05/07/2025

Tags: CTF , AI , Productivity , Cybersecurity

Are CTFs Pay2Win?

Alright, let’s cut to the chase. The Skills Battle CTF. You know, that competitive shindig for us IT folks. My boss nudged me, said it’d be a “good idea.” So, I figured, why the hell not? Threw my hat in the ring, not expecting much.

The Slow Burn Start

I’m not gonna lie, I started out slower than a dial-up modem. Took me a painstaking 45 minutes for a single flag. I was all over the place, distracted. I needed to lock in, and fast. My position on the graph? Buried at the bottom.

Flipping the Script

After that initial crawl, around the 10:00 mark, things changed. Instead of hitting a wall or getting exponentially slower like a lot of the others, I put my older brother on the game.

There was a 1096 point difference between me and the second place.

I knocked out three challenges back-to-back in about 20 minutes. Flag after flag after flag. Turns out, that first super slow flag? It was one of the hardest ones. And thanks to the “first blood” style scoring. more points for flags fewer people capture. that initial pain paid off, big time. I shot up the leaderboard, leaving a good chunk of the competition eating my dust.

I ended up tying for first place with FOUR OTHER COMPETITORS.

I was the first to solve the second to last challenge, but they were all close.

(I’m the blue line)

The Unfair Advantage: My Setup

How’d I pull it off? My setup, pure and simple. Rocking my MacBook, I had everything streamlined. Need to brainstorm or debug? Ctrl+Space + chat and boom, ChatGPT was ready for my prompts. Need to scope a repo? Ctrl+Space + g and GitHub was there in a blink.

ps: THANKS, RAYCAST! (not sponsored)

My rig did the heavy lifting; I just had to articulate the problems. to myself, and yeah, to my AI sidekick. I wasn’t just faster; I was operating on a different level. I completely demolished the others.

Agents: The Fucking Game Changer

And this brings me to my main takeaway: Agents are… FUCKING AMAZING. Seriously. My workflow became ridiculously efficient. Dump all relevant info for a challenge into a new directory, clearly explain the goal, and hit enter. That was basically it.

I even had Cursor set up with custom rules. One rule automatically generated a solve.md file, forcing the AI to explain the solution path after it cracked it. reinforcing my own understanding by then reading the solution. The other rule? It were instructions on how to set up a Linux Ubuntu VM for me on demand, saving me a good 20 minutes of fiddling when I needed a clean environment.

The crazy part? I didn’t even sweat writing these Cursor rules. I just typed something like: “/generate-cursor-rule I'm in a CTF and will give you challenges. The flags look like this: flag{flag_content}” and it just worked. This level of automation let me focus on the actual problem-solving, making me incredibly, almost unfairly, efficient.

The New “Pay-to-Win”: Smarter, Not Harder

This whole experience got me thinking. CTFs are leaning into a new kind of “pay-to-win.” But it’s not about just throwing more money at a bigger AI model or feeding it endless files hoping it’ll magically spit out flags.

The real edge comes from how you use these tools. It’s about figuring out:

“How can I explain this problem to the AI so it can then understand the path to the solution, or even explain parts of the solution, back to me?”

You make the AI an extension of your own thought process, a powerful collaborator. You leverage it to break down complexity, to automate the grunt work, to see patterns you might miss. That’s how you break the pattern of stupid answers in a high-pressure environment.

Wrapping Up

I genuinely enjoy CTFs. They’re a blast. But I’ve gotta be honest: I wouldn’t have been anywhere near the top, nor would I have operated at that speed, without AI integrated into my workflow.

I’ve tried it with and without AI, and while it’s more rewarding without, it’s just not feasible to do without it.

TLDR; I didn’t just win; I leveraged AI to redefine what “winning” looked like. Call it P2W, call it adaptive thinking, call it whatever. It worked.

Huge thanks to the Skills Battle organizers and everyone involved. It was a hell of a ride.

FIRST PLACE BABYYYY