Reflections on ECSC 2021

Note: I updated my Ghost instance but forgot to back up images, so all of the images that were on this blog are now gone forever. cries but anyway

The Story And Some Notes

In September, I was fortunate enough to be selected as a team member of Team Ireland. I was granted the fantastic opportunity of travelling to Prague, Czech Republic with the team to compete in the European Cybersecurity Challenge 2021 against 17 other teams (and Canada).

Incidentally, one of my teammates was also on the Hackerone leaderboard in Ireland, so that was nice. I'm now the Hackerone Brand Ambassador for Ireland, and I'm based in Cork, so if you're ever around, my dear reader, shoot me a message on Twitter and we can hang out.


The challenges were as diverse as they were challenging. The first day was forensics-heavy, and the second day was reversing and crypto-heavy. There was one especially nice Web-based challenge. It involved chaining a filter bypass with a Jinja SSTI, then a filter-bypassing, Python-based RCE payload got the flag. I learned a great deal on-the-go and from my skilled and varied teammates.

As a matter of personal opinion, some of the challenges were too guessy for my liking. Some had too many steps involved to reach the solution. That was quite demotivating.

Where was it?

It was held in Prague, Czech Republic. We stayed in the 5-star Hotel Corinthia, and the event itself was held in the Prague Congress Centre, across the street. We may or may not have opened a terminal in the digital advertisement in the hotel lobby.

How do I take part?

It varies from country to country, but most countries will host their own cybersecurity challenges. If you're aged between 16 and 25, you're eligible.


Honorable mentions to... drum roll ... Edgescan, Reliaquest, ZeroDays CTFs, TU Dublin, BH Consulting, OneLogin, Commsec, and HP Enterprise. Special thanks to ZeroDays CTFs again for making it all happen.