Introduction to the Event

A few days ago, I participated in a Capture the Flag event organized by the Foreningen for Danske Cyber Alumner (FDCA). FDCA stands for the Association of Danish Cyber Alumni, an organization created to contribute to the resilience of Denmark and the Danish Realm against cyber threats. Its goals include developing members’ knowledge, skills, and competencies in cyber and IT security, providing career advice, and facilitating exposure to companies. Additionally, it aims to maintain and promote camaraderie across repatriated Cyber Conscription teams.

The FDCA Christmas CTF took place online from December 1st to 24th at jul.fdca.dk, with daily tasks released at 08:00.

Each task was valued at 1000 points, with available hints costing 100 points each.

Prizes were awarded to the top three scorers and for the best write-ups.

I participated under the moniker loudartist and scored 22,500 points, which landed me in 9th place out of 232 participants.

My Motivation in Participating

I joined the CTF because I am constantly looking for ways to expand my skills in cybersecurity. I think CTFs are good tools to measure oneself, see what cybersecurity disciplines you are familiar with, and identify which ones need further exploration.

Plus, you meet new people online who are trying to solve the same problems as you, turning it into a friendly competition. We help and motivate each other.

Overview of Challenges

The challenges included OSINT, Forensics, Reverse Engineering, Cryptography, Web, and several miscellaneous categories.

The most memorable challenges I recall involved escaping from a restricted shell and finding a way to access a private vault in the second part of the challenge.

Another memorable challenge occurred on the 19th day, where OSINT skills were required to identify the location of a lake and the modern technology associated with it. It turns out that the Jelling stones, which contain ancient cryptography, are located there. They were raised by Harald Bluetooth in memory of his parents.

This challenge wasn’t the hardest, but as a history buff, I really appreciate how the digital connects with the physical. There is an actual place that you can drive by and visit. You not only learn cybersecurity skills but also get to know the surroundings better.

Tools and Techniques Used

The main tool used for the CTF was a physical Kali Linux machine. Although virtualization is a faster way to run things, I prefer using a dedicated machine for it.

For analyzing Microsoft Event Logs, I used Windows 11 OS. JetBrains’ dotPeek assisted with .NET assembly analysis, while Ghidra was helpful for general reverse engineering tasks. For cryptography tasks, I used a digital Swiss Army knife called CyberChef, made by GCHQ.

However, the most powerful tool available on the market is ChatGPT. If you know what you are looking for, it can guide you in a very focused and narrow way. When solving a challenge in a CTF, it’s easy to choose a wrong approach and waste a lot of time. ChatGPT helps to minimize this waste.

I used it extensively to bounce ideas around when the problem was difficult to solve. Sometimes it led me down the wrong path, but mostly, it has been an effective tool. I am also very impressed with how the output varies depending on whether you use advanced reasoning or not.

Isn’t it cheating, you might ask? I don’t think so. ChatGPT can’t just give you the answers to the problems you’re trying to solve. It’s more like a vehicle, and you are the main driver on this journey.

Team Dynamics and Collaboration

The event I am describing was a solo effort. However, in the first week, I found a few like-minded participants who helped me along the way. I think it’s a great idea to have a digital buddy with whom you can bounce ideas.

I would like to extend a digital thank you to Msonic and ToxDK, who helped me pivot away from dead ends and choose the right path in the complex maze of digital cybersecurity.

Conclusion and Future Plans

The event organized by the FDCA was a great way to try new challenges and improve my skills. It provided a quick method to validate what I know and identify areas that still need improvement. It inspired me to think about 2025 and lifelong learning in general. I am already working on a study curriculum for myself.

Additionally, I met several fellow cybersecurity enthusiasts who expressed a desire to participate in more CTFs in the future. As mentioned earlier, it’s beneficial to have a group of like-minded individuals who are willing to help and share their experiences.

Call to Action

I highly encourage you to try cybersecurity CTFs. They are a great way to meet fellow cybersecurity professionals and learn new skills. You don’t know what you don’t know, so it’s important to measure yourself and discover what kinds of challenges are out there.

If you prefer a lighter approach, open an account on the TryHackMe platform and join some CTF rooms. The last time I checked, there were a few fun ones like the Mr. Robot and Pickle Rick CTFs.