Site Logo
Niklas Heringer - Cybersecurity & Math
Cover Image

Securing Silver: My 2nd Place Win at CYBERSECURITY CONFERENCE 2025 CTF in Mannheim

Posted on 6 mins

CTF, Capture the Flag, Cybersecurity Conference 2025, Mannheim, Binary Exploitation, Web Exploitation, CTF Preparation, Learning, Cybersecurity Career, ERNW

Table of Contents

HE’S AAALIVE!

Did you miss me? Traffic has gone up lately, which i found very funny as i hadn’t had the time to post anything lately.

Doing my full-time internship at ERNW is honestly just insane, in the most positive sense!

Will there be more posting?

Yes. Be thrilled, i am swifting my content around a bit, quantity -> quality.

I’m so excited to see what you will think of the next upcoming post.. the longest and most indepth i ever did hihi.

Well, why do i now post?

What is this about now?

I’m absolutely thrilled to share some exciting news from the past weekend!
A fellow student at the University of Applied Sciences Mannheim and I had the incredible opportunity to compete in the “Capture The Flag” (CTF) Challenge at the CYBERSECURITY CONFERENCE 2025 in Mannheim, and we’re incredibly proud to announce that we placed second overall!

Briefly about the Conference

I couldn’t watch that much of it as the challenge had a 24h timeframe, ripping through the two days.

What i saw was interesting, not quite my focus with more compliance- and business-heavy talks, manager to manager, yet still a great number of people showed up and contributed.

What I loved: Promoting awesome Master’s theses

I loved that they gave out a price (also in money) to excelling master’s theses. Second place this year was about zero-knowledge cryptography and shuffles, it sounded so interestig but i was so tired.. I HAVE to find her work and post about it! First place was about challenges in new kinds of attacks concerning modern cryptography, again, i will find it and get to know more.

The Challenge

The CTF Challenge itself was an intense and exhilarating experience.

We nearly got first place, yet an awesome competitor we got to meet in person at the award ceremony overtook us with a Buffer Overflow flag last minute.

Well, not quite last minute but pretty late into the 24h race when our mind was long since gone and learning Buffer Overflow attacks from scratch didn’t really come in easily - even though we learned so many new things in that day.

Image See how close our cute red line came to securing first? Hihi but big shoutouts to the awesome guy from ABB who absolutely killed the challenge.

Infact, we tackled a wide array of categories, pushing (way past) our skills in web exploitation, binary exploitation, cryptography, steganography, forensics, …

The best thing about CTFs

The learning. It is a fantastic test of problem-solving under pressure, of thinking creatively, of not letting yourself get frustrated just too easily.

Now the Learnings of my first CTF will be a separate article, as i already mentioned. Yet right now I’ll give you the rundown on how to prepare for one.

How to actually prepare for a CTF

Maybe you’re the kind of professional that knows binary exploitation, buffer overflow attacks, steganography or the 100 different topics that are frequently covered in CTFs.

Yet i bet you aren’t. DON’T spend 2 weeks ahead reading article after article, stressing out about your payload lists, making sure you know “that one trick with the LSBs in an image..”

Relax. In my oppinion this is not nearly the most important thing to do.

CTFs are Fun: So Enjoy Them

Partaking in a CTF is something incredible, extraordinary and extremely fun.. if you let it be.

Excitement will flush out all knowledge you could never really apply out of you. You’ll have to learn stuf on the spot.

“But there’s no time”

More often than not, there is! Take it for yourself.

Don’t stress out checking the scoreboard every 2 minutes. I am myself a fairly competitive person, but let me tell you, the feeling of a solution finally clicking and you getting a step further in a challenge is a thousand times better than being up 10pts from some other team.

How to learn during a CTF

While you’d normally go through maybe a HackTheBox Academy section or a youtube video series, i’ll admit that while you should always take your time, you also won’t have it to spend 6hrs on every single challenge. Setting a focus, while neglecting other challenges, will be necessary if you’re not part of a bigger team where every challenge can be distributed among team members.

So here are my personal tips to really learn and thrive in a CTF:

  1. Write things down. Make sketches. Analyze deeply, you’ll need to have a rather big problem set sketched out in front of you so you can take notes and organize yourself. Speaking of organization…
  2. Pretend you’re a scientist, because in many ways, you are. PLAN out what you’re going to do next, WRITE DOWN what you already tried, why and why it failed. Especially if the challenge is of a longer time format, you’ll end up totally lost half-through, with 16 python scripts, 10 scrappy notes, 15 files and payloads and you don’t know what a single one of them does. “What the hell is in exploit_final_2.py?” Document clearly, pretend you’d write your scientific diary. It’s worth it!
  3. Google for “<topic/ version/ tech stack> exploit github” - the best hits i found this way. In other cases, focus on universities! Their slide-decks are often hands-on and to the point, while most blog articles (lol not this one) just want to a) sell you a product, b) convince you they’re an expert so you’ll buy their product or c) babble all around, with no single line of code or math in the whole article.
  4. I personally like having Gemini in strict learning mode at all times, making sure it’ll take you through issues patiently without EVER providing you with a straight answer - you’ll code, think and solve yourself, but with a rather reliable learning partner at your side.
  5. perhaps the most important one:

TAKE BREAKS

Seriously. Breaks are not something you do when it fits in the workflow. You need to take them regularly.

As a person with ADHD engraved into my core and soul, i know what it’s like to lose yourself in a problem completely, slumping down in your chair and forgetting everything around you including what day it even is.

But you’ll solve WAY more problems if you follow a schedule of break - work - break - …

Why don’t you search for one of the million pomodoro timers out there, start it and when the bell rings, you go do something else and ACTUALLY take the break! This is far from optional, it’s inevitable and vital to any success!

The biggest 300pt challenge we solved came RIGHT AFTER a big stretched breakfast. Try it and tell me if i’m wrong!

What’s up Next

You’ll be surprised. My up-coming, big post is actually about AI, yet.. not in the way you think hehe. Check the blog regularly, learning is always worth your time.

I’ll also soon upload a breakdown of all i’ve learned in this CTF. Stay tuned and healthy.