When we started developing CyberEDU back in 2019, our vision was very pragmatic: build a platform for cybersecurity beginners and professionals alike to practice their skills through CTF competitions, challenges and labs. Little did we know (or expect or even plan) that over time, a talented community would sprout and evolve, at the same pace with our educational project.
Discovering exceptional talent with CyberEDU
The very first major cybersecurity event that CyberEDU hosted was the pilot season of UNbreakable Romania. The competition gained considerable popularity. It later developed into a national program for high school and university students preparing for a career in cybersecurity or just wanting to improve their knowledge in the field.
Afterwards, CyberEDU hosted the finals of The Romanian Cyber Security Challenge (ROCSC) in 2020. Since then, all the national phases were hosted on the platform.
Each and every time we would stumble upon some incredible individuals – young talents, brilliant minds, folks with a boundless passion for all things cybersecurity. Their stories of how they discovered and currently explore the world of cybersecurity are unique, yet equally captivating and bound to make a lasting impression on every reader.
It’s time we shared them with you.
Who is Horia Nita?
We’re starting strong, with someone who has experienced all of CyberEDU’s top 3 events at least once. He also underwent an astounding transformation since joining our platform. Frankly, we like to think that CyberEDU played at least a small part in his remarkable adventure.
Meet Nita Horia! Friends call him Noria, and at ROCSC he is known as Hofill. He is a fresh computer science graduate from Babeș-Bolyai University in Cluj-Napoca, CTF player and organizer. He is passionate about cryptography and discovering new things in the field of cybersecurity:
When it comes to CTFs, without a doubt, the types of challenges I’m best at are Web, Cryptography, and Misc. This mirrors my strengths in practical cybersecurity as well. I like expanding my knowledge in these fields, and I don’t treat it as work but as a hobby, making the journey all the more pleasant.
And the way his journey kicked off is really one of a kind.
“I was determined not to back down”
Starting off in cybersecurity naturally comes with a lack of clarity. The abundance of online resources, events, forums, and information can be overwhelming. Moreover, cybersecurity has multiple entry points – certifications, degrees, hands-on experience and so on. At the same time, newcomers’ lack of hands-on experience can leave them feeling unsure about practical application. Cherry on top: cybersecurity is a very competitive environment as well …
For some, these challenges can sow seeds of doubt. For others, they serve as catalysts propelling them towards mastery. As is the case with everything we do, mindset is key – and it was the same for Horia when he first gave cybersecurity a try:
I initially got into cybersecurity in December 2020 when I participated at XMAS CTF(I found it on CTF time). The first challenge I attempted to solve was a PHP type-juggling challenge. My past experiences had instilled a “try harder” mentality in me, so I was determined not to back down until I cracked the challenge. Even though it was only worth 50 points due to the large number of people that had solved it, I persisted until I finally cracked it after a grueling 8 hours of attempts. Solving that challenge gave me a rush that I feel a few times each year when deeply engrossed in an activity, and I instantly knew that I should try solving more. I ended up somewhere close to 50th place, which confirmed that I could be really good at this. That same adrenaline surge propels me forward even now, and I have a hunch it’s here to stay.
Shortly after my first few CTFs, I started trying to find people from Romania that could help me grow faster. Not only that but I feel like, for a beginner, a local competition is the best type of competition. That search resulted in me finding out about the platform CyberEDU, where I learned about an upcoming CTF event named “UNbreakable”. I thoroughly prepared for it and got second place! That made me really happy and even though I did raise some eyebrows due to the fact that I was a new guy suddenly getting top scores, I was warmly welcomed and embraced by the community.
Even in cybersecurity, one’s craft is another’s inspiration
Solving cybersecurity challenges is one very efficient way to keep your skills sharp and refine your technical prowess. For Horia, a cryptography enthusiast, one CyberEDU challenge and author helped everything unfold smoothly in this regard:
One of the challenges I love the most on CyberEDU is “prophet” by Ephvuln. It really clarified for me how block cipher modes of operation function and taught me how to sketch diagrams for the provided code.
It’s the reason I picked my thesis topic and got me interested in block cipher modes of operation. After I cracked it, I felt there should be an easier way for folks to tackle typical AES problems (given the lengthy duration it took me to decipher “prophet”). So, I centered my thesis on this project, and it turned out great! The tool I created is called “AES CTF Tool” (inspired by the popular RSA CTF Tool).
Now that’s one happy ending (by the way, feel free to take a break from reading and check out the tool).
But what do you do when you get stuck when solving challenges? On CyberEDU, it can happen, and we appreciate the Horia’s honest feedback:
Something I feel is missing from CyberEDU would be detailed breakdowns of solutions. I’m aware that there’s the UNR educational archive, but a dedicated “writeup” tab for each challenge would be much more evident and user-friendly. I would like to see a thorough walkthrough of the solutions, explaining the ‘why’ behind every step. This would be immensely beneficial, allowing learners to understand the reasoning and logic behind the solution, even if they couldn’t solve a challenge on their own. Additionally, having some writeups from the organizers themselves would offer invaluable insights into their thought processes, especially for the more intriguing challenges. This way, participants can get a glimpse of how the challenge creators approached the problem.
Nevertheless, sometimes, someone still seems to get the hang of what you can’t. But how? What do you do when your approach just won’t do the trick anymore?
Humans are social creatures. We often learn a lot through social interactions too. Engaging with others in discussions and debates can enhance our learning experience and validate our understanding and knowledge. It allows us to test ideas and assumptions. And just like that, a new perspective takes shape:
Interacting with challenge authors and fellow learners has been an invaluable experience. I’ve encountered several unique strategies and insights that reshaped my problem-solving methods. For instance, some have emphasized the importance of understanding the foundational concepts behind a challenge, rather than merely seeking a quick solution. This approach has helped me to not only solve challenges more efficiently but also to gain a deeper appreciation and understanding of the underlying mechanics. When it comes to my top challenge author, it’s no secret that I’m a big fan of Ephvuln! His challenges always push me to think differently and have played a crucial role in my learning journey.
What does it take to become a great CTF player?
As we mentioned earlier, Horia has been a regular on our platform and of competitions hosted by CyberEDU. He’s also been a top performer in all of them. However, he holds in high regard this one in particular:
My top pick has to be ROCSC, as it attracts really talented people, and it’s where I connected with many who are now my teammates. Representing Romania in the following competition (ECSC) always gives me a sense of pride. Additionally, the bootcamp is great – it not only helps us bond but also strengthens our teamwork skills.
Horia’s closing remarks here introduce the interesting topic of individual CTFs vs team CTFs. While it may not be the most popular debate among cybersecurity professionals, it does spark varied opinions. Consensus remains elusive regarding the superior approach to establishing oneself as the foremost CTF player. Some say it hinges on personal style and preference.
Either way, the distinction between the two encompasses the strategies players employ. Excelling in both types of competitions requires different skill sets. Effectively navigating both elevates a CTF player’s expertise to new levels. Noria has not only participated in individual and team competitions but has also demonstrated excellence in both. His perspective on this can provide valuable insights to improve your game in future CTFs:
When competing in individual CTFs, my strategy revolves around playing to my strengths first. I tackle challenges that align with my expertise to secure early points. This boosts my confidence and momentum for the remainder of the competition. In a team setting, it’s a bit different for us. We begin by dividing challenges based on each member’s strengths and preferences. Regular check-ins and communication are vital. If a teammate struggles with a challenge, another member can step in to offer a fresh perspective or suggest a different approach. Learning from teammates has significantly expanded my own skill set and understanding of different categories, most notably the Pwn category.
Reading this, we feel it’s important to point out that, whether it’s a competition or your career, upskilling in cybersecurity goes beyond studying resources, gaining information, and solving challenges on your own. As a specialist in the field, you’ll most likely be part of a team, one way or another. Each member will bring their own expertise. You’ll learn from that. And, at some point, you’ll also learn that the next challenging thing will be maintaining momentum to achieve the most efficient results or perhaps to provide the highest quality service. Impressive technical skills may come to rank second because dedicating the time and effort that make a team tick is by far more demanding.
Currently, Horia is part of an exceptional CTF team, and they appear to have mastered this art nicely:
Our team goes by the name “The Few Chosen”, and our core members include Paul (skyv3il), Hiumee, Sagi, Livian, Luma, Mcsky23, and myself. We met at various competitions hosted by CyberEDU and during XMAS CTF. What binds us together is not just our shared interests but also our synergy as a team. We resonate on many levels and have found that we collaborate really well.
And we can vouch for that. We’ve seen The Few Chosen in action many times. Their most notable appearance was at D-CTF 2022, where they placed 3rd in the general rankings and 1st as the best team from Romania. Now that’s an amazing accomplishment! What new heights might they reach?
We need to find more people who share our way of thinking and create some tools to help us breakdown challenges faster. Teamwork is key, and we should come together more often. Currently, we’re focused on TFCCTF, but we’re thinking ahead and have plans for what comes next!
Speaking about TFCCTF …
Next step: the CTF organizer
The speed at which Horia transitioned from being a CTF player to a CTF organizer, alongside The Few Chosen, is truly remarkable. Such a shift is not common, yet it is highly appreciated, especially considering the resounding success of his team’s CTF – TFCCTF.
Stepping into the role of a CTF organizer entails resourcefulness and a distinct set of abilities and know-how. Nonetheless, according to Horia, it proves to be at least just as satisfying:
We were driven to set up our own CTF mainly because I, being a programmer at heart and a perfectionist, wanted to create the ideal platform and challenges. Balancing both in the beginning was challenging given our tight schedule. However, with our consistent effort, updating the platform has become much easier. Now, we can proudly and confidently expect over 1500 teams to join in yearly!
Being a challenge author is quite tough, especially if you aim for quality. For me, the hardest aspects include determining the difficulty level of challenges, ensuring variety and making sure they’re fun and original. Additionally, a lot of research goes into developing the more complex challenges. It sometimes took days of trial and error to create some of them, but in the end it was worthwhile. TFCCTF is still in its early stages, but I see vast potential in it. I plan to introduce more features to the platform, attract a larger participant base, and expand it.
I see CyberEDU as a promising partner. Both TFC and CyberEDU share aligned objectives, and I believe we could help each other out greatly in collaboration!
There is a lot of promising potential we see in TFCCTF too. So we would be just as delighted by the prospect of a potential cooperation with CyberEDU.
Moving forward…
Horia’s consistent ambition is undeniable. There’s simply no room for plateauing here. Even for someone who’s done a lot in cybersecurity within a short span, the road ahead is brimming with possibilities and opportunities for further growth and achievement:
Personally, my goal is to carve out a noticeable space for myself in the world of cybersecurity. I’m eager to wrap up my current projects and ultimately inspire more people to see cybersecurity as an appealing career path!
As this aligns perfectly CyberEDU’s mission, we’ll support Horia in his noble quest by any means and resources possible.
