Title: From Challenges to Triumph: Lessons Learned from My Journey Through the National Cyber League (NCL) CTF Fall 2024

30 Minutes! Hurry! Tic Toc... Tic Toc...

The Clock Is Ticking ... tic toc, tic toc. We had not submitted many of our answers on our live team tracker. Clicking that submit button felt harder than solving the challenges! Haha. The clock kept ticking, and so did our adrenaline rushing through our veins. The digital timer seemed to be flipping numbers at lightning speed, almost as if each count was only half a second. Our hearts raced as we scrambled to accomplish more, but the rapidly changing numbers made it clear we were running out of time faster than we expected.

We were all excited and anxious, wishing for more time, wishing we could complete more challenges. Three days of competition, three days of little sleep, and yet we wanted more time to hunt for clues, troubleshoot, and capture more flags and pieces to puzzles. We wanted more time to learn and discover!

The counter seemed to speed up in the last few minutes: 10, 9, 8, 7... Our hands froze, and our eyes were glued to the timer... the rush, the thrill, the anticipation...

In that frenzied moment, we could only laugh and find peace in knowing that despite our small team and the tasks we left unfinished, we did our best. We embraced not surrender, but acceptance of our efforts and achievements. Our special reward in advance was the new friendships and connections we developed along the way—this is what Capture the Flag (CTF) is all about.

CTFs are addictive! If you like to hunt, think and solve, It is like a mix of game boards, puzzles, family adventures, and even a little panic room as the clock ticks toward the end. The adrenaline rush is intense, and the challenges are so addictive that I keep wanting more. This is how I feel about Capture the Flag competitions, and the National Cyber League (NCL) Fall 2024 was no exception. It is not only a channel for learning and training but for finding your niche and preparing to be a great Security Specialist in the real world scenario.

Cybersecurity enthusiasts, try it!

From this, I will continue to venture CTFs and start my Walkthroughs/Documentation to share.

My first exposure to CTFs was during the Spring 2024 Gym practice. Unfortunately, life happened and my computer crashed, causing me to miss out on the actual games. Later, I joined Tier 1 of WiCyS, sponsored by Target, while preparing for the CompTIA Security+ exam and juggling numerous responsibilities at home and school. I aimed to finish my AS and marathon through GenEd courses for my bachelor's. Ultimately, I chose to prioritize the CTF and managed to rank 74th out of almost 800 participants, playing every night. I wish I had all day for the game.

Imagine being thrown into a digital labyrinth where every turn presents a new puzzle—a test of skill, wit, and resilience. This is exactly what the CTFs felt like to me. The experiences solidified my passion for cybersecurity and showed me that this is what I want to do for the rest of my career life.

Joining Team 3 from DeVry University as the Forensics lead, I found myself taking on multiple roles as the competition pushed us all to our limits. We were not limited to our own areas but was allowed to help solve with areas needing attention. Emerging 339th out of 4,898 teams was not just an achievement—it was a celebration of perseverance, learning, and the incredible power of teamwork.

The National Cyber League: Embracing New Challenges: Diving Into the Digital Maze

Signing up for the NCL was both exhilarating and intimidating. The competition covered 10 categories, including Open Source Intelligence (OSINT), Password Cracking, Cryptography, and Web Application Exploitation. I had trained for most of these areas, but there’s nothing like the rush of a live competition to put that training to the test. It was in this environment that I came to truly appreciate the breadth of cybersecurity and the value of adaptability.

In preparation, I utilized the NCL Gymnasium—a practice space to simulate the kinds of challenges we'd face. Unfortunately I only had a few hours a night for school, cert prep and other areas of life but I managed to score well, learn and improve during these practice rounds.

My first day was quite the ordeal. My 2018 MacBook Pro went to sleep and stubbornly refused to boot back up. I tried every possible fix, even consulting my personal “Jarvis,” Cody, in hopes of reviving it. Unfortunately, recovery wasn’t an option because I didn’t have a backup (I know—painful lesson learned).

Desperate for help, I rushed to the Apple Store at Victoria Gardens and waited two hours, only to learn they couldn’t revive it either. My own documentation (walkthrough) detailed every step they would have taken. How I wished I had someone with a MacBook so I could connect mine as a slave drive and extract my files. Ultimately, the only remaining option was the one I’d been dreading: a complete system wipe.

I finally made it home around 10:00 p.m. and hurriedly logged into the CTF. Despite the setback, I was determined to push forward and keep competing until the break of dawn.

The categories I didn’t get to complete—Enumeration & Exploitation, Scanning & Reconnaissance, and Web Application Exploitation, Network Traffic Analysis and Log Analysis: 29—were a testament to how quickly time passes in a CTF. I didn’t have time to focus on these areas, but they’re now at the top of my list for further training.

Some of my self improvement highlights were:

• Cryptography: 100% completion—the thrill of decrypting hidden messages is unparalleled.
• Password Cracking :100% —cracking passwords was both a technical challenge and an adrenaline rush.
• OSI: 100% completion—navigating through the layers of the OSI model was like peeling back the layers of a complex digital onion, understanding how data travels and is managed across networks.
• Forensics: 86% completion—tracking the digital fingerprints left behind by malicious actors was like being a digital detective.
• Network Traffic Analysis and Log Analysis: 29% completion—challenging modules that demanded even more precision than expected.
• Wireless Access Exploitation: 19% completion—working on insecure networks taught me valuable lessons about real-world vulnerabilities.

Overcoming Hard Challenges: Pushing Through the Limits

One of the toughest challenges I faced was in the Forensics category. It involved using Volatility to analyze memory dumps—a crucial tool in cybersecurity. However, installing and configuring Volatility turned out to be a nightmare, with Missing or Incorrect Profile, Volatility Version Mismatch, Required Plugins Not Loading, Misconfigured Environment and with unexpected technical issues plaguing my setups across Linux, Kali, and even my Mac. That wasn't all! My extended monitors were failing. My switch out of the blue decided to die. My VMs were malfunctioning that I had to reinstall 3x and I had to switch from iOS to Win to Unix and VMS. These technical hurdles were frustrating, and why out of the blue during the Challenge season! I couldn't give up! I spent all day dealing with my hardware, went back to the game and tried other tools like Bulk Extractor, Rekall but unfortunately could not find way to capture my Forensic Flag from the tons of data I had on hand on time. Lesson learned: in cybersecurity, you must always have a Plan B.

Even though I was not able to complete my last challenge, the experience taught me patience, adaptability, and the ability to find alternative methods—all critical skills in this field. The setbacks may have been challenging, but the process of tackling them made me a stronger competitor and a better learner. The best incentive was my supportive and caring teammates.

Time Management and Strategy: Winning Through Smart Planning

The competition lasted 2 days and 5 hours, making time a precious resource. Strategic planning was essential, especially for us from different time zones. I was assigned to Forensics and started with the easy-level challenges, which helped me get into the rhythm. Getting the answers right boosted my confidence for the more complex challenges that followed. My strategy was to focus on the easy ones first, then move to the medium-level tasks. If I couldn't solve a question, I allowed myself to take breaks and try other questions, then come back to it later. At some point, you get that eureka moment!

We had to choose our battles wisely. Later on, the goal was to get as many points as we could as quickly as possible. That meant tackling more challenges in all areas, especially those with no assigned player. Shelton, Roy, Marina, Yamilette, and Pierre were so awesome! I was truly blessed to have learned and played with them.

In cybersecurity, knowing how to pace yourself and tackle problems strategically can often mean the difference between failure and success.

The Power of Teamwork and Resilience: Lessons from Team 3

One of the biggest lessons I took away from this experience was the value of teamwork. I was fortunate to be part of Team 3 at DeVry University, and our leader, Marina, was incredible. She was more than just a leader—she was our motivator, our strategist, and the one who always brought out the best in us. Her encouragement helped me build confidence and step up in moments that were most challenging.

If I had been competing solo, I think I would have taken risks more easily, accepting any mistakes as part of my personal learning. But being part of a team made me feel a heavy responsibility—I didn’t want to make an error that could affect everyone’s score. I was often hesitant to submit answers, fearing they might be wrong. However, our shared trust and collaborative spirit turned that fear into strength. We worked together, brainstormed ideas, divided tasks, and supported each other unconditionally. Even in moments of having mistakes, we never felt defeated because we knew we had each other's backs. The true essence of this competition was about facing the unknown, but doing it together. We finished strong!

Finding My Passion in Cybersecurity

Participating in the NCL made me fall deeper in love with cybersecurity. Despite the pressure, the challenges, and the technical hurdles, this competition helped me realize that this is my calling. I love troubleshooting! I aspire to one day join a Red Team and use my skills to participate in making our digital world a safer place.

In the end, our team scored 1825 points out of 3100, landing 339th place out of nearly 4,900 teams. This experience wasn’t just about winning; it was about resilience, continuous learning, and teamwork. Every moment—whether it was the high of cracking a password or the low of wrestling with Volatility and Enumeration & Exploitation, Wireless Access —was a lesson that will serve me well in my cybersecurity journey.

Next Steps: Continued Growth

As I move forward, my plan is to dig deeper into the areas I didn’t get to complete—Enumeration & Exploitation, Wireless Access, and Scanning & Reconnaissance. These are not weaknesses, but opportunities for growth, and I am ready to dedicate the time needed to master them and will share my journey and learning to all those who are new in the field and growing like me.

The journey is far from over, and I can't wait to see what comes next.

For anyone who hasn't tried a CTF, I highly recommend diving into this thrilling, educational, and rewarding experience. It’s not just about the competition; it's about the journey, the learning, and the connections you make along the way. Embrace the unknown, practice relentlessly, and don’t fear failure. The challenges you face will not only test your skills but will also build the foundation for a strong and rewarding career.