NCL and CTFs

Oct 23, 2025

Slides

What is NCL?

  • NCL is a CTF we compete in! (hopefully you know this by now)
  • Opens tomorrow (Friday) at 1 PM and runs until Sunday at 9 PM
  • Minimum point threshold: 300 points for us.

What’s a CTF?

  • CTFs are capture the flag competitions!
  • You’re trying to capture flags by solving challenges.
  • Flags have a format with numbers and letters, similar to the ICC Vehicle Hackathon format (flag–nums–letters).
  • When you solve a challenge, you get the flag.

About the Competition

  • Intended for introductory audiences, mainly students / people in education .
  • There are 3 different tiers (based on years of experience).
  • Doesn’t change the challenge itself — you’re just placed in a different pool.
  • Most of us will participate in the Undergrad section . Big thing: Try to get the most out of the competition, and figure out what you don’t know yet

Difficulty and Rules

  • Accommodates different skill levels through “ramp up” challenges (easy, medium, hard).
  • Easy ones are really easy
  • ChatGPT is allowed for this competition!
  • NOT allowed to work with other people!!!
  • That’s the only rule really. Everything else is open-book.

The “difficulty” label doesn’t always match how easy/hard it actually is — it varies. Don’t get discouraged!

NCL Categories

OSINT

  • Usually the easiest (includes question rules too).
  • Basically professional Googling .
  • MY PRESENTATION!! check the slides if you need a refresher :)

Cryptography

  • Easier questions deal with base number systems (just Google number decoders).
  • Harder ones get really hard , like crypto primitives (steep drop-off).

Password Cracking

  • Hashcat!
  • Harder questions require a ruleset .
  • Check Tyler’s pres!
  • Start cracking early! It takes time (run it in the background).

Forensics

  • A little more approachable with Linux experience .
  • Steganography, file recovery, etc.
  • Hardest questions usually use Volatility — install that.
  • Just have the correct tools ready!

Log Analysis

  • The grep category (shout out Noah).
  • Sort and sort list.

Network Traffic Analysis

  • Wireshark!!!
  • Viewing network traffic via packet capture files (.pcap).
  • Harder challenges use Scapy (a lot of outdated docs out there).
    • Can usually solve with TShark + small shell script .

Scanning & Reconnaissance

  • Nmap my beloved
  • Usually gives you a VM to connect to in the web interface.

Web App Exploitation

  • Tons of tools: Burp Suite, Gobuster, cURL , etc.
  • Sometimes you’re allowed to use automated tools (they’ll let you know).

Enumeration & Exploitation

  • The hardest category
  • Even the “easy” challenges are tough.
  • Examples:
    • Obfuscated shell scripts (PowerShell, Python) – easy
    • Rust – hardest
  • You really gotta know what you’re doing for this one. Not easy to learn on the fly.

Other Notes

  • Accuracy doesn’t really matter unless you’re trying to place
  • You get many attempts.
  • Any online, non-password-protected resources are fair game.
  • You can use our past meeting slides!

Importance of NCL

  • Justifies our purpose and mission as an org.
  • Helps us get recognition too.
  • Board of Trustees namedropped us.
  • Governor of Michigan sent us a letter congratulating us!
  • As students, it gives us knowledge, helps us see where we’re lacking skills.
    • Curriculum doesn’t always cover what we want to know, so this fills in the gaps.