About Us

RedRocket is a CTF team from Bonn that was formed in 2017.

We compete in high ranked international hacking competitions and co-organize the CyberSecurityRumble and Cyber Security Challenge Germany.

Nowadays we are:

• a group of hackers interested in information security
• a competitive CTF team
• a CTF organizer

Although we have become international, most members are still located in Bonn, Germany.

Since 2020 we’re a registered association under German law (e.V.).

Select CVEs

Selected vulnerabilities that RedRocket members have found:

• Pwn2Own 2020 Linux Kernel LPE CVE-2020-8835
• Multiple LPE/RCEs via X.org Server CVE-2020-14347; CVE-2020-14345, CVE-2020-14346, CVE-2020-14361, CVE-2020-14362; CVE-2020-14360, CVE-2020-25712
• OpenWRT uhttpd Invalid Data Access CVE-2019-19945
• Ghostscript Sandbox Escape CVE-2019-14869
• BigBlueButton LFI and Privilege Escalation CVE-2020-12443
• Google Chrome Type Confusion in V8 CVE-2021-21230, CVE-2021-30598, CVE-2021-30599
• Croc Full Plaintext Recovery CVE-2021-31603
• Linux Kernel LPE and Kubernetes Container Escape CVE-2021-31440, Demo
• TinyDTLS Full Key Recovery - CVE-2021-34430
• Firefox Sandbox Escape via Prototype Pollution CVE-2022-1802,CVE-2022-1529
• …

Select Talks

Some talks that RedRocket members have given:

• Kyber and Post-Quantum Crypto - How does it work? at rc3 Video
• How To Learn (and Teach) Hacking at OWASP AppSec 2019 Video
• Microsoft’s CurveBall Vulnerability CVE-2020-0601 Video (German)

Select CTF Competitions

Some CTFs we have succefully participated in.

• Third Place together with FluxFingers in Hack-A-Sat Hacking Competition by U.S. Air Force
• Third Place in HITB Abu Dhabi Pro CTF 2021
• Google CTF 2021 and 2019 Finalist, 3rd Place in Google Hackceler8 Match
• DEFCON CTF 2019 and 2022 Finalist (together with Sauercloud)
• MidnightSun CTF Winners 2018, 2019, 2020, 2021 and 2022
• …

Select Press Coverage

Some press reports about us (mostly German):

• Wie hackt man einen Satelliten? (P.M. Magazin)
• US-Wettbewerb Hackerteam der Hochschule Bonn-Rhein-Sieg gewinnt Preis
• Sankt Augustiner spüren im Wettbewerb IT-Sicherheitslücken auf
• PLATZ 3: FLUXREPEATROCKET BEIM HACK-A-SAT
• Im Weltraum hört dich niemand hacken
• Hackerteam der Hochschule Bonn-Rhein-Sieg gewinnt Preis
• Studenten suchen Sicherheitslücken in Sankt Augustin
• Team RedRocket hackt beim ProCTF in Abu Dhabi
• Sauercloud qualifiziert sich für DEFCON CTF
• Pwn2Own: Hacker kapern Windows, Ubuntu, macOS, VirtualBox
• MANFRED PAUL VOM TEAM REDROCKET GEWINNT BEIM PWN2OWN
• REDROCKET AUF PLATZ 6 BEI GOOGLE CTF HACKING WETTBEWERB
• HACKER-TEAM SAUERCLOUD AUF DER DEF CON IN LAS VEGAS
• TEAM REDROCKET ROCKT CYBER SECURITY RUMBLE IN BONN
• Red-Rocket-Team Hacker-Gruppe der Hochschule Bonn-Rhein-Sieg sucht Sicherheitslücke
• RedRocket-Team hackt international erfolgreich
• Erfolgreiche Hacker studieren an der H-BRS