Summary of "WEBINAR NEVCRYP3 #“Crypto CTF Adventures: Can You Catch the Flag?” 2025"

Summary of “WEBINAR NEVCRYP3 #“Crypto CTF Adventures: Can You Catch the Flag?” 2025”

Overview of Capture The Flag (CTF) in Cybersecurity

Capture The Flag (CTF) competitions are competitive hacking games where participants find and exploit vulnerabilities (“flags”) in code or systems. These events help build community, sharpen skills, and simulate real-world cybersecurity scenarios.

There are several types of CTFs:

Jeopardy-style CTFs: Puzzle-based challenges where scoring depends on solving individual tasks.
Attack-Defense (A/D) CTFs: Teams simultaneously defend their own infrastructure while attacking others.
King of the Hill: Teams compete to maintain control over systems for points.
Blue Team exercises: Focus on defense against professional attackers, commonly used in educational settings.

Fair play and technical skill are emphasized over disruptive tactics. CTFs serve multiple purposes including training, recruiting, and have even led to real-world vulnerability discoveries. Special themed CTFs, such as Hackasat, focus on niche areas like space cybersecurity challenges.

Webinar Structure and Organizers

The webinar was organized by the Network Evolution Research Group in collaboration with Telkom University, Indonesia. The event agenda included:

National anthem
Welcome speech
Main presentation
Q&A session
Certificate and quiz sessions
Closing remarks

The format was casual and interactive, attracting global participation.

Key Presentation by Dr. Muhammad Nasar (University of New Haven, USA)

Dr. Nasar focused on two cryptographic CTF puzzles that illustrated applied cryptography concepts and practical vulnerabilities.

Puzzle 1: Symmetric Encryption with ChaCha20 Stream Cipher

ChaCha20 is a secure, lightweight 256-bit stream cipher widely used in encryption.

Puzzle details:

A “flag” was encrypted using ChaCha20 with the same nonce (IV) and key reused.
Key vulnerability: Reusing the same nonce and key in a stream cipher causes keystream reuse, allowing attackers to recover plaintext by XORing known plaintext with ciphertext.

Demonstrations included:

Extracting the keystream from a known plaintext-ciphertext pair.
XORing the keystream with the encrypted flag to recover the secret.
Practical Python code examples using PyCryptodome and Google Colab.
Use of online tools like CyberChef for easier experimentation.

Lesson: Proper nonce management is critical in stream ciphers to avoid catastrophic security failures.

Puzzle 2: Asymmetric Encryption with RSA (Textbook RSA)

This puzzle involved RSA encryption with the following characteristics:

Small public exponent ( e = 5 ).
Different moduli ( n_i ) for each encryption (multiple public keys).
No padding applied (textbook RSA).

Participants could query a server multiple times to get encryptions of the same message under different keys.

Key vulnerability:

Encrypting the same plaintext with small ( e ) under multiple coprime moduli enables plaintext recovery via the Chinese Remainder Theorem (CRT).

Dr. Nasar explained:

The deterministic nature of textbook RSA without padding.
How CRT combines multiple ciphertexts to recover the original plaintext by computing the integer ( e )-th root.
Use of Python libraries such as libnum for CRT and gmpy2 for integer root extraction.
A practical demonstration running a TCP server to simulate the challenge.

Lesson: Proper padding schemes (e.g., OAEP) and secure parameter choices are essential for RSA security.

Additional Discussion Points

Applied cryptography differs from theoretical cryptography; vulnerabilities often arise from implementation and deployment errors rather than the cryptographic primitives themselves.
Cryptography’s role has expanded beyond confidentiality to include blockchain transparency, accountability, privacy, and authentication.
Despite blockchain’s transparency, confidentiality remains critical in many applications such as messaging and banking.
Beginners are encouraged to understand cryptographic building blocks conceptually and practically rather than being overwhelmed by complex mathematics.
CTFs serve as a practical learning platform bridging theory and real-world application.

Product Features, Guides, and Tutorials Highlighted

Use of Google Colab notebooks for hands-on cryptography practice.
PyCryptodome Python library for cryptographic implementations.
CyberChef online tool for data transformations and cryptographic operations.
Live coding demonstrations of cryptographic concepts and puzzle solving.
Encouragement to maintain detailed notes and organize solutions during CTFs.
Resources for further study and contact details for academic programs at the University of New Haven.

Quiz and Community Engagement

Interactive quiz session with prizes to reinforce learning.
Encouragement to subscribe to Network Evolution’s YouTube channel for future webinars and tutorials.
Emphasis on community building and ongoing learning in cybersecurity.

Main Speakers and Sources

Dr. Muhammad Nasar – Assistant Professor, Computer Science and Data Science, University of New Haven, USA. Presenter of cryptographic CTF puzzles and practical solutions.
Dr. Eko Fajar Chayadi – Lecturer, Telkom University, Indonesia. Moderator and organizer.
Muhammad Faria Abard – Master of Ceremony, Network Evolution Research Group.

Audience participants contributed questions on cryptography, blockchain, and learning pathways.

This webinar provides a comprehensive, practical introduction to cryptographic Capture The Flag challenges, emphasizing applied cryptography, common pitfalls, and problem-solving strategies in cybersecurity competitions.