change the default password of the database user, which they used to delete our database, leading us to lose some points. After recovering everything and implementing patches, it was our turn to attack and after some time our group had also found a vulnerability in another group, earning us some points again.

Sadly it became clear that some rules were not explained clearly, and it became a DOS (Denial of Service) attack festival which was sometimes a little bit frustrating. At the end of the hectic afternoon, everyone was invited to the student bar for a delicious Swedish meal and a drink in the company of friendly Swedish students and lecturers. During this dinner, we got to know a bit about Swedish student life and heard some of their student songs. As usual by now, the day ended in our favorite pub in town.

reinforcing photo of day four

Day four: The last push before the end

Thursday was the last day of the attacks, so we were giving it our best to earn some final points. At around nine, the hunt for exploitations started again. Some students were still hungover from the day before, but everyone was in good spirits. Our two groups did their best, but sadly did not earn enough points to win the competition, which unexpectedly ended at two thirty o’clock.

We had the afternoon free and some of us decided to visit a beautiful waterfall that was a 30-minute drive from Skövde. Other students used this time to work on some schoolwork or finish assignments that had to be handed in. At nightfall most of the Belgian students went to a super delicious burger restaurant to finish off the day, and then stayed at the hostel to drink because Sweden was getting too expensive and we needed to empty the fridge before leaving the next day.

reinforcing photo of day five

Day five: Goodbye Skövde

On Friday morning, the groups came together to review the leaderboard and saw how the other groups gained and lost their points. The Belgians students also gave their feedback on the project, and of course everyone thanked the lecturers for organizing this interesting and enjoyable project. As the week came to an end, the participating students were surprised with a delicious Swedish Smörgåstårta (Swedish sandwich cake). With this meal, the project was officially over, and everyone was able to leave and go back home. Some students left early because their flights were on Friday, while others stayed a little longer.

In the afternoon, our group left for Stockholm by car to spend another day there. We arrived at the hotel at around 7 pm and took a magnificent walk around the city, ending up in a small pizzeria. One of the sweetest hosts welcomed us, she even offered to call some places to reserve a pool table for us that evening. Sadly, nobody answered the phone, but she still gave us the number of the pizzeria and told us to call if anything went wrong.

Not able to locate a place with available pool tables, the day ended with a fun game of darts.

reinforcing photo of day six

Day six: The last adventure in Sweden

On Saturday, we got to know Stockholm a little better with another beautiful walk through the sunny city center. It was time to return to the airport and get on our plane back to Belgium. As usual Belgium welcomed us by the wet weather, making us miss Sweden already…

We would like to thank “HOWEST” and “The University of Skövde” for this opportunity and for organizing the project. It was a fun and exciting week full of challenges and new things to learn, which we used to fill our toolboxes and come home with new skills and knowledge. This week was perfect to get a grip on how it feels to be under attack and be the attacker on a live system. Finally, thank you for taking time to read this blog, while we are off to a new chapter in our careers.