update

content/blog/post-1.md

@@ -1,6 +1,6 @@
 ---
 title: "Cyber Defence on the Digital Frontline: A Mission with NATO"
-image: "images/blog/blog-2.jpg"
+image: "images/blog/blog-1.jpg"
 date: "2025-05-13 00:00:00 +0000 UTC"
 description: "An inside look into Howest’s participation in NATO’s world-leading cyber defence exercise, Locked Shields."
 categories: ["cybersecurity", "event recap"]
@@ -27,7 +27,7 @@ The exercise required more than technical fixes. It demanded communication with
 
 #### The Black Team: Rapid Response in Action
 
-A new but powerful presence in the simulation was the Black Team, a rapid-response unit deployed when problems became too complex for any single team. Acting like special forces, they jumped in when incidents crossed team boundaries or demanded unconventional solutions. Their mission was to find out what was happening, assess the impact and suggest fast, creative responses. Introduced just last year, this team quickly proved its value again in 2025. They even embraced the role with style — “you can wear sunglasses inside” became their unofficial motto.
+A new but powerful presence in the simulation was the Black Team, a rapid-response unit deployed when problems became too complex for any single team. Acting like special forces, they jumped in when incidents crossed team boundaries or demanded unconventional solutions. Their mission was to find out what was happening, assess the impact and suggest fast, creative responses. Introduced just last year, this team quickly proved its value again in 2025. They even embraced the role with style  “you can wear sunglasses inside” became their unofficial motto.
 
 Their presence underlined a critical lesson: not every problem fits neatly within a team’s silo. Real-world defence requires flexibility, speed and lateral thinking.
 

content/blog/post-2.md

@@ -0,0 +1,85 @@
+---
+title: "Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience"
+image: "images/blog/post-2/binexpl.png"
+date: "2025-03-15 00:00:00 +0000 UTC"
+description: "I tackled buffer overflows, reversed Android apps, cracked crypto puzzles, and solved a 'one-in-a-million' guessing game, but the challenge that stuck with me was rebuilding a fragmented DEX in memory."
+categories: ["cybersecurity", "CTF", "education"]
+draft: false
+---
+
+# Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience
+
+On March 14 and 15, I joined the Cyber Security Challenge Belgium qualifiers with three teammates. For two days, we threw ourselves at CTF challenges covering binary exploitation, Android reversing, cryptography, and more.
+
+What follows is a recap of the challenges I personally worked on, some I solved, some I didn’t—but all of them left me with new skills and new ideas.
+
+#### A Buffer Overflow to Warm Up
+
+One of the first challenges I picked involved a binary with a basic stack overflow. I used standard techniques, finding the offset, hijacking the return address, and injecting shellcode. Tools like `pwntools` helped automate the payload crafting. It was a great warm-up and a confidence boost once it worked.
+
+{{< image src="images/blog/post-2/binexpl.png" caption="Binary Exploitation Flag" alt="alter-text" height="425" width="860" position="center" command="fit" option="q100" class="img-fluid" title="Binary Exploitation Flag" >}}
+
+#### OurEncIsSec: Zip Bombs and OEIS
+
+Then there was a more elaborate cryptography challenge: 18 zip files, each password-protected. We cracked the first three passwords using John the Ripper and got numeric values from them. I searched the sequence in OEIS and found it matched [A007408](https://oeis.org/A007408), which gave us the full pattern of passwords.
+
+Using this, I could extract all zip contents automatically, reconstruct the password-protected message, and finally reveal the flag.
+
+{{< image src="images/blog/post-2/ourencissec.png" caption="Picture of the solution" alt="alter-text" height="425" width="860" position="center" command="fit" option="q100" class="img-fluid" title="OurEncIsSec being cracked" >}}
+
+#### Infinite Luck: One in a Million?
+
+One challenge involved “guessing” a thousand random numbers between 1 and 10. The banner claimed it required infinite luck, but of course, the randomness was seeded. After inspecting the generator, I realized it was deterministic. By precomputing seeds and output sequences, I could match the challenge’s banner to a specific seed and regenerate the entire solution.
+
+![Infinite Luck Banner](images/blog/post-2/infiniteluck.png)
+![Infinite Luck Solved](images/blog/post-2/infiniteluck_solved.png)
+{{< image src="images/blog/post-2/infiniteluck.png" caption="Challange picture" alt="alter-text" height="425" width="860" position="center" command="fit" option="q100" class="img-fluid" title="Binary Exploitation Flag" >}}
+{{< image src="images/blog/post-2/infiniteluck_solved.png" caption="Correct number order" alt="alter-text" height="425" width="860" position="center" command="fit" option="q100" class="img-fluid" title="Binary Exploitation Flag" >}}
+
+
+
+#### Android Reversing: FRIDA and JADX
+
+Several APKs were part of the qualifier set. I used JADX to decompile them and FRIDA to patch logic at runtime. In one challenge, I bypassed license validation by forcing key methods to return true and unlocking hidden functionality.
+
+#### The Challenge That Stuck with Me: Rebuilding a Split DEX
+
+This one stood out.
+
+The app used a 4×8 button grid. Pressing buttons loaded a sequence of `blockXX` files from assets. These were concatenated in-memory and passed into `InMemoryDexClassLoader` to load a class called `be.dauntless.flag.Flag`.
+
+```java
+Class loadClass = new InMemoryDexClassLoader(ByteBuffer.wrap(byteArrayOutputStream.toByteArray()), getClassLoader())
+    .loadClass("be.dauntless.flag.Flag");
+````
+
+Each `block` was a fragment of a DEX file, but the app didn’t tell you the right order. I tried manually inspecting the fragments, identifying methods, string constants, and offsets—to infer how to reassemble the full file. I got close, but didn’t crack it in time.
+
+That challenge stuck with me because it combined static analysis, runtime introspection, and logic reconstruction. It wasn’t just technical, it was creative.
+
+#### The One That Got Away: TLS Fingerprinting
+
+Another challenge involved a Go-based TLS server that rejected all client connections unless they matched a specific fingerprint. I used Go’s `tls.Config` to replicate the version, cipher suites, and ALPN:
+
+```go
+tls.Config{
+    MinVersion: tls.VersionTLS13,
+    CipherSuites: []uint16{
+        tls.TLS_AES_128_GCM_SHA256,
+        // ...
+    },
+    NextProtos: []string{"h2"},
+}
+```
+
+Despite that, the server still refused the connection. I suspect it was using JA4 or similar TLS fingerprinting techniques we couldn’t fully emulate. We had to move on, but I’d love to revisit that one someday.
+
+#### Final Thoughts
+
+I didn’t solve everything. But that wasn’t the point. Every challenge was a practical puzzle, something to decode, reverse, bypass, or just understand a little better.
+
+Working as a team with Evarist, Nathan, and Waut made it even more valuable. We bounced ideas off each other, divided tasks, and got a much broader set of challenges covered.
+
+The Cyber Security Challenge Belgium qualifiers weren’t easy. But they were the best kind of difficult, the kind that teaches you something whether you solve the problem or not.
+
+

content/project/project-2.md

@@ -67,13 +67,13 @@ rc-service nginx start
 rc-update add nginx
 ```
 
-Now my Hugo site is live and served directly as static files—no backend, no database, just HTML, CSS, and JS.
+Now my Hugo site is live and served directly as static files, no backend, no database, just HTML, CSS, and JS.
 
 <br>
 
 ### Why Alpine + Hugo?
 
-Alpine Linux is minimal and fast, perfect for serving static sites with low resource usage. Combined with Hugo’s speed and flexibility, I get a complete, performant setup that I fully control. It’s secure, lightweight, and easy to update—just rebuild and re-upload the `public/` folder.
+Alpine Linux is minimal and fast, perfect for serving static sites with low resource usage. Combined with Hugo’s speed and flexibility, I get a complete, performant setup that I fully control. It’s secure, lightweight, and easy to update, just rebuild and re-upload the `public/` folder.
 
 <br>
 

hugo_stats.json

@@ -77,6 +77,11 @@
       "btn",
       "btn-outline-primary",
       "btn-primary",
+      "caption-Binary-Exploitation-Flag",
+      "caption-Challange-picture",
+      "caption-Correct-number-order",
+      "caption-OurEncIsSec-Screenshot",
+      "caption-Picture-of-the-solution",
       "caption-an-image-caption",
       "card",
       "card-body",
@@ -263,14 +268,25 @@
       "warning"
     ],
     "ids": [
+      "a-buffer-overflow-to-warm-up",
+      "android-reversing-frida-and-jadx",
+      "android-reversing-with-frida-and-jadx",
       "architecture-overview",
       "banner",
+      "binary-exploitation-finding-the-overflow",
       "blockquote",
       "blog",
+      "caption-Binary Exploitation Flag",
+      "caption-Challange picture",
+      "caption-Correct number order",
+      "caption-OurEncIsSec Screenshot",
+      "caption-Picture of the solution",
       "caption-an image caption",
       "code-and-syntax-highlighting",
       "contact",
       "creating-the-hugo-site",
+      "cryptography-and-pattern-matching",
+      "cryptography-guessing-seeds",
       "customization",
       "cyber-defence-on-the-digital-frontline-a-mission-with-nato",
       "drmdtool",
@@ -282,6 +298,7 @@
       "final-thoughts",
       "firstName",
       "five-things-i-took-away",
+      "from-android-reversing-to-broken-tls-my-experience-at-the-cyber-security-challenge-belgium-qualifiers",
       "from-the-battlefield-to-the-classroom",
       "goals-and-use-case",
       "heading-1",
@@ -296,6 +313,7 @@
       "human-factors-and-growth",
       "image",
       "index-page",
+      "infinite-luck-one-in-a-million",
       "inline-html",
       "its-not-just-tech",
       "lastName",
@@ -304,6 +322,7 @@
       "navbar",
       "on-a-mission-with-nato-cyber-defence-on-the-frontline",
       "ordered-list",
+      "ourencissec-zip-bombs-and-oeis",
       "paragraph",
       "phone",
       "portfolio",
@@ -311,12 +330,16 @@
       "progress-page",
       "repository",
       "resume",
+      "reversing-rebuilding-and-failing-better-my-cyber-security-challenge-belgium-qualifier-experience",
       "select-page",
       "sidebarContent",
       "skill",
       "tables",
       "the-black-team-rapid-response-in-action",
+      "the-challenge-that-stuck-with-me-rebuilding-a-split-dex",
       "the-exercise-locked-shields",
+      "the-go-server-that-didnt-budge",
+      "the-one-that-got-away-tls-fingerprinting",
       "toggler",
       "ui-previews",
       "unordered-list",
@@ -326,6 +349,7 @@
       "whats-new",
       "why-alpine--hugo",
       "why-it-mattered",
+      "working-as-a-team",
       "you-cant-prepare-for-this",
       "youtube-video"
     ]

public/blog/index.html

@@ -470,27 +470,27 @@
         <picture>
           <source
             
-              srcset="/images/blog/blog-2_hu_dcdbc2fa445f98d0.webp"
+              srcset="/images/blog/blog-1_hu_dcdbc2fa445f98d0.webp"
             
             media="(max-width: 575px)" />
           <source
             
-              srcset="/images/blog/blog-2_hu_f9ab0f5f2b4013b3.webp"
+              srcset="/images/blog/blog-1_hu_f9ab0f5f2b4013b3.webp"
             
             media="(max-width: 767px)" />
           <source
             
-              srcset="/images/blog/blog-2_hu_4b1782fd1a15e83b.webp"
+              srcset="/images/blog/blog-1_hu_4b1782fd1a15e83b.webp"
             
             media="(max-width: 991px)" />
           <source
             
-              srcset="/images/blog/blog-2_hu_c69497547b6be0b8.webp"
+              srcset="/images/blog/blog-1_hu_c69497547b6be0b8.webp"
              />
           <img
             
               loading="lazy" decoding="async"
-              src="/images/blog/blog-2_hu_8dd81870b6dccbe7.jpg"
+              src="/images/blog/blog-1_hu_8dd81870b6dccbe7.jpg"
             class=" w-100 img"
             alt="Cyber Defence on the Digital Frontline: A Mission with NATO"
             width="768"
@@ -540,6 +540,163 @@
   </article>
 </div>
           
+          <div class="blog-post mb-4">
+  <article class="card bg-transparent border-0 p-1">
+    
+    <a href="/blog/post-2/" class="rounded-2 overflow-hidden" data-aos="fade-up">
+      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+
+
+
+
+
+  
+
+  
+  
+    
+      
+    
+
+
+    
+    
+
+
+    
+    
+      
+      
+    
+    
+    
+
+
+    
+    
+      
+      
+        
+
+        
+        
+        
+        
+        
+        
+        
+
+
+        
+        
+
+
+        <picture>
+          <source
+            
+              srcset="/images/blog/post-2/binexpl_hu_87c8bee28ebae804.webp"
+            
+            media="(max-width: 575px)" />
+          <source
+            
+              srcset="/images/blog/post-2/binexpl_hu_935160fb8df57d09.webp"
+            
+            media="(max-width: 767px)" />
+          <source
+            
+              srcset="/images/blog/post-2/binexpl_hu_6c7b74fb7ea6923.webp"
+            
+            media="(max-width: 991px)" />
+          <source
+            
+              srcset="/images/blog/post-2/binexpl_hu_62abc2aca7882dbf.webp"
+             />
+          <img
+            
+              loading="lazy" decoding="async"
+              src="/images/blog/post-2/binexpl_hu_fd757ee89fe03225.png"
+            class=" w-100 img"
+            alt="Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience"
+            width="634"
+            height="156" />
+        </picture>
+      
+      
+    
+    
+  
+
+
+  
+
+
+    </a>
+    
+
+    <div class="card-body pt-4 px-0">
+      <ul class="list-inline post-meta mb-3 mt-2" data-aos="fade-up" data-aos-delay="50">
+        <li class="list-inline-item">
+          <i class="fa-solid fa-calendar-days me-2"></i>15 Mar 2025
+        </li>
+        <li class="list-inline-item">
+          <i class="fa-solid fa-folder-open me-2"></i>
+          
+          
+            
+            <a href="http://192.168.90.54:1313/categories/cybersecurity" class="meta-link">Cybersecurity</a>,
+            
+          
+            
+            <a href="http://192.168.90.54:1313/categories/ctf" class="meta-link">CTF</a>,
+            
+          
+            
+            <a href="http://192.168.90.54:1313/categories/education" class="meta-link">Education</a>
+            
+          
+        </li>
+      </ul>
+      <div data-aos="fade-up" data-aos-delay="100">
+        <h3 class="h5 card-title fw-normal mb-3">
+          <a class="text-white" href="/blog/post-2/">Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience</a>
+        </h3>
+        <p class="card-text mb-4">I tackled buffer overflows, reversed Android apps, cracked crypto puzzles, and …</p>
+      </div>
+
+      <a href="/blog/post-2/" class="card-btn text-primary d-inline-block" data-aos="fade-up" data-aos-delay="150">Read More <i class="fa-solid fa-arrow-right-long"></i></a>
+    </div>
+  </article>
+</div>
+          
         </div>
       </div>
     </div>

public/blog/index.xml

@@ -15,5 +15,12 @@
       <guid>http://192.168.90.54:1313/blog/post-1/</guid>
       <description>&lt;h1 id=&#34;cyber-defence-on-the-digital-frontline-a-mission-with-nato&#34;&gt;Cyber Defence on the Digital Frontline: A Mission with NATO&lt;/h1&gt;&#xA;&lt;h4 id=&#34;on-a-mission-with-nato-cyber-defence-on-the-frontline&#34;&gt;On a Mission with NATO: Cyber Defence on the Frontline&lt;/h4&gt;&#xA;&lt;p&gt;Howest’s ongoing commitment to world-class cybersecurity training took center stage again as six lecturers from the Cyber Security program joined forces with experts from Latvia, Luxembourg and Belgium in one of NATO&amp;rsquo;s most intensive simulations: the Locked Shields exercise, hosted by the Cooperative Cyber Defence Centre of Excellence (CCDCOE). Now in its fifth year of participation, the Howest team shared their firsthand experiences at a special evening talk at Howest Bruges.&lt;/p&gt;</description>
     </item>
+    <item>
+      <title>Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience</title>
+      <link>http://192.168.90.54:1313/blog/post-2/</link>
+      <pubDate>Sat, 15 Mar 2025 00:00:00 +0000</pubDate>
+      <guid>http://192.168.90.54:1313/blog/post-2/</guid>
+      <description>&lt;h1 id=&#34;reversing-rebuilding-and-failing-better-my-cyber-security-challenge-belgium-qualifier-experience&#34;&gt;Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience&lt;/h1&gt;&#xA;&lt;p&gt;On March 14 and 15, I joined the Cyber Security Challenge Belgium qualifiers with three teammates. For two days, we threw ourselves at CTF challenges covering binary exploitation, Android reversing, cryptography, and more.&lt;/p&gt;</description>
+    </item>
   </channel>
 </rss>

public/blog/post-1/index.html

@@ -159,8 +159,8 @@
       
       
       
-        <meta property="og:image" content="http://192.168.90.54:1313/images/blog/blog-2.jpg" />
+        <meta property="og:image" content="http://192.168.90.54:1313/images/blog/blog-1.jpg" />
-        <meta name="twitter:image" content="http://192.168.90.54:1313/images/blog/blog-2.jpg" />
+        <meta name="twitter:image" content="http://192.168.90.54:1313/images/blog/blog-1.jpg" />
         <meta
           name="twitter:card"
           content="summary_large_image" />
@@ -487,27 +487,27 @@
         <picture>
           <source
             
-              srcset="/images/blog/blog-2_hu_dcdbc2fa445f98d0.webp"
+              srcset="/images/blog/blog-1_hu_dcdbc2fa445f98d0.webp"
             
             media="(max-width: 575px)" />
           <source
             
-              srcset="/images/blog/blog-2_hu_f9ab0f5f2b4013b3.webp"
+              srcset="/images/blog/blog-1_hu_f9ab0f5f2b4013b3.webp"
             
             media="(max-width: 767px)" />
           <source
             
-              srcset="/images/blog/blog-2_hu_4b1782fd1a15e83b.webp"
+              srcset="/images/blog/blog-1_hu_4b1782fd1a15e83b.webp"
             
             media="(max-width: 991px)" />
           <source
             
-              srcset="/images/blog/blog-2_hu_c69497547b6be0b8.webp"
+              srcset="/images/blog/blog-1_hu_c69497547b6be0b8.webp"
              />
           <img
             
               loading="lazy" decoding="async"
-              src="/images/blog/blog-2_hu_8dd81870b6dccbe7.jpg"
+              src="/images/blog/blog-1_hu_8dd81870b6dccbe7.jpg"
             class=" featured-image mb-5 rounded-3 img"
             alt="Cyber Defence on the Digital Frontline: A Mission with NATO"
             width="768"
@@ -537,7 +537,7 @@
 <p>What do you do when a rogue process might be malware, or maybe just a poorly named service? What happens when your teammate refuses to act unless something is “officially malicious”? The team faced cultural clashes, communication breakdowns and stress-testing of both systems and people.</p>
 <p>The exercise required more than technical fixes. It demanded communication with simulated commanders, media and public stakeholders. Reporting became just as important as patching. It taught participants how to translate technical impact into real-world consequences. Not &ldquo;port 8443 unreachable&rdquo;, but &ldquo;our air defence system is degraded, and we cannot fly planes&rdquo;.</p>
 <h4 id="the-black-team-rapid-response-in-action">The Black Team: Rapid Response in Action</h4>
-<p>A new but powerful presence in the simulation was the Black Team, a rapid-response unit deployed when problems became too complex for any single team. Acting like special forces, they jumped in when incidents crossed team boundaries or demanded unconventional solutions. Their mission was to find out what was happening, assess the impact and suggest fast, creative responses. Introduced just last year, this team quickly proved its value again in 2025. They even embraced the role with style — “you can wear sunglasses inside” became their unofficial motto.</p>
+<p>A new but powerful presence in the simulation was the Black Team, a rapid-response unit deployed when problems became too complex for any single team. Acting like special forces, they jumped in when incidents crossed team boundaries or demanded unconventional solutions. Their mission was to find out what was happening, assess the impact and suggest fast, creative responses. Introduced just last year, this team quickly proved its value again in 2025. They even embraced the role with style  “you can wear sunglasses inside” became their unofficial motto.</p>
 <p>Their presence underlined a critical lesson: not every problem fits neatly within a team’s silo. Real-world defence requires flexibility, speed and lateral thinking.</p>
 <h4 id="highlights-and-blooper-reel">Highlights and Blooper Reel</h4>
 <p>There were plenty of mishaps. Misfired scripts, team mix-ups, and one case where a DNS setup from a previous year was reused by mistake. Someone tried renaming <code>cut</code> to <code>shutdown</code>, breaking essential operations until it was fixed. Systems rebooted into chaos, a manual was uploaded to public GitHub, and the team had to quickly learn the difference between symbolic links and real binaries.</p>

public/blog/post-2/index.html

@@ -4,7 +4,7 @@
 <head><script src="/livereload.js?mindelay=10&amp;v=2&amp;port=1313&amp;path=livereload" data-no-instant defer></script>
   
   <meta charset="utf-8" />
-<title>Cyber Defence on the Digital Frontline: A Mission with NATO</title>
+<title>Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience</title>
 
 
 <meta
@@ -81,7 +81,7 @@
   
 
 
-<title>Cyber Defence on the Digital Frontline: A Mission with NATO</title>
+<title>Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience</title>
 
 
 
@@ -106,7 +106,7 @@
 
 <meta
   name="description"
-  content="An inside look into Howest’s participation in NATO’s world-leading cyber defence exercise, Locked Shields." />
+  content="I tackled buffer overflows, reversed Android apps, cracked crypto puzzles, and solved a &#39;one-in-a-million&#39; guessing game, but the challenge that stuck with me was rebuilding a fragmented DEX in memory." />
 
 
 
@@ -159,22 +159,22 @@
       
       
       
-        <meta property="og:image" content="http://192.168.90.54:1313/images/blog/blog-2.jpg" />
+        <meta property="og:image" content="http://192.168.90.54:1313/images/blog/post-2/binexpl.png" />
-        <meta name="twitter:image" content="http://192.168.90.54:1313/images/blog/blog-2.jpg" />
+        <meta name="twitter:image" content="http://192.168.90.54:1313/images/blog/post-2/binexpl.png" />
         <meta
           name="twitter:card"
-          content="summary_large_image" />
+          content="summary" />
       
       
-      <meta property="og:image:width" content="768" />
+      <meta property="og:image:width" content="634" />
-      <meta property="og:image:height" content="512" />
+      <meta property="og:image:height" content="156" />
     
 
 
     
     <meta
       property="og:image:type"
-      content="image/.jpg" />
+      content="image/.png" />
   
 
 
@@ -184,14 +184,14 @@
 
 
 
-<meta property="og:title" content="Cyber Defence on the Digital Frontline: A Mission with NATO" />
+<meta property="og:title" content="Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience" />
-<meta property="og:description" content="An inside look into Howest’s participation in NATO’s world-leading cyber defence exercise, Locked Shields." />
+<meta property="og:description" content="I tackled buffer overflows, reversed Android apps, cracked crypto puzzles, and solved a &#39;one-in-a-million&#39; guessing game, but the challenge that stuck with me was rebuilding a fragmented DEX in memory." />
 <meta property="og:type" content="website" />
 <meta property="og:url" content="http://192.168.90.54:1313/blog/post-2/" />
 
 
-<meta name="twitter:title" content="Cyber Defence on the Digital Frontline: A Mission with NATO" />
+<meta name="twitter:title" content="Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience" />
-<meta name="twitter:description" content="An inside look into Howest’s participation in NATO’s world-leading cyber defence exercise, Locked Shields." />
+<meta name="twitter:description" content="I tackled buffer overflows, reversed Android apps, cracked crypto puzzles, and solved a &#39;one-in-a-million&#39; guessing game, but the challenge that stuck with me was rebuilding a fragmented DEX in memory." />
 
 
 
@@ -383,11 +383,11 @@
       <div class="col-xxl-10 mx-auto" data-aos="fade-up" data-aos-delay="100">
         <article>
           <button class="text-primary mb-5 border-0 bg-transparent" onclick="history.back()"><i class="fa-solid fa-backward me-2"></i>Back</button>
-          <h1 class="text-capitalize h3 mb-4">Cyber Defence on the Digital Frontline: A Mission with NATO</h1>
+          <h1 class="text-capitalize h3 mb-4">Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience</h1>
           <div class="post-meta d-flex flex-wrap flex-lg-nowrap align-items-center mb-4">
             <ul class="list-inline me-5">
               <li class="list-inline-item">
-                <i class="fa-solid fa-calendar-days me-2"></i>13 May 2025
+                <i class="fa-solid fa-calendar-days me-2"></i>15 Mar 2025
               </li>
               <li class="list-inline-item">
                 <i class="fa-solid fa-folder-open me-2"></i>
@@ -398,12 +398,16 @@
                   
                 
                   
-                  <a href="http://192.168.90.54:1313/categories/event-recap" class="meta-link">Event Recap</a>
+                  <a href="http://192.168.90.54:1313/categories/ctf" class="meta-link">CTF</a>,
+                  
+                
+                  
+                  <a href="http://192.168.90.54:1313/categories/education" class="meta-link">Education</a>
                   
                 
               </li>
             </ul>
-            <span>Last updated on May 13, 2025</span>
+            <span>Last updated on Mar 15, 2025</span>
           </div>
 
           
@@ -487,31 +491,31 @@
         <picture>
           <source
             
-              srcset="/images/blog/blog-2_hu_dcdbc2fa445f98d0.webp"
+              srcset="/images/blog/post-2/binexpl_hu_87c8bee28ebae804.webp"
             
             media="(max-width: 575px)" />
           <source
             
-              srcset="/images/blog/blog-2_hu_f9ab0f5f2b4013b3.webp"
+              srcset="/images/blog/post-2/binexpl_hu_935160fb8df57d09.webp"
             
             media="(max-width: 767px)" />
           <source
             
-              srcset="/images/blog/blog-2_hu_4b1782fd1a15e83b.webp"
+              srcset="/images/blog/post-2/binexpl_hu_6c7b74fb7ea6923.webp"
             
             media="(max-width: 991px)" />
           <source
             
-              srcset="/images/blog/blog-2_hu_c69497547b6be0b8.webp"
+              srcset="/images/blog/post-2/binexpl_hu_62abc2aca7882dbf.webp"
              />
           <img
             
               loading="lazy" decoding="async"
-              src="/images/blog/blog-2_hu_8dd81870b6dccbe7.jpg"
+              src="/images/blog/post-2/binexpl_hu_fd757ee89fe03225.png"
             class=" featured-image mb-5 rounded-3 img"
-            alt="Cyber Defence on the Digital Frontline: A Mission with NATO"
+            alt="Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience"
-            width="768"
+            width="634"
-            height="512" />
+            height="156" />
         </picture>
       
       
@@ -527,30 +531,485 @@
           
 
           <div class="content">
-            <h1 id="cyber-defence-on-the-digital-frontline-a-mission-with-nato">Cyber Defence on the Digital Frontline: A Mission with NATO</h1>
+            <h1 id="reversing-rebuilding-and-failing-better-my-cyber-security-challenge-belgium-qualifier-experience">Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience</h1>
-<h4 id="on-a-mission-with-nato-cyber-defence-on-the-frontline">On a Mission with NATO: Cyber Defence on the Frontline</h4>
+<p>On March 14 and 15, I joined the Cyber Security Challenge Belgium qualifiers with three teammates. For two days, we threw ourselves at CTF challenges covering binary exploitation, Android reversing, cryptography, and more.</p>
-<p>Howest’s ongoing commitment to world-class cybersecurity training took center stage again as six lecturers from the Cyber Security program joined forces with experts from Latvia, Luxembourg and Belgium in one of NATO&rsquo;s most intensive simulations: the Locked Shields exercise, hosted by the Cooperative Cyber Defence Centre of Excellence (CCDCOE). Now in its fifth year of participation, the Howest team shared their firsthand experiences at a special evening talk at Howest Bruges.</p>
+<p>What follows is a recap of the challenges I personally worked on, some I solved, some I didn’t—but all of them left me with new skills and new ideas.</p>
-<h4 id="the-exercise-locked-shields">The Exercise: Locked Shields</h4>
+<h4 id="a-buffer-overflow-to-warm-up">A Buffer Overflow to Warm Up</h4>
-<p>Locked Shields is no ordinary simulation. It is a full-scale, live-fire cyber defence exercise involving more than 6,000 machines and a narrative scenario so detailed it includes geopolitics, disinformation and even fictional countries. This year, the Blue Team 03 (our team) defended a simulated nation’s critical infrastructure including power plants, satellites, 5G networks and banking systems, all while under constant attack from a coordinated Red Team using automated scripts and over 28,000 attacks across two days.</p>
+<p>One of the first challenges I picked involved a binary with a basic stack overflow. I used standard techniques, finding the offset, hijacking the return address, and injecting shellcode. Tools like <code>pwntools</code> helped automate the payload crafting. It was a great warm-up and a confidence boost once it worked.</p>
-<p>And yes, every team (Red, Blue, Yellow, White) uses Ansible. For everything.</p>
+
-<h4 id="high-stakes-real-lessons">High Stakes, Real Lessons</h4>
+
-<p>What do you do when a rogue process might be malware, or maybe just a poorly named service? What happens when your teammate refuses to act unless something is “officially malicious”? The team faced cultural clashes, communication breakdowns and stress-testing of both systems and people.</p>
+
-<p>The exercise required more than technical fixes. It demanded communication with simulated commanders, media and public stakeholders. Reporting became just as important as patching. It taught participants how to translate technical impact into real-world consequences. Not &ldquo;port 8443 unreachable&rdquo;, but &ldquo;our air defence system is degraded, and we cannot fly planes&rdquo;.</p>
+
-<h4 id="the-black-team-rapid-response-in-action">The Black Team: Rapid Response in Action</h4>
+
-<p>A new but powerful presence in the simulation was the Black Team, a rapid-response unit deployed when problems became too complex for any single team. Acting like special forces, they jumped in when incidents crossed team boundaries or demanded unconventional solutions. Their mission was to find out what was happening, assess the impact and suggest fast, creative responses. Introduced just last year, this team quickly proved its value again in 2025. They even embraced the role with style — “you can wear sunglasses inside” became their unofficial motto.</p>
+
-<p>Their presence underlined a critical lesson: not every problem fits neatly within a team’s silo. Real-world defence requires flexibility, speed and lateral thinking.</p>
+
-<h4 id="highlights-and-blooper-reel">Highlights and Blooper Reel</h4>
+
-<p>There were plenty of mishaps. Misfired scripts, team mix-ups, and one case where a DNS setup from a previous year was reused by mistake. Someone tried renaming <code>cut</code> to <code>shutdown</code>, breaking essential operations until it was fixed. Systems rebooted into chaos, a manual was uploaded to public GitHub, and the team had to quickly learn the difference between symbolic links and real binaries.</p>
+
-<h4 id="human-factors-and-growth">Human Factors and Growth</h4>
+
-<p>From detecting malware with Velociraptor and Q9, to encountering teammates who took orders literally, the learning was intense. One participant noted that while Belgian and Luxembourg teams prioritized knowledge sharing, others preferred strict protocol. This highlighted cultural differences and the importance of interpersonal skills.</p>
+
-<p>The biggest lesson? You are never fully prepared. Every iteration of Locked Shields is different. But each one sharpens not only your skills, but also your ability to function as a team under extreme conditions.</p>
+
-<h4 id="from-the-battlefield-to-the-classroom">From the Battlefield to the Classroom</h4>
+
-<p>This experience directly impacts the classroom. Inspired by the exercise, Howest is introducing new hands-on courses like “Glutamine” in semester five. Students will be dropped into realistic broken networks, with misconfigurations, fake firewalls and simulated threats. It is chaos, but controlled. And that is the point.</p>
+
-<p>As one speaker said: “You don’t win Locked Shields. You just survive it better than the rest.”</p>
+
+
+
+  
+
+
+
+
+
+  
+  
+  
+
+
+  
+  
+    
+    
+      
+    
+
+    
+
+
+    
+    
+
+
+    
+    
+    
+    
+    
+    
+    
+
+
+    
+    
+      
+      
+
+      
+
+
+      
+
+      
+      
+        
+        
+        
+      
+      
+      
+      
+
+    
+    
+
+    
+    
+      <figure
+        class="img-center"
+        role="group"
+        aria-describedby="caption-Binary Exploitation Flag">
+      
+          <img
+            title="Binary Exploitation Flag"
+            loading="lazy"
+            decoding="async"
+            class="img img-fluid"
+            width="634"
+            height="156"
+            src="/images/blog/post-2/binexpl_hu_c4ad8346ff8a0dac.webp"
+            alt="alter-text"
+            onerror="this.onerror='null';this.src='\/images\/blog\/post-2\/binexpl_hu_2b8858450dae90c.png'" />
+      
+        <figcaption id="caption-Binary Exploitation Flag" class="caption-Binary-Exploitation-Flag">
+          Binary Exploitation Flag
+        </figcaption>
+      </figure>
+    
+
+  
+  
+
+
+
+
+
+
+  <script>
+    window.addEventListener("load", (e) => {
+      const lightbox = GLightbox();
+    });
+  </script>
+
+
+<h4 id="ourencissec-zip-bombs-and-oeis">OurEncIsSec: Zip Bombs and OEIS</h4>
+<p>Then there was a more elaborate cryptography challenge: 18 zip files, each password-protected. We cracked the first three passwords using John the Ripper and got numeric values from them. I searched the sequence in OEIS and found it matched <a href="https://oeis.org/A007408"
+
+
+
+
+ target="_blank"
+ 
+
+
+>A007408</a>, which gave us the full pattern of passwords.</p>
+<p>Using this, I could extract all zip contents automatically, reconstruct the password-protected message, and finally reveal the flag.</p>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+
+
+
+
+
+  
+  
+  
+
+
+  
+  
+    
+    
+      
+    
+
+    
+
+
+    
+    
+
+
+    
+    
+    
+    
+    
+    
+    
+
+
+    
+    
+      
+      
+
+      
+
+
+      
+
+      
+      
+        
+        
+        
+      
+      
+      
+      
+
+    
+    
+
+    
+    
+      <figure
+        class="img-center"
+        role="group"
+        aria-describedby="caption-Picture of the solution">
+      
+          <img
+            title="OurEncIsSec being cracked"
+            loading="lazy"
+            decoding="async"
+            class="img img-fluid"
+            width="860"
+            height="304"
+            src="/images/blog/post-2/ourencissec_hu_d55d42cf9aa95894.webp"
+            alt="alter-text"
+            onerror="this.onerror='null';this.src='\/images\/blog\/post-2\/ourencissec_hu_12ab834545d390f3.png'" />
+      
+        <figcaption id="caption-Picture of the solution" class="caption-Picture-of-the-solution">
+          Picture of the solution
+        </figcaption>
+      </figure>
+    
+
+  
+  
+
+
+
+
+
+
+
+<h4 id="infinite-luck-one-in-a-million">Infinite Luck: One in a Million?</h4>
+<p>One challenge involved “guessing” a thousand random numbers between 1 and 10. The banner claimed it required infinite luck, but of course, the randomness was seeded. After inspecting the generator, I realized it was deterministic. By precomputing seeds and output sequences, I could match the challenge’s banner to a specific seed and regenerate the entire solution.</p>
+<p><img src="images/blog/post-2/infiniteluck.png" alt="Infinite Luck Banner">
+<img src="images/blog/post-2/infiniteluck_solved.png" alt="Infinite Luck Solved">
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+
+
+
+
+
+  
+  
+  
+
+
+  
+  
+    
+    
+      
+    
+
+    
+
+
+    
+    
+
+
+    
+    
+    
+    
+    
+    
+    
+
+
+    
+    
+      
+      
+
+      
+
+
+      
+
+      
+      
+        
+        
+        
+      
+      
+      
+      
+
+    
+    
+
+    
+    
+      <figure
+        class="img-center"
+        role="group"
+        aria-describedby="caption-Challange picture">
+      
+          <img
+            title="Binary Exploitation Flag"
+            loading="lazy"
+            decoding="async"
+            class="img img-fluid"
+            width="841"
+            height="244"
+            src="/images/blog/post-2/infiniteluck_hu_953e025153d002b1.webp"
+            alt="alter-text"
+            onerror="this.onerror='null';this.src='\/images\/blog\/post-2\/infiniteluck_hu_b9a0d6c771061779.png'" />
+      
+        <figcaption id="caption-Challange picture" class="caption-Challange-picture">
+          Challange picture
+        </figcaption>
+      </figure>
+    
+
+  
+  
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+
+
+
+
+
+  
+  
+  
+
+
+  
+  
+    
+    
+      
+    
+
+    
+
+
+    
+    
+
+
+    
+    
+    
+    
+    
+    
+    
+
+
+    
+    
+      
+      
+
+      
+
+
+      
+
+      
+      
+        
+        
+        
+      
+      
+      
+      
+
+    
+    
+
+    
+    
+      <figure
+        class="img-center"
+        role="group"
+        aria-describedby="caption-Correct number order">
+      
+          <img
+            title="Binary Exploitation Flag"
+            loading="lazy"
+            decoding="async"
+            class="img img-fluid"
+            width="638"
+            height="196"
+            src="/images/blog/post-2/infiniteluck_solved_hu_d93ed737be1e3c68.webp"
+            alt="alter-text"
+            onerror="this.onerror='null';this.src='\/images\/blog\/post-2\/infiniteluck_solved_hu_a866f113a85dec5c.png'" />
+      
+        <figcaption id="caption-Correct number order" class="caption-Correct-number-order">
+          Correct number order
+        </figcaption>
+      </figure>
+    
+
+  
+  
+
+
+
+
+
+
+</p>
+<h4 id="android-reversing-frida-and-jadx">Android Reversing: FRIDA and JADX</h4>
+<p>Several APKs were part of the qualifier set. I used JADX to decompile them and FRIDA to patch logic at runtime. In one challenge, I bypassed license validation by forcing key methods to return true and unlocking hidden functionality.</p>
+<h4 id="the-challenge-that-stuck-with-me-rebuilding-a-split-dex">The Challenge That Stuck with Me: Rebuilding a Split DEX</h4>
+<p>This one stood out.</p>
+<p>The app used a 4×8 button grid. Pressing buttons loaded a sequence of <code>blockXX</code> files from assets. These were concatenated in-memory and passed into <code>InMemoryDexClassLoader</code> to load a class called <code>be.dauntless.flag.Flag</code>.</p>
+<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-java" data-lang="java"><span style="display:flex;"><span>Class loadClass <span style="color:#f92672">=</span> <span style="color:#66d9ef">new</span> InMemoryDexClassLoader(ByteBuffer.<span style="color:#a6e22e">wrap</span>(byteArrayOutputStream.<span style="color:#a6e22e">toByteArray</span>()), getClassLoader())
+</span></span><span style="display:flex;"><span>    .<span style="color:#a6e22e">loadClass</span>(<span style="color:#e6db74">&#34;be.dauntless.flag.Flag&#34;</span>);
+</span></span></code></pre></div><p>Each <code>block</code> was a fragment of a DEX file, but the app didn’t tell you the right order. I tried manually inspecting the fragments, identifying methods, string constants, and offsets—to infer how to reassemble the full file. I got close, but didn’t crack it in time.</p>
+<p>That challenge stuck with me because it combined static analysis, runtime introspection, and logic reconstruction. It wasn’t just technical, it was creative.</p>
+<h4 id="the-one-that-got-away-tls-fingerprinting">The One That Got Away: TLS Fingerprinting</h4>
+<p>Another challenge involved a Go-based TLS server that rejected all client connections unless they matched a specific fingerprint. I used Go’s <code>tls.Config</code> to replicate the version, cipher suites, and ALPN:</p>
+<div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-go" data-lang="go"><span style="display:flex;"><span><span style="color:#a6e22e">tls</span>.<span style="color:#a6e22e">Config</span>{
+</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">MinVersion</span>: <span style="color:#a6e22e">tls</span>.<span style="color:#a6e22e">VersionTLS13</span>,
+</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">CipherSuites</span>: []<span style="color:#66d9ef">uint16</span>{
+</span></span><span style="display:flex;"><span>        <span style="color:#a6e22e">tls</span>.<span style="color:#a6e22e">TLS_AES_128_GCM_SHA256</span>,
+</span></span><span style="display:flex;"><span>        <span style="color:#75715e">// ...</span>
+</span></span><span style="display:flex;"><span>    },
+</span></span><span style="display:flex;"><span>    <span style="color:#a6e22e">NextProtos</span>: []<span style="color:#66d9ef">string</span>{<span style="color:#e6db74">&#34;h2&#34;</span>},
+</span></span><span style="display:flex;"><span>}
+</span></span></code></pre></div><p>Despite that, the server still refused the connection. I suspect it was using JA4 or similar TLS fingerprinting techniques we couldn’t fully emulate. We had to move on, but I’d love to revisit that one someday.</p>
 <h4 id="final-thoughts">Final Thoughts</h4>
-<p>The exercise teaches more than just cybersecurity. It builds trust. It proves that knowing your teammates can be as important as knowing the tools. Whether that comes from a shared flight or a pre-exercise barbecue, it all matters when the pressure hits.</p>
+<p>I didn’t solve everything. But that wasn’t the point. Every challenge was a practical puzzle, something to decode, reverse, bypass, or just understand a little better.</p>
-<p>Want to see how cyber defence works in real life? This is it.</p>
+<p>Working as a team with Evarist, Nathan, and Waut made it even more valuable. We bounced ideas off each other, divided tasks, and got a much broader set of challenges covered.</p>
-<hr>
+<p>The Cyber Security Challenge Belgium qualifiers weren’t easy. But they were the best kind of difficult, the kind that teaches you something whether you solve the problem or not.</p>
 
           </div>
         </article>

public/categories/ctf/index.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8" standalone="yes"?>
+<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
+  <channel>
+    <title>CTF on Professors - Personal Portfolio Theme</title>
+    <link>http://192.168.90.54:1313/categories/ctf/</link>
+    <description>Recent content in CTF on Professors - Personal Portfolio Theme</description>
+    <generator>Hugo</generator>
+    <language>en</language>
+    <lastBuildDate>Sat, 15 Mar 2025 00:00:00 +0000</lastBuildDate>
+    <atom:link href="http://192.168.90.54:1313/categories/ctf/index.xml" rel="self" type="application/rss+xml" />
+    <item>
+      <title>From Android Reversing to Broken TLS: My Experience at the Cyber Security Challenge Belgium Qualifiers</title>
+      <link>http://192.168.90.54:1313/blog/post-2/</link>
+      <pubDate>Sat, 15 Mar 2025 00:00:00 +0000</pubDate>
+      <guid>http://192.168.90.54:1313/blog/post-2/</guid>
+      <description>&lt;h1 id=&#34;from-android-reversing-to-broken-tls-my-experience-at-the-cyber-security-challenge-belgium-qualifiers&#34;&gt;From Android Reversing to Broken TLS: My Experience at the Cyber Security Challenge Belgium Qualifiers&lt;/h1&gt;&#xA;&lt;p&gt;On March 14 and 15, I participated in the qualifiers of the 2025 Cyber Security Challenge Belgium. Together with three friends, we formed a team and spent two days on the CTF platform solving as many challenges as we could. This post sums up the problems I personally worked on—some I solved, some I didn’t, all of them worth the effort.&lt;/p&gt;</description>
+    </item>
+  </channel>
+</rss>

public/categories/index.xml

@@ -22,6 +22,20 @@
       <guid>http://192.168.90.54:1313/categories/event-recap/</guid>
       <description></description>
     </item>
+    <item>
+      <title>CTF</title>
+      <link>http://192.168.90.54:1313/categories/ctf/</link>
+      <pubDate>Sat, 15 Mar 2025 00:00:00 +0000</pubDate>
+      <guid>http://192.168.90.54:1313/categories/ctf/</guid>
+      <description></description>
+    </item>
+    <item>
+      <title>Education</title>
+      <link>http://192.168.90.54:1313/categories/education/</link>
+      <pubDate>Sat, 15 Mar 2025 00:00:00 +0000</pubDate>
+      <guid>http://192.168.90.54:1313/categories/education/</guid>
+      <description></description>
+    </item>
     <item>
       <title>Book Rack</title>
       <link>http://192.168.90.54:1313/categories/book-rack/</link>
@@ -36,13 +50,6 @@
       <guid>http://192.168.90.54:1313/categories/class-room/</guid>
       <description></description>
     </item>
-    <item>
-      <title>Education</title>
-      <link>http://192.168.90.54:1313/categories/education/</link>
-      <pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
-      <guid>http://192.168.90.54:1313/categories/education/</guid>
-      <description></description>
-    </item>
     <item>
       <title>Library</title>
       <link>http://192.168.90.54:1313/categories/library/</link>

public/index.html

@@ -1374,6 +1374,163 @@
                   <div class="blog-post mb-4">
   <article class="card bg-transparent border-0 p-1">
     
+    <a href="/blog/post-2/" class="rounded-2 overflow-hidden" data-aos="fade-up">
+      
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+  
+
+
+
+
+
+  
+
+  
+  
+    
+      
+    
+
+
+    
+    
+
+
+    
+    
+      
+      
+    
+    
+    
+
+
+    
+    
+      
+      
+        
+
+        
+        
+        
+        
+        
+        
+        
+
+
+        
+        
+
+
+        <picture>
+          <source
+            
+              srcset="/images/blog/post-2/binexpl_hu_87c8bee28ebae804.webp"
+            
+            media="(max-width: 575px)" />
+          <source
+            
+              srcset="/images/blog/post-2/binexpl_hu_935160fb8df57d09.webp"
+            
+            media="(max-width: 767px)" />
+          <source
+            
+              srcset="/images/blog/post-2/binexpl_hu_6c7b74fb7ea6923.webp"
+            
+            media="(max-width: 991px)" />
+          <source
+            
+              srcset="/images/blog/post-2/binexpl_hu_62abc2aca7882dbf.webp"
+             />
+          <img
+            
+              loading="lazy" decoding="async"
+              src="/images/blog/post-2/binexpl_hu_fd757ee89fe03225.png"
+            class=" w-100 img"
+            alt="Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience"
+            width="634"
+            height="156" />
+        </picture>
+      
+      
+    
+    
+  
+
+
+  
+
+
+    </a>
+    
+
+    <div class="card-body pt-4 px-0">
+      <ul class="list-inline post-meta mb-3 mt-2" data-aos="fade-up" data-aos-delay="50">
+        <li class="list-inline-item">
+          <i class="fa-solid fa-calendar-days me-2"></i>15 Mar 2025
+        </li>
+        <li class="list-inline-item">
+          <i class="fa-solid fa-folder-open me-2"></i>
+          
+          
+            
+            <a href="http://192.168.90.54:1313/categories/cybersecurity" class="meta-link">Cybersecurity</a>,
+            
+          
+            
+            <a href="http://192.168.90.54:1313/categories/ctf" class="meta-link">CTF</a>,
+            
+          
+            
+            <a href="http://192.168.90.54:1313/categories/education" class="meta-link">Education</a>
+            
+          
+        </li>
+      </ul>
+      <div data-aos="fade-up" data-aos-delay="100">
+        <h3 class="h5 card-title fw-normal mb-3">
+          <a class="text-white" href="/blog/post-2/">Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience</a>
+        </h3>
+        <p class="card-text mb-4">I tackled buffer overflows, reversed Android apps, cracked crypto puzzles, and …</p>
+      </div>
+
+      <a href="/blog/post-2/" class="card-btn text-primary d-inline-block" data-aos="fade-up" data-aos-delay="150">Read More <i class="fa-solid fa-arrow-right-long"></i></a>
+    </div>
+  </article>
+</div>
+                
+                  <div class="blog-post mb-4">
+  <article class="card bg-transparent border-0 p-1">
+    
     <a href="/blog/post-1/" class="rounded-2 overflow-hidden" data-aos="fade-up">
       
 
@@ -1454,27 +1611,27 @@
         <picture>
           <source
             
-              srcset="/images/blog/blog-2_hu_dcdbc2fa445f98d0.webp"
+              srcset="/images/blog/blog-1_hu_dcdbc2fa445f98d0.webp"
             
             media="(max-width: 575px)" />
           <source
             
-              srcset="/images/blog/blog-2_hu_f9ab0f5f2b4013b3.webp"
+              srcset="/images/blog/blog-1_hu_f9ab0f5f2b4013b3.webp"
             
             media="(max-width: 767px)" />
           <source
             
-              srcset="/images/blog/blog-2_hu_4b1782fd1a15e83b.webp"
+              srcset="/images/blog/blog-1_hu_4b1782fd1a15e83b.webp"
             
             media="(max-width: 991px)" />
           <source
             
-              srcset="/images/blog/blog-2_hu_c69497547b6be0b8.webp"
+              srcset="/images/blog/blog-1_hu_c69497547b6be0b8.webp"
              />
           <img
             
               loading="lazy" decoding="async"
-              src="/images/blog/blog-2_hu_8dd81870b6dccbe7.jpg"
+              src="/images/blog/blog-1_hu_8dd81870b6dccbe7.jpg"
             class=" w-100 img"
             alt="Cyber Defence on the Digital Frontline: A Mission with NATO"
             width="768"

public/index.xml

@@ -29,5 +29,12 @@
       <guid>http://192.168.90.54:1313/blog/post-1/</guid>
       <description>&lt;h1 id=&#34;cyber-defence-on-the-digital-frontline-a-mission-with-nato&#34;&gt;Cyber Defence on the Digital Frontline: A Mission with NATO&lt;/h1&gt;&#xA;&lt;h4 id=&#34;on-a-mission-with-nato-cyber-defence-on-the-frontline&#34;&gt;On a Mission with NATO: Cyber Defence on the Frontline&lt;/h4&gt;&#xA;&lt;p&gt;Howest’s ongoing commitment to world-class cybersecurity training took center stage again as six lecturers from the Cyber Security program joined forces with experts from Latvia, Luxembourg and Belgium in one of NATO&amp;rsquo;s most intensive simulations: the Locked Shields exercise, hosted by the Cooperative Cyber Defence Centre of Excellence (CCDCOE). Now in its fifth year of participation, the Howest team shared their firsthand experiences at a special evening talk at Howest Bruges.&lt;/p&gt;</description>
     </item>
+    <item>
+      <title>Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience</title>
+      <link>http://192.168.90.54:1313/blog/post-2/</link>
+      <pubDate>Sat, 15 Mar 2025 00:00:00 +0000</pubDate>
+      <guid>http://192.168.90.54:1313/blog/post-2/</guid>
+      <description>&lt;h1 id=&#34;reversing-rebuilding-and-failing-better-my-cyber-security-challenge-belgium-qualifier-experience&#34;&gt;Reversing, Rebuilding, and Failing Better: My Cyber Security Challenge Belgium Qualifier Experience&lt;/h1&gt;&#xA;&lt;p&gt;On March 14 and 15, I joined the Cyber Security Challenge Belgium qualifiers with three teammates. For two days, we threw ourselves at CTF challenges covering binary exploitation, Android reversing, cryptography, and more.&lt;/p&gt;</description>
+    </item>
   </channel>
 </rss>

public/project/project-2/index.html

@@ -546,10 +546,10 @@
 </code></pre><p>And configured <code>/etc/nginx/conf.d/default.conf</code> to serve files from <code>/var/www/html</code>. Then I enabled and started nginx:</p>
 <pre tabindex="0"><code>rc-service nginx start
 rc-update add nginx
-</code></pre><p>Now my Hugo site is live and served directly as static files—no backend, no database, just HTML, CSS, and JS.</p>
+</code></pre><p>Now my Hugo site is live and served directly as static files, no backend, no database, just HTML, CSS, and JS.</p>
 <br>
 <h3 id="why-alpine--hugo">Why Alpine + Hugo?</h3>
-<p>Alpine Linux is minimal and fast, perfect for serving static sites with low resource usage. Combined with Hugo’s speed and flexibility, I get a complete, performant setup that I fully control. It’s secure, lightweight, and easy to update—just rebuild and re-upload the <code>public/</code> folder.</p>
+<p>Alpine Linux is minimal and fast, perfect for serving static sites with low resource usage. Combined with Hugo’s speed and flexibility, I get a complete, performant setup that I fully control. It’s secure, lightweight, and easy to update, just rebuild and re-upload the <code>public/</code> folder.</p>
 <br>
 <p>This setup is perfect if you want full control and minimal overhead for a personal blog or portfolio.</p>
 

public/sitemap.xml

@@ -28,12 +28,19 @@
   </url><url>
     <loc>http://192.168.90.54:1313/blog/</loc>
     <lastmod>2025-05-13T00:00:00+00:00</lastmod>
+  </url><url>
+    <loc>http://192.168.90.54:1313/categories/ctf/</loc>
+    <lastmod>2025-03-15T00:00:00+00:00</lastmod>
+  </url><url>
+    <loc>http://192.168.90.54:1313/categories/education/</loc>
+    <lastmod>2025-03-15T00:00:00+00:00</lastmod>
+  </url><url>
+    <loc>http://192.168.90.54:1313/blog/post-2/</loc>
+    <lastmod>2025-03-15T00:00:00+00:00</lastmod>
   </url><url>
     <loc>http://192.168.90.54:1313/categories/book-rack/</loc>
   </url><url>
     <loc>http://192.168.90.54:1313/categories/class-room/</loc>
-  </url><url>
-    <loc>http://192.168.90.54:1313/categories/education/</loc>
   </url><url>
     <loc>http://192.168.90.54:1313/categories/library/</loc>
   </url><url>