Not sure if any of you will see this, because this thing is a little old, but I remember hearing some of you would be curious as to the phpBB's status after the competition. I'm happy to report we got 7th out of 40. We almost got 4th but in the last 5 minutes of the competition my forum was breached, by means of SSH. It is a capture the flag game, and my /etc flag was captured by a compromised admin account.(before you say I needed better passwords the password for this account was randomly generated and provided to us by staff, we couldn't use our own.) Anyways the site itself had two flags to be placed by red team. One to post in the admin only announcements forum, and one to post in the password protected developer forum. They didn't get any of those. However in the bug forum the red team decided to do some mind games and told us how they would get in. Not gonna lie scary af. They successfully XSS scripted my site. However we used barracuda WAF and it blocked them. Needless to say they were very unhappy. We have a phone service to address "customer calls" and the red team called us and complained about it, then hung up and rick rolled us lol. So yeah my team wonders if it may have been set up errors that caused that, but I used mostly default settings. So I guess that's it if you guys are securing stuff work on XSS to stop cross site/html injection attacks or buy Barracuda WAF its amazing.
Oh any sorry John I'm pretty sure you have to be a student or alumni of Iowa State University to red team, if you want look up Iowa State CDC and since I am in high school it should be the ITO one. I'll also link the scoring site and if you want to chat with them about next year I can send you the mail that we use to contact them.
the scoring site -> https://iscore.iseage.org/
Its down right now while they move the server out of the basketball court. If it is back up with scores, and you want to find us, we were team 3.