It’s the end of April and this year’s qualifier has once again come to an end. You can find my writeups and some personal thoughts on this year below :)
my experience
performance
This was my first year participating as a senior. Due to the heavy AI usage from other players, I lost the motivation to attempt to solve more challenges during the middle of the second wave.
Despite all of that, I ended up as #6 in the senior category and #3 excluding players with heavy AI usage.
writing writeups
After not doing writeups last year due to time constraints, I decided on writing writeups for all challenges that I have submitted a flag for again. This year, I spent some time into making them look a bit more visually appealing, with a custom challenge overview format, asciinema recordings and GoAT diagrams.
opinions on llm usage
It’s clear that constantly improving LLMs will change the future of CTF, who knows what it will look like. I also used some AI while solving my challenges. The relevant writeups include a block on how AI was used.
There’s also challenges that I could not solve on my own. I tried using agents (Claude Code, Codex) for fun and managed to solve zipper, plumberhub-revenge, stacked-rev and stacked-pwn with them. For the sake of fairness, I did decide against submitting those flags, as I cannot claim credit for a solution that I would have never come up with myself in the given time.
writeups
Sorted by category:
crypto
- weak-random baby
- dino-vault easy
- punkhash medium
misc
- pcap-analysis baby
- grafasaurus medium
- stegosaurus medium
- plumberhub hard
- meow leet
pwn
- buffer-overflow-intro baby
- stackosaurus easy
- canopysaurus medium
re
- password-checker baby
- dino-configurator easy
- bedrockbank medium
- lumon medium
- connivance hard
web
- sql-injection-basics baby
- dino-test-bank easy
- brachiosaurus medium
- dinodata medium
- fossildash medium
- juraforum hard