+ 
+ I tackled buffer overflows, reversed Android apps, cracked crypto puzzles, and …
+What do you do when a rogue process might be malware, or maybe just a poorly named service? What happens when your teammate refuses to act unless something is “officially malicious”? The team faced cultural clashes, communication breakdowns and stress-testing of both systems and people.
The exercise required more than technical fixes. It demanded communication with simulated commanders, media and public stakeholders. Reporting became just as important as patching. It taught participants how to translate technical impact into real-world consequences. Not “port 8443 unreachable”, but “our air defence system is degraded, and we cannot fly planes”.
A new but powerful presence in the simulation was the Black Team, a rapid-response unit deployed when problems became too complex for any single team. Acting like special forces, they jumped in when incidents crossed team boundaries or demanded unconventional solutions. Their mission was to find out what was happening, assess the impact and suggest fast, creative responses. Introduced just last year, this team quickly proved its value again in 2025. They even embraced the role with style — “you can wear sunglasses inside” became their unofficial motto.
+A new but powerful presence in the simulation was the Black Team, a rapid-response unit deployed when problems became too complex for any single team. Acting like special forces, they jumped in when incidents crossed team boundaries or demanded unconventional solutions. Their mission was to find out what was happening, assess the impact and suggest fast, creative responses. Introduced just last year, this team quickly proved its value again in 2025. They even embraced the role with style “you can wear sunglasses inside” became their unofficial motto.
Their presence underlined a critical lesson: not every problem fits neatly within a team’s silo. Real-world defence requires flexibility, speed and lateral thinking.
There were plenty of mishaps. Misfired scripts, team mix-ups, and one case where a DNS setup from a previous year was reused by mistake. Someone tried renaming cut to shutdown, breaking essential operations until it was fixed. Systems rebooted into chaos, a manual was uploaded to public GitHub, and the team had to quickly learn the difference between symbolic links and real binaries.
+ alt="Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience"
+ width="634"
+ height="156" />
Howest’s ongoing commitment to world-class cybersecurity training took center stage again as six lecturers from the Cyber Security program joined forces with experts from Latvia, Luxembourg and Belgium in one of NATO’s most intensive simulations: the Locked Shields exercise, hosted by the Cooperative Cyber Defence Centre of Excellence (CCDCOE). Now in its fifth year of participation, the Howest team shared their firsthand experiences at a special evening talk at Howest Bruges.
-Locked Shields is no ordinary simulation. It is a full-scale, live-fire cyber defence exercise involving more than 6,000 machines and a narrative scenario so detailed it includes geopolitics, disinformation and even fictional countries. This year, the Blue Team 03 (our team) defended a simulated nation’s critical infrastructure including power plants, satellites, 5G networks and banking systems, all while under constant attack from a coordinated Red Team using automated scripts and over 28,000 attacks across two days.
-And yes, every team (Red, Blue, Yellow, White) uses Ansible. For everything.
-What do you do when a rogue process might be malware, or maybe just a poorly named service? What happens when your teammate refuses to act unless something is “officially malicious”? The team faced cultural clashes, communication breakdowns and stress-testing of both systems and people.
-The exercise required more than technical fixes. It demanded communication with simulated commanders, media and public stakeholders. Reporting became just as important as patching. It taught participants how to translate technical impact into real-world consequences. Not “port 8443 unreachable”, but “our air defence system is degraded, and we cannot fly planes”.
-A new but powerful presence in the simulation was the Black Team, a rapid-response unit deployed when problems became too complex for any single team. Acting like special forces, they jumped in when incidents crossed team boundaries or demanded unconventional solutions. Their mission was to find out what was happening, assess the impact and suggest fast, creative responses. Introduced just last year, this team quickly proved its value again in 2025. They even embraced the role with style — “you can wear sunglasses inside” became their unofficial motto.
-Their presence underlined a critical lesson: not every problem fits neatly within a team’s silo. Real-world defence requires flexibility, speed and lateral thinking.
-There were plenty of mishaps. Misfired scripts, team mix-ups, and one case where a DNS setup from a previous year was reused by mistake. Someone tried renaming cut to shutdown, breaking essential operations until it was fixed. Systems rebooted into chaos, a manual was uploaded to public GitHub, and the team had to quickly learn the difference between symbolic links and real binaries.
From detecting malware with Velociraptor and Q9, to encountering teammates who took orders literally, the learning was intense. One participant noted that while Belgian and Luxembourg teams prioritized knowledge sharing, others preferred strict protocol. This highlighted cultural differences and the importance of interpersonal skills.
-The biggest lesson? You are never fully prepared. Every iteration of Locked Shields is different. But each one sharpens not only your skills, but also your ability to function as a team under extreme conditions.
-This experience directly impacts the classroom. Inspired by the exercise, Howest is introducing new hands-on courses like “Glutamine” in semester five. Students will be dropped into realistic broken networks, with misconfigurations, fake firewalls and simulated threats. It is chaos, but controlled. And that is the point.
-As one speaker said: “You don’t win Locked Shields. You just survive it better than the rest.”
+On March 14 and 15, I joined the Cyber Security Challenge Belgium qualifiers with three teammates. For two days, we threw ourselves at CTF challenges covering binary exploitation, Android reversing, cryptography, and more.
+What follows is a recap of the challenges I personally worked on, some I solved, some I didn’t—but all of them left me with new skills and new ideas.
+One of the first challenges I picked involved a binary with a basic stack overflow. I used standard techniques, finding the offset, hijacking the return address, and injecting shellcode. Tools like pwntools helped automate the payload crafting. It was a great warm-up and a confidence boost once it worked.
+
+ Then there was a more elaborate cryptography challenge: 18 zip files, each password-protected. We cracked the first three passwords using John the Ripper and got numeric values from them. I searched the sequence in OEIS and found it matched A007408, which gave us the full pattern of passwords.
+Using this, I could extract all zip contents automatically, reconstruct the password-protected message, and finally reveal the flag.
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+ One challenge involved “guessing” a thousand random numbers between 1 and 10. The banner claimed it required infinite luck, but of course, the randomness was seeded. After inspecting the generator, I realized it was deterministic. By precomputing seeds and output sequences, I could match the challenge’s banner to a specific seed and regenerate the entire solution.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ 
+
+ 
+
+
Several APKs were part of the qualifier set. I used JADX to decompile them and FRIDA to patch logic at runtime. In one challenge, I bypassed license validation by forcing key methods to return true and unlocking hidden functionality.
+This one stood out.
+The app used a 4×8 button grid. Pressing buttons loaded a sequence of blockXX files from assets. These were concatenated in-memory and passed into InMemoryDexClassLoader to load a class called be.dauntless.flag.Flag.
Class loadClass = new InMemoryDexClassLoader(ByteBuffer.wrap(byteArrayOutputStream.toByteArray()), getClassLoader())
+ .loadClass("be.dauntless.flag.Flag");
+Each block was a fragment of a DEX file, but the app didn’t tell you the right order. I tried manually inspecting the fragments, identifying methods, string constants, and offsets—to infer how to reassemble the full file. I got close, but didn’t crack it in time.
That challenge stuck with me because it combined static analysis, runtime introspection, and logic reconstruction. It wasn’t just technical, it was creative.
+Another challenge involved a Go-based TLS server that rejected all client connections unless they matched a specific fingerprint. I used Go’s tls.Config to replicate the version, cipher suites, and ALPN:
tls.Config{
+ MinVersion: tls.VersionTLS13,
+ CipherSuites: []uint16{
+ tls.TLS_AES_128_GCM_SHA256,
+ // ...
+ },
+ NextProtos: []string{"h2"},
+}
+Despite that, the server still refused the connection. I suspect it was using JA4 or similar TLS fingerprinting techniques we couldn’t fully emulate. We had to move on, but I’d love to revisit that one someday.
The exercise teaches more than just cybersecurity. It builds trust. It proves that knowing your teammates can be as important as knowing the tools. Whether that comes from a shared flight or a pre-exercise barbecue, it all matters when the pressure hits.
-Want to see how cyber defence works in real life? This is it.
-I didn’t solve everything. But that wasn’t the point. Every challenge was a practical puzzle, something to decode, reverse, bypass, or just understand a little better.
+Working as a team with Evarist, Nathan, and Waut made it even more valuable. We bounced ideas off each other, divided tasks, and got a much broader set of challenges covered.
+The Cyber Security Challenge Belgium qualifiers weren’t easy. But they were the best kind of difficult, the kind that teaches you something whether you solve the problem or not.
Category
+ +
+ Buffer overflows, Android apps, crypto challenges, and a TLS fingerprint puzzle …
+
+ I tackled buffer overflows, reversed Android apps, cracked crypto puzzles, and …
+