top of page
Search

Cracking the Code: My Journey Through the Department of Defense Cyber Sentinel Challenge

  • Writer: Holy City High
    Holy City High
  • Jun 16
  • 5 min read
Cyber Sentinel Challenge hosted by the United States Department of Defense on June 14th.
Cyber Sentinel Challenge hosted by the United States Department of Defense on June 14th.



In the realm of national security, the battlefield has shifted. No longer fought only with boots on the ground, modern warfare is increasingly waged behind screens, in terminals, and across vast networks. As a cybersecurity student at Western Governors University, I’ve always been fascinated by this digital frontier — a space where logic, creativity, and vigilance come together to protect what matters most.

That passion led me to one of the most eye-opening and intense experiences of my cybersecurity journey so far: The United States Department of Defense Cyber Sentinel Challenge, hosted by Correlation One.


From Virtual Classroom to Cyber Arena

Studying cybersecurity at WGU has given me a strong foundation in system defense, vulnerability analysis, and ethical hacking. The flexibility of the program allowed me to pursue hands-on learning while studying for certifications like CompTIA A+, Network+, and Security+. Still, nothing in a textbook quite compares to a real-time Capture The Flag (CTF) event backed by the U.S. Department of Defense.

The Cyber Sentinel Challenge wasn't just about finding vulnerabilities — it was about solving real-world digital problems under pressure, as if lives (or national secrets) were on the line. The event was timed, scored, and categorized into major cybersecurity domains. It tested not only my technical knowledge but also my persistence, analytical thinking, and creativity.


The Mission: Capture the Flags

Participants were given access to a range of challenges across key cybersecurity disciplines:

  • Web Application Security

  • Network Security

  • Reverse Engineering / Malware Analysis

  • Cryptography

  • Forensics

  • OSINT (Open-Source Intelligence)

  • Bonus Engagement Flags (e.g., onboarding, survey)

Each flag represented a specific challenge with a point value. Some were quick wins that tested basic skills, while others involved hours of digging, decoding, or deconstructing.


Web Application Security: The Gateway Bugs

In the Web Security challenge titled "Secret.txt Society", I was tasked with performing reconnaissance on a vulnerable site. Using dirb and manual crawling, I discovered unlinked endpoints and files that should’ve never been public. One contained sensitive information disguised as a harmless .txt file. This flag reinforced a truth we all learn early in cybersecurity: security through obscurity is not security at all.


Security: Reading Between the Packets

The "Packet Whisperer" challenge pushed me into Wireshark territory. I had to analyze PCAP files to find patterns of exfiltrated data. Using filters, I traced a suspicious stream of HTTP GET requests. Buried in the packet payloads were base64-encoded messages that, when decoded, revealed the flag. The process was tedious but exhilarating — a reminder of how much you can learn from traffic if you know what to look for.


Malware/Reverse Engineering: Decoding the Enemy’s Code

This category, with challenges like "Hardcoded Lies" and "Encoded Evidence", tested my ability to reverse engineer binaries. In one case, I disassembled an executable using Ghidra, revealing a function that compared user input to a hardcoded string — our flag. Another challenge used multiple encoding layers (Base64, Hex, ROT13) to mask data. These challenges made me feel like a digital archaeologist, unearthing secrets buried in logic.


Cryptography: The Cipher Struggle

Although cryptography wasn’t my strongest suit, I did encounter ciphers embedded into broader challenges. Whether decrypting encoded flags or recognizing weak implementations, this category underscored the importance of understanding how data can be scrambled — and unscrambled — in transit. It’s one thing to read about encryption algorithms; it’s another to reverse them under time pressure.


Forensics: Hidden in Plain Sight

Two challenges — "Hidden in Plain Sight" and "Behind the Beat" — required me to dig into media files for concealed data. Using tools like binwalk and exiftool, I found zip files inside MP3s and metadata pointing to server locations. One flag involved decoding steganographic content embedded in audio file spectrograms. These tasks reinforced the forensic mantra: every file has a story if you know where to look.

OSINT: Spying with Open Eyes

This category was one of the most mentally stimulating. In "Cafe Confidential" and "Problems in North TORbia", I pieced together information from public websites, social media, and DNS records to build a threat profile. One challenge required tracking a suspect via Twitter posts, LinkedIn activity, and leaked documents. Another had me identify a covert operation based on news clippings and WHOIS data. OSINT taught me that hackers don’t always need to breach firewalls — sometimes, people give away everything themselves.

Bonus Flags: More Than Just Challenges

Throughout the competition, bonus flags were offered for things like platform onboarding, submitting practice flags, and completing the Post-Competition Survey. These may seem simple, but they were a great reminder of how engagement, documentation, and reflection are vital in real-world security roles.

The Post-Competition Survey asked questions that made me reflect:

  • What categories did I enjoy most?

  • Where did I struggle?

  • What will I do differently next time?

My answers were clear: I thrived in OSINT, Web, and Networking — and I want to keep sharpening my skills in reverse engineering and cryptography.


Lessons Learned & Looking Ahead

Participating in the Cyber Sentinel Challenge didn’t just validate my skills — it revealed what’s possible. I learned:

  • Cybersecurity isn’t about knowing everything; it’s about being resourceful.

  • Every missed flag is a new study session.

  • Teamwork matters, even in solo competitions — the Slack channel was full of insights, encouragement, and shared experiences.

Moving forward, I plan to keep building. I’ll continue participating in CTFs, complete my degree at WGU, and pursue advanced certifications like CySA+, PenTest+, and eJPT. I’m also working on real-world pentesting through platforms like HackerOne and TryHackMe.

Final Thoughts: Answering the Cyber Call

The Cyber Sentinel Challenge reminded me why I chose this field. Cybersecurity isn’t just about code — it’s about protecting people, systems, and trust. Whether you're scanning for ports, digging through metadata, or reverse engineering binaries, you're defending something much bigger than yourself.

To any cybersecurity students out there, especially my fellow WGU classmates: Get involved. Apply for challenges like this. Learn by doing. There's no better way to grow.

For me, this is just the beginning. And the next time the Department of Defense calls for Cyber Sentinels — I’ll be ready.


Additional Perspective: Tune In

For those interested in a deeper dive into my experience — the highs, the hurdles, and the behind-the-scenes mindset during each challenge — I’ll be releasing a special recap episode on The Digital Tide Podcast. In it, I’ll break down key strategies, talk through what I learned from each discipline, and share insights that didn’t make it into this blog. Whether you're a fellow cybersecurity student, a CTF enthusiast, or just curious about what it’s like to compete in a Department of Defense cyber challenge, this episode is for you.

Stay tuned — the tide is rising.

Comments

bottom of page