Operation: Ciph3r

Ciph3r

At this year’s senior North Gauteng Science Fair, it wasn’t just about physics experiments and robotics demos. Students found themselves facing down the hackers of Ciph3r in a live Capture-the-Flag competition created and hosted by DarkForge Labs.

The competition brought together some of the brightest young minds, who stepped up to try their hand at real-world cybersecurity puzzles. From breaking into a fictional hacker network to uncovering hidden digital clues, the CTF pushed participants to think critically, collaborate under pressure, and apply problem-solving skills in a whole new way.

For many of the students, it was their first exposure to the world of ethical hacking, and the adrenaline of solving a challenge against the clock seems to have them hooked. We received promising feedback and look forward to bringing a new set of CTF challenges to next year’s fair.

Event

The Capture-the-Flag competition drew 12 registered teams, made up of a total of 39 participants. The event ran for 48 hours (12 to 14 September). Each team could consist of up to four members, though some chose to compete with fewer, testing their individual skills against the field.

Top 10 Teams

Across the event, players faced 16 challenges spanning three core categories

  • Steganography – hiding (and finding) secrets in plain sight, from images to digital artifacts.
  • Forensics – analysing documents, network captures, and file systems to uncover hidden data.
  • Web – exploiting common vulnerabilities in simulated websites to retrieve flags.

Highlights

One of the hardest parts of building the competition was finding the right balance in difficulty, and keeping the challenges engaging while making sure they weren’t overwhelming. The students’ talent and creativity far exceeded our expectations, and many solved challenges faster than we anticipated. Next year, we’ll be raising the bar and including some more categories of challenges.

Point Stats

To give a taste of what they faced, here are a few standout challenges:

Steganography Challenges

One challenge presented students with a barcode that looked ordinary, but the trick was inverting the colours to reveal the hidden message. In another, two separate image fragments had to be carefully pieced together to reconstruct an Aztec code, which then unlocked the flag. These puzzles blended digital sleuthing with a touch of creativity, forcing participants to look at everyday images in entirely new ways.

Forensics Challenges

The forensic challenges asked students to think like digital investigators. In one challenge, they had to scour packet captures in Wireshark, carefully reassembling fragments of network traffic until the hidden flag came into view. Another pushed them even further, requiring the recovery of deleted files from a file system image.

Web Challenges

The web track covered a broad range of real-world topics. Problems spanned everything from Insecure Direct Object References (IDOR) that leaked passwords, to privilege-escalation scenarios achievable through SQL injection, and puzzles that required extracting a flag from heavily obfuscated JavaScript.

Ciph3r Web

One of the event’s favourite twists hid parameters in robots.txt that nudged players toward a hidden “debug mode”; enabling it revealed a salt value used by the site’s session logic. Competitors then had to combine those clues (the disclosed salt, exposed parameters, and code analysis) to understand the authentication flow and craft valid sessions or user records to retrieve flags. The sequence rewarded careful source inspection and a grasp of web authentication concepts.

Congratulations

Every participant walked away with something to remember the day, DarkForge Labs provided swag for all participants, a token of recognition for their hard work and creativity throughout the competition. On top of that, the top three teams earned cash prizes, cementing their place as some of the brightest up-and-coming cybersecurity talent. Congratulations to the winning teams:

  1. Affiespeurders
  2. Affiekuberkrakers
  3. CypherCore

The best part was seeing how quickly these students collaborated and thrived under pressure. Many had never competed in a CTF before, yet they demonstrated sharp analytical thinking and problem-solving skills well beyond what we expected. It was clear to us that South Africa’s next generation of cybersecurity professionals is already brimming with potential.

Thanks

We’d like to extend a huge thank you to the students, teachers, and organizers who run the science fair. The North Gauteng Science Fair was the perfect stage to showcase not only the excitement of science but also the importance of cybersecurity in today’s world. Every participant showed grit, curiosity, and teamwork—qualities that will serve them well both in competitions and in future careers.

We believe Capture-the-Flag competitions are more than just games. They’re a hands-on way to spark passion, teach critical skills, and build the next generation of cybersecurity leaders. That’s why we’ll continue to invest in these events, designing new challenges and raising the bar for every competition.