Cyber Apocalypse 2025 CTF: A Journey with SuKMaDhe

Published on: March 30, 2025

Hack The Box’s Cyber Apocalypse 2025 CTF was an incredible experience for me and my team, SuKMaDhe, representing IIIT Kottayam. We formed our team in January 2025, consisting of four members, ready to take on the challenges in one of the most prestigious cybersecurity competitions. The CTF ran from March 21 to March 26, 2025, featuring a diverse range of challenges across multiple domains, including AI/ML, Cryptography, Web Exploitation, Forensics, Blockchain, Pwn, Reverse Engineering, Secure Coding, Competitive Programming, and OSINT.


Our Performance


We finished 487th out of 8130 teams, with a total score of 27,100 points. It was a solid performance, considering the high level of competition. The event was intense, with thousands of teams from around the world vying for the top spots, and we were proud to secure a position in the top 6% of participants.


My Role in the Team


I was tasked with tackling challenges in Web Exploitation (WebEx), OSINT, and Competitive Programming. The competition was fierce, and every solved challenge was a stepping stone towards improving our ranking. Here’s a breakdown of my contributions and experiences across these categories.


Web Exploitation: A Smooth Start


I kicked things off with two beginner-friendly WebEx challenges, which gave me a strong start:

  1. Trial By Fire – This challenge involved exploiting a vulnerable template engine to inject arbitrary code(SSTI). By crafting a malicious payload, I was able to execute commands on the server and retrieve the flag.
  2. Whispers of the Moonbeam – This challenge required exploiting a web input field to execute unintended system commands. I used a simple payload to bypass the input validation and gain access to the flag.

These challenges were straightforward but provided a strong momentum boost for me to delve into more complex problem-solving. Solving them early helped build my confidence for the tougher challenges ahead.


Competitive Programming: A Strength Tested


Next, I moved on to Competitive Programming, where I managed to solve 4 out of 5 challenges. These problems covered concepts such as:

  • Clockwork Guardian – Here come BFS - A fundamental graph traversal algorithm that I used to solve a maze-like challenge.
  • Dragon fury – This involved manipulating Arrays for efficient computation.

The problems were well-structured, pushing my problem-solving skills to the limit. I felt confident in this segment, making steady progress with each challenge. Solving these problems quickly helped our team accumulate points early in the competition.


OSINT: A Tough Nut to Crack


I dedicated a significant portion of my time to OSINT (Open-Source Intelligence) challenges, but despite my efforts, I couldn’t crack any. These challenges required gathering information from publicly available sources, often involving social media, geolocation, and metadata analysis—skills I realized I need to improve. However, my teammates came in clutch, solving several OSINT challenges and securing valuable points for our team. It was a humbling experience, reinforcing the importance of collaboration and diverse skill sets in a CTF environment.


A Brief Encounter with Blockchain & Prompt Injection


Curious to expand my knowledge, I attempted a Blockchain challenge, only to realize I had zero prior experience in it. The challenge involved analyzing a smart contract for vulnerabilities, but I quickly hit a wall due to my lack of familiarity with Blockchain concepts. It was a wake-up call that this is an area I need to explore further.

Later, I tried my hand at a Prompt Injection challenge, which turned out to be a success! The challenge involved a system where the key was split into an array, and I managed to solve it by cleverly prompting the system to list the key in a numbered format. After several attempts, I crafted a prompt that tricked the system into revealing the key segments, which I then pieced together to form the flag. This victory was quite satisfying, given the time I had spent experimenting with different injection techniques.


Final Thoughts


Cyber Apocalypse 2025 was an unforgettable experience, testing my strengths and exposing my weaknesses. While I had successes in WebEx and Competitive Programming, I realized there’s a lot more to learn—especially in OSINT and Blockchain. The competition highlighted areas where I can grow as a cybersecurity enthusiast, and I’m already planning to dive deeper into these domains before the next CTF.

Most importantly, this CTF reinforced the value of teamwork. Whether it was my teammates saving the day in OSINT or learning from each other’s approaches, the collaborative aspect of cybersecurity competitions is what makes them truly rewarding. SuKMaDhe’s diverse skill set allowed us to tackle a wide range of challenges, and I’m grateful for the support and camaraderie throughout the event.

Looking forward to the next CTF, armed with lessons learned and new skills to acquire! Until then, I’ll be honing my skills on platforms like Hack The Box and TryHackMe, preparing for the next adventure with SuKMaDhe.
To Access The writeups click here.