November - 2025

This November has been an especially eventful month for me in cybersecurity. Especially in the CTF scene.

I decided to return to Capture The Flag (CTF) tournaments last December after a three year break. The scene had changed significantly during that time. Entirely new categories had appeared and some older ones had almost disappeared. Forensics used to be my favorite category, but it is now nearly nonexistent. Open Source Intellignace (OSINT) was still fairly new when I last competed, and now it feels like every CTF includes several GeoGuessr style challenges. AI challenges have also become common and I have enjoyed solving LLM challenges the most. I enjoyed them so much that I even created one for Disobey 2025 while representing ROBOTUPRISING.FI.

Taking such a long break made me realize how quickly the cybersecurity field evolves. When I returned, a lot of what I knew was outdated or no longer relevant. It felt like I was returning to whole new world, one where I had to relearn everything.

At the beginning of the month my team and I participated in Cybercation in Cyber Security Nordic. We secured first place in Finland and tied for second place overall, but slipped to third due to a later submission time.. Cybercation taught me a lot about how I perform under pressure, how to balance workloads within a team. It also taught me how important the right professional equipment can be when it matters most.

Two weeks later I traveled to Bucharest to compete in DefCamp CTF. We had qualified a few months earlier by placing third in the qualifiers (TFC). I spent four days and three nights in the city with one day dedicated to the main CTF and another spent exploring the DefCamp Hacking Village.

The CTF itself, this year there was a new competition format. A king of the hill addition was introduced to replace the old attack and defence format. At first this felt disappointing because I had always excelled at the defence part of attack and defence events and I used to practice defending against many types of attacks. I even went as far as making my own environments and try to defend against my own simulated attacks. But the more I learned about the king of the hill format, the more I liked it. The concept was simple. The team with the smallest possible payload would receive the most points every minute or so. We performed very well until a challenge we could not solve was solved and that dropped us down to second place on the king of the hill scoreboard.

The jeopardy style challenges were very difficult but that made sense considering that some of the best teams in the world were competing. The most interesting challenge involved Google's open redirect which allows redirection from the www.google.com domain to other Google owned domains such as sheets.google.com and makes it possible for webhooks to execute unwanted actions. We discovered this vulnerability too late in the competition and did not have enough time to fully execute our exploit, but it was still an extremely fun challenge.

All in all we finished in fifth place in the final rankings. It might not be the top spot, but considering that more than seven hundred teams from over fifty countries competed in the qualifiers, I think fifth place is something to be proud of.

This just means that next year we have to go harder and smarter.

I was told that CTF teams do not usually talk to each other at events like this, but that felt unnecessary and a bit odd to me. Since I am a very social person, I decided that the first team I met I would invite to a group chat and try to organize a meetup after the competition. It worked and soon more people joined. I met skilled and passionate hackers from all over the world and we ended up discussing everything from Android exploit chains to new theoretical techniques in hardware hacking. Seeing so many talented people sharing ideas in the same space was inspiring and reminded me why I chose the path of cyber in the first place.

I even managed to convince one guy from the Slovakian ECSC team to trade me his traditional felt hat for a hacking themed T-shirt I had brought

Thank you 665, Heartstone, Ry and Iacob for a lovely journey and I hope to see you guys next year.