External post
This article was originally published on the CyberStudents website on May 18, 2025. You can read the original post here.
By GodderE2D, Head Administrator and CyberStudents Foundation Co-Founder
A note on the delay of prizes
Unfortunately, our event sponsor ICSRED was unable to fulfill their share of $190 USD in prizes after we’ve requested them for over two months. Due to this, the first, second, and third place winners for the High School/College Division received their prizes considerably late.
These remaining prizes were personally funded by event organizers Vip3r and GodderE2D. The Antisyphon Course prize for the HS/College Division first place winner had to be excluded as we lost contact with the sponsor after February 2nd.
This was also ultimately the reason finalized winners and write-ups were not announced until now. We apologize for the inconvenience and thank the winners for their patience.
Advent of CTF 2024 was a month-long cybersecurity capture-the-flag (CTF) competition from December 1st to December 31st, 2024 premiered last year by CyberStudents, an online organization and community focused on cybersecurity education. It featured beginner-oriented challenges from six popular categories with challenges releasing daily during the advent season. The event was open to everybody and we encouraged high school and college students from around the world to participate.
The competition comprised of 780 players from 85 countries to attempt 25 challenges of varying difficulties and categories. We encouraged players to discuss the challenges and share their progress in our Discord server through public channels and our private challenge support system, where challenge developers and community members were available to help players with guidance and resources.
We offered a total prize pool of $280 USD, with $225 for high school and college students and $55 for write-up submissions open to all players. The prize pool was funded by event’s organizers vip3r and GodderE2D, previous sponsorships/partnerships, and the event’s sponsor ICSRED. (Please refer to the note above for issues regarding our sponsor.)
In addition to the main leaderboard division, we also had a write-up division where all players were encouraged to submit write-ups for the challenges they solved. These community write-ups were reviewed by each challenge’s creators and would be featured on the CyberStudents website as a resource for future visitors who wish to learn from the challenges and discover different perspectives. We looked for write-ups that were clear, complete, educational, creative, and explained every step of their challenge-solving and planning process.
The event concluded on December 31st, 2024, and we are proud to announce the winners and some statistics regarding player demographics and challenges.
Final leaderboard: High School/College Division
| Place | Name | Country | Points (2270 max) | Completion | Prize |
|---|---|---|---|---|---|
| 1st | zarnex__ | United States | 2270 | 25/25 | $100 USD + |
| 2nd | minipif | Romania | 2270 | 25/25 | $60 USD |
| 3rd | pligonstein | Romania | 2070 | 24/25 | $30 USD |
| 4th | silence_ | India | 1875 | 22/25 | $20 USD |
| 5th | trixai | Sweden | 1830 | 22/25 | $15 USD |
See the full leaderboard and the open division here.
Final leaderboard: Open - Write-Up Division
| Place | Name | Country | Points | Winning write-ups | Prize |
|---|---|---|---|---|---|
| 1st | zarnex__ | United States | 600 | 8/25 | $40 USD |
| 2nd | raul_26 (Fl4gged) | Austria | 425 | 4/25 | $15 USD |
All players who won a prize verified their identity and student status (if applicable).
Format
A new challenge was released every day at 3 pm EST until December 25th. Players could earn points by solving challenges in these six categories: web exploitation, cryptography, forensics, binary exploitation, reverse engineering, and OSINT (open-source intelligence).
To complete a challenge, players must find and submit a flag. A flag is a hidden piece of text or code always in the format csd{example_flag}, making it easy for players to identify. For example, for cryptography challenges, the flag may be included in the text after it has been decrypted or decoded. For web exploitation challenges, the flag may be hidden in a hidden file or is somewhere that is not visible to a regular user and the site must be exploited to obtain it. Knowing the flag format may be useful when attempting challenges, especially for cryptography and forensics challenges.
Two sets of hints were also released for each challenge. The first hint was given 12 hours after the challenge releases (at 3 am EST) and the second hint was given 24 hours after the challenge releases (at 3 pm EST the following day). Most importantly, hints do not cost points and players were not penalized for viewing them.
Other than the challenges being released daily instead of all at once, this CTF followed the common Jeopardy-style format found in many other CTFs, preparing players for future CTFs and similar competitions. Challenges could be solved in any order and players could attempt challenges at any time during the event, including the six days that were given after the last challenge released on Christmas Day.
Each challenge had a point value assigned to it relative to its difficulty. Tiebreakers were determined by the player who had kept their score the longest (i.e., whoever submitted their last flag first). You can find the competition guidelines here.
CyberStudents’ Advent of CTF is inspired by Eric Wastl’s Advent of Code, TryHackMe’s Advent of Cyber, and CyberStart.
Write-ups
Write-ups for Advent of CTF 2024 will be published on the CyberStudents website.
Player demographics
780 players registered to play in Advent of CTF 2024, representing 85 countries. Players from the United States made up the largest portion of the player base at 23.3%, followed by India at 13.7%, and Indonesia at 7.0%. This was more diverse than the distribution of countries in the CyberStudents Discord server.
Players were also asked whether they were attending high school or college/university, and if they were, which grade or year they were in. The majority of players were in college or university at 62.0%, with high school students following at 21.4%. Intriguingly, the Discord server had more members who identified as high school students than college students. Given the number of international players who could not be easily categorized under one of the allowed categories, this metric may not be entirely reflective of their age or experience. Middle school students were categorized as “None” in the data below.
Challenge statistics
Out of the 25 challenges released, 3858 attempts (both correct and incorrect) were submitted. 1850 (48.0%) of those attempts were correct (i.e., solves). OSINT challenges had the highest attempts per solve rate, with an average of 6.83 attempts for every solve.
| Day | Challenge | Category | Author | Points | Attempts | Solves |
|---|---|---|---|---|---|---|
| 1 | Logical Exclusivity | Cryptography | GodderE2D | 30 | 489 | 237 |
| 2 | screaming | Reverse engineering | Vip3r | 40 | 313 | 259 |
| 3 | ElfTV | Reverse engineering | Vip3r | 55 | 53 | 147 |
| 4 | long gone | Forensics | Vip3r | 75 | 33 | 44 |
| 5 | Rusty Lock | Reverse engineering | Logix | 110 | 164 | 31 |
| 6 | Epochrypt | Cryptography | Vip3r | 70 | 214 | 97 |
| 7 | Apple Fanatic | Web exploitation | GodderE2D | 60 | 124 | 116 |
| 8 | vuln research | OSINT | Vip3r | 45 | 138 | 122 |
| 9 | resa? | Cryptography | Vip3r | 80 | 110 | 101 |
| 10 | flag from wish | Cryptography | Kolmus | 55 | 95 | 93 |
| 11 | Festive Encoding | Binary exploitation | GodderE2D | 90 | 372 | 101 |
| 12 | Letter To Santa | Forensics | Logix | 85 | 31 | 27 |
| 13 | Disoriented Santa | OSINT | GodderE2D | 100 | 571 | 45 |
| 14 | angry elf | Reverse engineering | Vip3r | 50 | 82 | 76 |
| 15 | JETS | Web exploitation | GodderE2D | 70 | 177 | 113 |
| 16 | Jingle Bell ROP | Binary exploitation | Vip3r | 105 | 35 | 34 |
| 17 | Santa's Plane | OSINT | Logix | 80 | 391 | 65 |
| 18 | trng | Reverse engineering | Kolmus | 120 | 31 | 31 |
| 19 | interns | Cryptography | Vip3r | 150 | 51 | 9 |
| 20 | Lost Santa | OSINT | Logix | 80 | 321 | 43 |
| 21 | hpjl | Binary exploitation | Kolmus | 125 | 11 | 10 |
| 22 | K.U.N.A.L Consulting | Web exploitation | GodderE2D | 115 | 21 | 19 |
| 23 | help | Binary exploitation | Kolmus | 150 | 11 | 11 |
| 24 | ELForms | Web exploitation | GodderE2D | 130 | 13 | 13 |
| 25 | House of Santa Claus | Binary exploitation | Kolmus | 200 | 7 | 6 |
The categories of challenges were mostly evenly spread, except for forensics with only 2 challenges. We aim to have a more balanced distribution of challenges in future events.
Finally, we would like to thank all the players who participated in our inaugural event and those who provided feedback and reported technical and challenge issues to us. Furthermore, we would like to acknowledge the challenge creators Vip3r, Kolmus, GodderE2D, and Logix who worked throughout the holiday season to create challenges for the community.
If you would like to try similar challenges, we recommend checking out the daily CTF in our Discord server.
If you’re interested in sponsoring or partnering with CyberStudents, please reach out to us at admin@cyberstudents.net.