Nahamcon CTF 2022

From the 28th of may to the 30th, Nahamcon held a capture the flag event. I hadn't done anything like it since my cybersecurity exam 2 years ago, so I was curious what it would be like.

Before I could start, I needed to join a team, or make one. But seeing some other people from Howest in the roster, I sent some messages and joined them. They were all from cybersecurity, so had much more experience than me. They told me they had another hackathon to do, however, so I had plenty of time to try my hand before they did the harder ones.

I started out with the warm-ups. Some were very easy: take a look at robots.txt to find the page with the flag. But other challenges felt much more like an achievement. For one, I had to upload an XML file and then execute it. But with a bit of hidden code I could the flags content as well!

Some were purely cryptography related. One of my team members pointed me to the site cyberchef, and I'm telling you, that site has almost everything you need!

One challenge in the miscellaneous category was quite frustrating and fun at the same time. Whenami was its name. I had to figure out how long ago a person looked at their watch with bits of hint of times in between, while the person was jumping the date-line in Samoa. I did all this calculation, had a real crack at it! And failed. No idea where I was mistaken. So yeah, I left it there.

After all the deadline passed, I managed to do a few challenges. But what I found even more interesting were the write-ups people made afterwards! People explained how they did it, while also making recommendations on how to proof you applications and websites against these exploits.

Overall this was a real fun experience, no pressure, lots of friendly people asking and giving hints all while learning more! I preferred this much more than other hackathons.