CSCBE stands for Cyber Security Challenge Belgium. It’s a CTF (Capture the Flag)-style competition for computer science students living in Belgium.
Students create teams of up to four members. They work together to solve various challenges over a limited time. These challenges cover a wide range of cybersecurity topics, including but not limited to:
- Digital forensics
- Cryptography
- Reverse engineering and malware analysis
- Mobile security
- Web application security
- Miscellaneous challenges
Each challenge falls under one of these categories, with different challenges falling under different levels of difficulty. For example, you can have an ‘Easy’ cryptography challenge, and a separate ‘Hard’ cryptography challenge.
The scoring system works as follows: Each challenge initially adds 500 points to the score of every team that solves it. As more teams solve a challenge, the points it contributes decrease until they reach a minimum of 30 points.
For example, let’s say there are three challenges in the competition: an easy cryptography challenge, a medium forensics challenge, and a hard mobile security challenge. Every challenge starts at 500 points. If all the teams solve the easy cryptography challenge, its point value will gradually decrease until it reaches 30 points. In contrast, fewer teams will solve the medium forensics challenge, so it might contribute around 200-300 points to those who solve it. Finally, only one or two teams might solve the hard mobile security challenge, earning them 400-500 points, which places them higher on the leaderboard compared to teams that couldn’t solve it.
The competition is organized by Toreon and Nviso with the goal of raising awareness about cybersecurity and building a more secure digital society. It is one of the largest cybersecurity events in Belgium.
For the third year in a row, my friends and I decided to compete in the CSCBE. I came up with an absolutely legendary team name: โwe thought this was speed dating.โ Because nothing says intellectual prowess like a name that suggests we wandered into the wrong event.
The qualifiers in March were intense. We spent days completely glued to our screens, deciphering cryptographic codes, mapping out networks, and uncovering forensic artifacts. Most of the challenges had us suffering, it was exhausting. But that feeling of finally cracking a particularly tough challenge is pure satisfaction. Worth it. Completely worth it.
There were moments of absolute frustration, of course. We hit a wall on a particularly nasty reverse engineering challenge, spending hours making zero progress. But then one of us stumbled upon a seemingly irrelevant clue that ended up being the key to unlocking the entire thing. Thatโs what makes these challenges great โ itโs about effective communication and leveraging each otherโs strengths. Teamwork in its purest form.
To our delight, and complete surprise, โwe thought this was speed datingโ managed to snag a spot in the finals at the Royal Military Academy in Brussels! The competition there was even fiercer, with teams from all over Belgium competing. We may not have taken home the grand prize, but we definitely held our own against some seriously talented competitors.
The story of our progress in this competition is one I won’t forget. When we started out in the first year, we ended up in 168th place with 200 points. In our second year we got 80th place with 1273 points. And then, this year, we landed in 35th place with 3621 points! We’d consecutively doubled our position two years in a row, and we’d increase our points by a factor of 18! This is an achievement my friends and I will forever be proud of.