Taiab's Blog

National Cyber Drill 2021: My First Big Competition

Md. Taiab

Md. Taiab

2024-08-14 ยท 2 mins read


The National Cyber Drill 2021 was my first competition outside a classroom. I went in nervous and underprepared, placed in the top 10, and learned more in those hours than in months of solo practice.

The Format

A jeopardy-style CTF: categories of challenges, each worth points by difficulty, solved in any order over a fixed window.

  • Web โ€” exploit a vulnerable web app for a flag
  • Crypto โ€” break or decode something
  • Forensics โ€” dig a flag out of a file or capture
  • OSINT โ€” find information from public sources
  • Misc โ€” whatever doesn't fit elsewhere

My Mistake: Chasing Hard Points First

I spent the first hour on a 500-point crypto challenge because it looked impressive. Solved nothing. Meanwhile teams were racking up easy web and forensics flags. Lesson: clear the cheap points first, then climb.

What Actually Scored

Once I switched strategy, the wins came from fundamentals:

  • A web challenge solved by changing a cookie value from user to admin.
  • A forensics flag hidden in image metadata โ€” exiftool found it in seconds.
  • An OSINT flag traced from a username to a public profile.

None required genius. They required knowing where to look.

The Forensics Flag

The one I'm proudest of: a file that looked like a broken image. Checking the header bytes showed it was actually a ZIP with the wrong extension. Renaming and extracting gave the flag. The lesson โ€” never trust the file extension, check the magic bytes โ€” has paid off in every competition since.

What I Took Away

Two things stuck. First, time management beats raw skill in a timed CTF โ€” a strong solver with bad triage loses to an average solver with good triage. Second, breadth wins โ€” a little knowledge across web, crypto, and forensics scores more than deep mastery of one. That shaped every competition I've entered since.

Md. Taiab

Written by Md. Taiab

Follow

Md. Taiab is a Software QA Engineer and security enthusiast based in Dhaka, Bangladesh. He interned as a QA Engineer at Battery Low Interactive Ltd. and competes in CTFs and programming contests โ€” ranked Top 3% globally on TryHackMe and Champion of GUB Junior IDPC 2023.

Comments disabled โ€” add your CommentBox.io project ID to .env.local as NEXT_PUBLIC_COMMENTBOX_ID