This is the conclusion to my write-up of the awesome BSides SF CTF by MAD Security/The Hacker Academy.  You can find the other parts here: Levels 1-2, Levels 3-4, Levels 5-7.

What I Learned

  • Don't overthink things -- work from the simplest case.
  • Internet access during a CTF may be spotty (or nonexistent) -- be prepared to work fully offline.  (Download a copy of exploit-db, etc.)
  • Keep meticulous notes -- otherwise you'll find yourself revisiting avenues you've exhausted, forgetting things, etc.

What I Wish I'd Done

  • Bring a notebook and pen.  You know, old school paper -- sometimes it's faster to jot down notes than type things up (especially for things that are not plain text).
  • Log everything -- use GNU screen or something with logging.
  • Keep an open tcpdump to a file the entire time -- you never know what might be useful later (even if only for write ups)

Given that this was my first real-time CTF, I'm pretty ecstatic about doing well.  The guys from MAD Security put together a great set of challenges with a variety of focus areas: information gathering, server exploitation, client exploitation, crypto -- and I suspect there would've been more if there'd been more time.  I can't wait for the next one!