CTF ECW 2025 – Mathis Durand’s Honeypots Challenge

October 30, 2025October 30, 2025 By Dylan Massieux Actualités / Évènementctf,cyber,cybercni,cybersecurity,ECW,ECW CTF,Honeynets,honeypot,PhD,research

The Cyber CNI Chair participated for the second consecutive year in the European Cyber Week Capture The Flag (CTF) competition. This event, organized by the Pôle d’excellence cyber, brings together researchers, students, and cybersecurity professionals. This year, the challenge was particularly original thanks to Mathis Durand, a doctoral student at IMT Atlantique and within our Chair. His goal was simple: to create an environment where participants could test their skills while providing useful data for research.

A challenge inspired by research

The concept of the challenge was clear: nine services were available, but only one contained the flag. If a player attacked a honeypot, an alarm would sound and the network would reset, canceling any progress.

As a reminder, a honeypot is a computer system designed to attract attackers and observe their actions without endangering real systems. It allows researchers to better understand the techniques and behaviors of cyber attackers.

As Mathis explains: “My thesis topic is the design of undetectable honeypots. The CTF allows me to observe how ethical attackers interact with these systems.”

Participants had to think and act cautiously, just as they would in a real attack. In addition to testing their skills, the challenge served as a testing ground to observe how attackers behave.

A technical and collaborative innovation

On a technical level, the challenge was based on CTFd, with Docker-in-Docker to run multiple services in a single container. In addition, a real-time analysis script monitored players’ commands and immediately triggered an alarm if suspicious activity was detected.

The project was supported by industry partners. In particular, Astek assisted with testing and commissioning. Mathis emphasizes: “The CTF allowed me to collect valuable data to validate certain hypotheses about advanced attackers.” In total, more than 11,000 commands and 4.62 MB of data were collected, providing a unique space for research while training future cybersecurity experts.