Tower of Hanoi


Hello! We are the Tower of Hanoi (also known as Hanoiati), the Politecnico di Milano CTF team. We are a group of B.Sc, M.Sc, and Ph.D. students interested in information security. We love to play CTF and sometimes to organize them too (check out the PoliCTF!). We’re also part of mHACKeroni: the union of 5 Italian CTF teams who joined their forces to qualify and participate to the DEF CON CTF Finals.

Our CTFTime profile lists the competitions we recently took part to.

We usually meet weekly in the NECSTLab, a research laboratory of the Politecnico di Milano that deals mainly with computer security and computer architectures. During our meetings, we either review together the past CTF challenges or discuss interesting information security topics.

Cool, but… what is a CTF?

CTFs (Capture The Flag) are information security competitions, aimed at teaching how to find, exploit and patch security vulnerabilities and, in turn, how to avoid vulnerabilities when writing software.

Some CTFs are organized as attack-defense competitions: different teams receive a virtual machine image with some vulnerable (network) services; each team has to find the vulnerabilities, patch them in its own image to defend themselves from the attacks of other teams, and exploit the vulnerabilities attacking other teams to gain tokens (i.e., flags) needed to score game points.

In jeopardy-style ones (the majority of online CTFs!), instead, teams are presented with a set of specific challenges in a range of categories, touching aspects such as vulnerability exploitation, reverse engineering, cryptography and others.

A bit of history

The team “Tower of Hanoi” traces its root back to 2004: the University of California, Santa Barbara organized in December 2004 a CTF (the iCTF) open to university students all over the world. Politecnico di Milano was invited and joined with the team “The Tower of Hanoi”. Our team won the first and second (June 2005) edition of the contest; Tower of Hanoi has been playing iCTF every year since then.

In 2010, Tower of Hanoi grows up, becoming a full-fledged CTF team: we start competing also to other of the main online jeopardy and attack-defense CTFs, such as the DEF CON Qualifiers, PlaidCTF, CSAW, RuCTFe, and many others.

In the meantime, we also created our own CTF: in 2012, we go online with the first edition of the PoliCTF. The experiment was successful, and we repeated it in 2015 and 2017.

In 2018, we joined other academic and non-academic Italian teams to get serious into qualifying to the DEF CON CTF (i.e., the most important CTF!). We create the “mega-team” mHACKeroni, obtaining the second place to the DEF CON 2018 Qualifiers and the seventh place to the finals in Vegas.


If you are interested, feel free to drop us a line! Our email address is, or you can find us on Twitter @towerofhanoi.

If you are a student interested into a thesis or a project in the field of information security (or you just want to learn more about the academic research activities of our lab), check out the NECST Laboratory website.