PolyU x NuttyShell Cybersecurity CTF 2025
Capture The Flag (CTF) competition co-organized by The Hong Kong Polytechnic University and NuttyShell, featuring real-world cybersecurity challenges and hands-on infrastructure deployment.
Event Overview
The PolyU x NuttyShell Cybersecurity CTF 2025 brought together students and professionals to solve a series of cybersecurity challenges, ranging from web exploitation and reverse engineering to forensics and cryptography. The event was a major success, with over 200 participants and dozens of custom challenges.
My Role & DevOps Contribution
As a core member of the organizing team, I was responsible for the end-to-end DevOps pipeline and infrastructure automation. My hands-on contributions included:
- Proxmox VE: Provisioned and managed virtualized challenge environments using Proxmox, enabling rapid deployment and isolation of CTF services.
- pfSense: Configured pfSense firewalls and VLANs to segment networks, enforce access controls, and monitor traffic for challenge infrastructure.
- Splunk: Integrated Splunk for real-time log aggregation and monitoring, providing visibility into challenge activity and supporting incident response during the event.
- CI/CD Automation: Developed scripts to automate challenge deployment, rollback, and health checks, ensuring high availability and quick recovery from issues.
- Onsite Operations: Coordinated with team members to troubleshoot infrastructure, scale resources, and maintain uptime throughout the 24-hour event.
Challenge Highlights
- Web Exploitation: Custom web apps with real-world vulnerabilities
- Reverse Engineering: Binary challenges and obfuscated code
- Forensics: Network packet analysis and disk image recovery
- Cryptography: Modern and legacy crypto puzzles
- Miscellaneous: Steganography, OSINT, and more
Infrastructure Snapshot
(Proxmox dashboard showing active CTF challenge VMs)
Hands-on DevOps Experience
- Designed and deployed multi-tenant CTF infrastructure using Proxmox for virtualization and pfSense for network segmentation.
- Automated log collection and analysis with Splunk, enabling real-time monitoring and rapid troubleshooting.
- Developed and maintained CI/CD scripts for challenge deployment and rollback.
- Gained practical experience in incident response, system hardening, and live event operations.
Outcome
The event concluded successfully, with all infrastructure running smoothly and positive feedback from participants. My DevOps work ensured a stable, secure, and scalable environment for both organizers and players.