Capture The Flag – InfoGuard steps on to the podium at HackIstanbul 2019

Thousands of "hackers" from over 130 countries around the world recently competed in the Capture The Flag (CTF) contest in Istanbul – the HackIstanbul 2019 – to solve a variety of cyber security challenges, including hacking into computer systems. Right at the forefront of HackIstanbul was Luca Marcelli, our penetration tester, who with lots of ambition and talent finished in 2nd place. Read in his personal review about how he did in the CTF contest!

"A few months ago, my friends asked me if I wanted to join them in doing a CTF. Of course, I said yes. The CTF was called HackIstanbul and was made up of 3 stages: preselection, qualification and the final stage. We named our team 'kolaydı' which translates as 'that was easy'."

Stage 1 – Preselection

"The first stage was all about solving a variety of challenges in several rounds, for example, reversing and crypto challenges. We were each given four hours to solve five questions. Then we deleted them and did the same thing again. If my memory serves me well, there was a total of 20 challenges. We scored 19/20 and were in first place." 

Stage 2 – Qualification

"The second stage was even more demanding. We were given links to various hosts where we had to find gaps in security. Some of them were hard to find, others very easy to find. The majority consisted of simple web app exploits. But with the final ones, there was a lot more to do. Among other things, we had to explode running scripts, enumerate services and find hidden things. The second stage lasted 24 hours. We were able to solve everything at this time and this put us into second place (the team that was in the lead was simply faster than we were)."

Stage 3 – Final in Istanbul

"The third and final stage was imminent. infoguard-cyber-security-marcelli-hackistanbul2019-1From 20 to 22 September 2019, the top 10 teams were flown to Istanbul to take part in the final of Teknofest 2019. The final was a real challenge and much more difficult than the other stages. Here we were given lots of hosts that we had to exploit. For everyone, the objective was to compromise the root account. For this, we had to use a variety of skills, including memory forensics, crypto, reverse engineering, and binary exploitation. We split up, with my three teammates trying the first hosts while I took care of the last box. This one had the most points. That's why we assumed that this is where the biggest challenges in terms of reverse engineering and binary exploitation challenges would be.

At the outset we made a lot of mistakes, so for a long time, we remained in last place. About two hours before the end, my team-mates had solved a box, but unfortunately, we were still in last place, because it only scored very few points. 30 minutes from the end I managed to crack the last box, and that catapulted us from last to second place."

A memorable awards ceremony – even without Erdogan

"It was a lot of fun and even at the awards ceremony, I couldn't quite believe that we had climbed all the way back to second place. This was my first real Capture the Flag! Ultimately the awards ceremony was not with Recep Tayyip Erdogan the President of Turkey as had previously been announced, but the Vice President Fuat Oktay was there. Most of all, I was pleased to be finally able to meet in person my hitherto 'virtual' team mates from HackTheBox, a penetration testing platform!"

The entire InfoGuard team congratulates Luca on this amazing achievement!

You can find impressions of HackIstanbul 2019 here:


Source cover: Twitter, HackIstanbul (

<< >>

Cyber Security

Luca Marcelli
About the author / Luca Marcelli

InfoGuard AG - Luca Marcelli, Penetration Tester

More articles from Luca Marcelli

Related articles
How to use Office 365 securely in hybrid environments
How to use Office 365 securely in hybrid environments

An increasing number of Swiss companies are losing their inhibitions about the cloud and are using services. [...]
Cyber Security Blog

Exciting articles, the latest news and tips & tricks from our experts on all aspects of Cyber Security & Defence.

Blog update subscription
Social Media