MetaCTF CyberGames 2021: A to Z

This year I participated in my first capture the flag (CTF) event! After a recommendation from my current Cybersecurity bootcamp instructor I’m glad I checked out MetaCTF and had a chance to participate. I learned a lot in the process, and I want to share a few writeups from the easier end of the spectrum. While these problems already have some writeups, my own approach hopefully offers at least one or two details that are instructive beyond those other great options.

A to Z (100 points)

This encrypted flag will only require a simple substitution cipher to solve. Rearrange the letters from A to Z.



To start with I ran the string through a quickly-googled Caesar cipher tool. For those unfamiliar, a Caesar cipher is a simple code system that was, in fact, used by Caesar. You simply replace one character with another character. The website I just linked uses the traditional version, where you basically start a different place in the alphabet (ex: S) and that becomes the replacement for A. Then the next letter, alphabetically (continuing with the ex: T) becomes B, and so on. When you get to the end of your code alphabet you wrap around to the beginning (ex: Z replaces H, and then A replaces G). Given the simplicity of this, it was enough to deliver an encoded message with a number (representing the starting index) if the recipient understood how it worked.

Unfortunately, after quickly scanning through all 26 possible starting positions it became clear this didn’t work. What about the second sentence? I took the given code and rearranged it’s letters from A to Z. Nope. Z to A? That didn’t work either.

You may have already figured out my mistake, but to be honest I skipped this one at the time of the event and only returned a month later, slightly better armed with a fabulous tool: Cyberchef. Cyberchef is your one-stop-shop for dealing with text across any format or encoding you can imagine. Put simply, you give it input text and a set of instructions, and it bakes the text and gives you an output text encoded/decoded however you asked.

In this case, it hit me: the cipher/key was the part I needed to rearrange! How? Well…I rearranged it so A (plain text) = Z (encoded text)…and then…what if B = Y, and so on? In other words, I just reversed the alphabet for the cipher/key.

Hmm…that didn’t help much…

It took me a second to realize my issue, but then I remember that in ASCII (or any text encoding, really) uppercase and lowercase letters are treated differently. My recipe text was all upper case, so I needed to either retype the substitution rules in lowercase…or…


…use the tools CyberChef already had. To explain in detail what’s happening here: I copy/paste the text from the challenge into the input field. Then I found the “To Upper Case” action on the left of CyberChef’s page in the “Operations” section. Similarly, I found the “Substitute” operations and dragged it below the “To Upper Case” action, because it happens second (the actions happen from top to bottom). At this point I was done–Cyberchef instantaneously output the processed text, bringing us to the flag text you see above. You can follow this link to see the exact Cyberchef configuration, and play around with it.

I hope you found this instructive. The two main takeaways here are to understand what Caesar’s cipher is, and to get a look at CyberChef.

For a hand-picked list of write-ups gleaned from MetaCTF's discord check this document I've put together. For even more writeups check here.

MetaCTF CyberGames 2021: A to Z Read More »

Starting A New Career

I passed the 5 year mark for my Asian residence this past Summer. What started as a bit of an aimless wander has turned into a comfortable life, complete with domestic bliss and a good job. However, those who know me best will remember how I railed against the idea of working in education in my youth. Somehow, despite these youthful protests I’ve spent more time working in education (between GHP and my work in Vietnam) than in any other field.

Now don’t get me wrong — I have really enjoyed this foray into teacherdom. There’s no doubt about it: teaching is hard. After 5 years of practice I still feel like a beginner — maybe just barely moving into the intermediate range now. I honestly consider education to be a field where (unless you’ve got a special gift or inhuman work ethic) you can’t consider yourself even “good” until you’ve put in a decade of practice. That said, I know folks who have taught for 10 years who are also quite sure they’re not good. So.

Doing hard things feels good, at least after you’ve overcome the initial trepidation and sense of drowning. That all passed a few years ago, and now I can walk into a classroom of any age/size and operate with comfort. It’s a confidence that gets shared across all other avenues of my life. Also, I expect that no matter what the future holds, being able to teach will always be a skill in demand.

I could comfortably continue to work my way up the skill/job ladder. There’s a lot of earning potential and exciting aspects to the future of education. For example, COVID saw a massive shift towards online offerings, which thrills me. After years in the Boy Scouts learning “leadership skills” I’m afforded ample opportunities to practice and build them with my current management position. The company I work for is wonderful, with an A+ culture of respect from the top to the bottom. But.

But for some reason I can’t shake the feeling that I’m not living up to my potential. Maybe it’s some Freudian slap making my cheeks burn when I hear my mother’s voice urging me to do something more. Maybe it’s just realizing there’s not a lot of connection between a math degree and managing a learning center. Perhaps its all my brilliant coworkers who are pursuing graduate degrees, setting an example of not resting on one’s laurels. Regardless of the cause, I’ve been racking my brain for the last 2 years (especially) in search of what’s next.

Two weeks ago it finally hit me. I’d eaten some THC gummies to enjoy the end of a hard-working week and in that space of creative flow I was walking from the kitchen to my room when I realized what I want to do next. I’d read an article a few weeks prior to that talking about the growing demand and lack of supply for cybersecurity experts. I guess my mind had finished processing this and connecting up all the wires because in that moment I had the mental equivalent of a cheesy Vegas neon sign light up: “Cybersecurity Career (Free Buffet)”.

I got started playing around with computers when I was 8 when our first Windows 95 PC appeared. I remember diving into every single menu and setting as a warmer, and then picking up some C programming books at the library, excited to join the fray of sexy, anonymous hackers. Well…admittedly I quickly gave up on the programming, but the tinkering never stopped. I ended up writing my first public program as a response to a project assigned in a middle school class, in QBasic. I don’t remember the details, but I remember working on it with my old man and the teacher giving me top marks with zero feedback, because clearly she didn’t know how it worked (thank god–I’m sure it was awful).

Over the ensuing decades (I’m 30, I can talk about living for decades now) I had many more little projects. An idea pops up, or maybe I’d just go through some tutorials online. I picked up the most basic of skills bit by bit, never really feeling like I was doing anything impressive, clearly aware of how I’d be ridiculed if I showed up at DEF CON with my paltry skills. I kept telling myself the story that computers were a hobby at most, and the dream of being some kind of computer wizard weren’t realistic.

Well…take one article on the growing need for cybersecurity, decades of tinkering and learning a wide (but shallow) range of basics, and the confidence that comes from buying a one-way ticket to Asia and building a career and you get…a sudden realization that one of my earliest childhood dreams isn’t actually out of reach.

But for the first time in a long time I know what I want to do, and I have the confidence and patience to get there.

I’m two weeks into researching next steps, and to be clear I’m still essentially a novice in any area that counts. There are many paths into the field, and many areas of specialization. If I’m lucky I’m 5 years away from being able to properly call myself an ethical hacker…by some more conservative measures it’s going to be another decade.

But for the first time in a long time I know what I want to do, and I have the confidence and patience to get there. I’ve got no specific goals around blogging, but I think it would be interesting for me to keep some records of the journey, so I expect I’ll have some more posts about things as I go. Stay tuned.

Starting A New Career Read More »

Scroll to Top
Scroll to Top