Cybersecurity Competition · Solo Competitor

DoD Cyber Sentinel
Challenge 2025

Department of Defense · Capture the Flag · Hosted by Correlation One

Competed solo in a DoD-level Capture the Flag cybersecurity competition against 2,151 participants. Solved challenges across networking, reconnaissance, web application testing, OSINT, and forensics using professional security tools — finishing ranked #767 on the national leaderboard.

Event DoD Cyber Sentinel CTF 2025
Format Solo Competitor
Host Correlation One
Sponsor Department of Defense
Year 2025
DoD Cyber Sentinel Challenge 2025 Participant Badge
// Participant Badge
// Results

Competition Results

#767
Leaderboard Rank
Out of 2,151 participants
1,200
Points Earned
Across multiple categories
975
Final Score
After revisiting tougher challenges
6
Challenge Categories
Networking, Recon, Web, OSINT, Forensics
// Challenge Breakdown

Challenges Attempted

Category-by-Category Breakdown

Challenge Category What I Did Tools Used
Clear(ed) Text Networking Reviewed a PCAP for plaintext HTTP login activity. Followed HTTP streams, identified POST data, and decoded URL-encoded special characters to find exposed credentials. Wireshark, Follow HTTP Stream, CyberChef
Hoasted Toasted Recon Investigated virtual hosting by inspecting a TLS certificate Subject Alternative Name (SAN) field, then used host-header testing to reach hidden content on the server. Browser cert viewer, /etc/hosts, Burp Suite, cURL
Screamin' Streamin' Recon Scanned for an exposed RTSP service, identified the port, enumerated the valid stream name, and validated the live stream connection using media player tools. Nmap, ffprobe, ffplay, VLC
Robots Discovery Web Reviewed a website's robots.txt file to identify a disallowed path. Navigated to the hidden path to retrieve the flag — reinforcing that robots.txt is not a security control. Browser, cURL, robots.txt review
Inspo OSINT Used image clues, architectural details, and external research to geolocate a building within a valid coordinate radius. Required slow observation and multi-source correlation. Image analysis, map review, press-release research
Decryption Conniption Forensics Chained multiple evidence sources: PCAP, VNC keystroke analysis, memory dump, SSLKEYLOGFILE recovery, TLS traffic decryption, and encrypted archive review — a full investigation chain. Wireshark, Volatility 3, NetworkMiner, tshark, 7z
// Arsenal

Tools & Technologies Used

Reconnaissance & Enumeration
Kali Linux Nmap Gobuster Dirbuster WHOIS dig nslookup ffprobe ffplay VLC
Packet Analysis & Web Testing
Wireshark tshark Burp Suite cURL wget Netcat OpenVAS
Forensics & Memory Analysis
Volatility 3 NetworkMiner strings exiftool 7z Hashcat John the Ripper
Decoding & Support Tools
CyberChef Base64 decode URL decoding ChatGPT OSINT techniques Google Maps
// Process

How I Approached the Competition

Step 1 — Accepted the Challenge and Set the Mindset

I first learned about the DoD Cyber Sentinel Challenge through the GovTech Blueprint Skool community. When I received the acceptance email, I was surprised and questioned whether I belonged in the event. I chose to show up, compete, and treat the experience as a learning opportunity instead of letting doubt make the decision for me.

Step 2 — Prepared the Workspace

I used Kali Linux as my main environment and kept organized notes on tools, commands, clue paths, solved items, and tasks that needed more research. Staying organized mattered because CTF pressure can make it easy to lose track of what has already been tested.

Step 3 — Started with Reconnaissance

For target-based challenges, I began by identifying what was available. I used Nmap and DNS tools to map ports, services, hostnames, and possible application paths. This helped me avoid guessing and made each next step more intentional.

Steps 4–9 — Working Through Each Challenge Category

  • STEP 04Web Challenges — Reviewed page content, checked robots.txt, used cURL, and validated hidden paths. Confirmed that robots.txt disallowed paths can be direct evidence leads.
  • STEP 05Virtual Host Enumeration — Inspected TLS certificate SAN fields to uncover hidden hostnames, then used host-header testing via Burp Suite and cURL to reach hidden content.
  • STEP 06Packet Analysis — Used Wireshark to inspect protocols, follow HTTP streams, and extract sensitive data from plaintext network traffic. Reinforced why encryption matters.
  • STEP 07Protocol Enumeration — Used Nmap to find exposed RTSP ports, then ffprobe and ffplay to enumerate valid stream names and validate connections.
  • STEP 08OSINT Geolocation — Slowed down, compared visual details in images, checked map context, and used public press releases to geolocate a building within the required coordinate radius.
  • STEP 09Advanced Forensics — Chained PCAP analysis, VNC keystroke review, Volatility 3 memory forensics, SSLKEYLOGFILE recovery, and TLS decryption into a single investigation workflow.

Step 10 — Final Score and Reflection

I earned 1,200 points during the competition and finished with a final score of 975 after revisiting tougher tasks. I placed #767 out of 2,151 participants — in the top 36% of all competitors in a DoD-level national event.

The biggest win was proving to myself that I can learn under pressure, keep moving when stuck, and turn the experience into real portfolio evidence. Every unsolved challenge identified a skill gap that became a future lab or study target.

// Takeaways

Lessons Learned

LESSON 01
Do not underestimate yourself. Growth happens at the edge of your comfort zone. I entered with doubts, but competing proved that I can step into hard technical spaces and still perform.
LESSON 02
Reconnaissance matters. The better I understood the target, service, file, or clue, the less time I wasted guessing and the more confident my next move was.
LESSON 03
Tools are only part of the job. Nmap, Burp Suite, Wireshark, Volatility, and Hashcat are powerful, but the real skill is knowing why to use a tool and how to interpret the result.
LESSON 04
Unsolved challenges still teach. Every hard task exposed a skill gap that can become a future lab, study session, or portfolio project. Not finishing is not failing.
LESSON 05
Documentation turns experience into proof. Capturing the tools, process, lessons, and next steps makes the challenge valuable long after competition day ends.
LESSON 06
Time management is a cybersecurity skill. In a timed challenge, knowing when to move on can matter just as much as technical knowledge. Forward momentum wins over perfectionism.
// Building On This

Next Steps

Labs & Projects Inspired by This Competition

  • Create a Wireshark lab focused on plaintext HTTP stream analysis, POST data extraction, and URL decoding
  • Create a web discovery lab focused on robots.txt, hidden paths, directory enumeration, and safe documentation
  • Create a virtual-host recon lab covering TLS SAN inspection, hosts-file mapping, and host-header testing
  • Create an Nmap + service enumeration lab including port scanning, service versioning, and decision-making
  • Create a beginner forensics lab using strings, exiftool, and basic encoded artifact review
  • Create an advanced stretch lab on PCAP + memory analysis using Volatility 3 and Wireshark together
  • Continue studying CompTIA A+ while connecting hardware, networking, and troubleshooting to cybersecurity fundamentals
  • Use future competitions to measure skill growth and build confidence for real-world cybersecurity and IT support roles
← Back to All Projects View My Labs →