What I Learned
- Don't overthink things -- work from the simplest case.
- Internet access during a CTF may be spotty (or nonexistent) -- be prepared to work fully offline. (Download a copy of exploit-db, etc.)
- Keep meticulous notes -- otherwise you'll find yourself revisiting avenues you've exhausted, forgetting things, etc.
What I Wish I'd Done
- Bring a notebook and pen. You know, old school paper -- sometimes it's faster to jot down notes than type things up (especially for things that are not plain text).
- Log everything -- use GNU screen or something with logging.
- Keep an open tcpdump to a file the entire time -- you never know what might be useful later (even if only for write ups)
Given that this was my first real-time CTF, I'm pretty ecstatic about doing well. The guys from MAD Security put together a great set of challenges with a variety of focus areas: information gathering, server exploitation, client exploitation, crypto -- and I suspect there would've been more if there'd been more time. I can't wait for the next one!