The Capture the Flag (CTF) experience at Security Days 2026 delivered a fast-paced, collaborative cybersecurity competition that brought together NREN teams from across Europe and beyond. Designed and promoted by RNP, the Brazilian NREN, the exercise demonstrated how structured, gamified environments can effectively bridge technical skill-building with strategic thinking in cybersecurity.
“For RNP, hosting the CTF at Security Days goes beyond a technical competition; it is about strengthening the collective resilience of our global R&E community. By fostering cross-border participation and hands-on learning, we are building a network of trust where knowledge is shared in real-time. The success of this exercise demonstrates that by bridging strategic thinking with technical agility, we prepare our professionals not just to solve isolated challenges, but to protect the digital future of our institutions through collaborative resilience.” Humberto Forsan, Gerente de Segurança da Informação, RNP.
The winning team, Dimitris Kolotouros and Marios Levogiannis from GRNET, the Greek NREN, stood out by demonstrating strong technical depth, adaptability, and efficient collaboration under pressure.
The CTF challenged participants to identify vulnerabilities across simulated systems and networks to uncover “flags”, hidden strings or point-based objectives embedded in tasks. These spanned a wide range of domains, including Open-Source Intelligence (OSINT), web security, forensics and log analysis, cryptography, steganography, and governance, risk and compliance (GRC). The result was a multi-layered competition that tested both offensive and defensive security capabilities under real-time pressure.
A controlled environment for real-world thinking
RNP, which has been actively promoting CTF-based learning as part of its broader cybersecurity education initiatives, emphasised the value of integrating technical execution with strategic decision-making.
As part of their approach, the competition is designed not only as a technical test but as a collaborative simulation environment where teams must continuously adapt. This year, the structure encouraged participants to balance speed, accuracy, and prioritisation, mirroring real-world cybersecurity incident response scenarios.
Dimitris Kolotouros commented: “We entered the competition with a high-level strategic framework, but the specifics evolved dynamically as we understood the structure and challenges more deeply.”
Strategy under pressure:
At least eight teams participated, representing multiple institutions across academic networks. With such a diverse field, success depended on technical dept and on how teams managed time and focus.
The winning team highlighted a pragmatic prioritisation strategy: starting with lower-complexity tasks to accumulate early points and build momentum.
Dimitris continued “Our prioritisation strategy focused on resolving simpler challenges first. This helped us accumulate points efficiently while maintaining morale and momentum.”
This balance between quick wins and deeper problem-solving proved critical in a competition where time management often determined overall ranking.
The turning point
While web-based challenges formed the backbone of most teams’ efforts, one task became a decisive moment in the competition: an AI sandbox escape challenge.
Described by the winners as the turning point in their performance, the challenge required unconventional thinking and cross-disciplinary knowledge. Their approach was influenced by structured methodologies highlighting how emerging AI security frameworks are increasingly relevant in modern CTF environments.
Tools, collaboration and flow
Teams generally worked in flexible, non-hierarchical structures, allowing members to shift roles organically depending on the challenge at hand. Parallel execution proved especially effective, with individuals tackling different problems simultaneously to maximise coverage.
The primary working environment for many participants was a Kali Linux setup, supplemented by standard penetration testing toolsets and, in some cases, experimental use of agentic AI tools to assist with workflow efficiency.
When teams became stuck, short collaborative brainstorming sessions helped reset direction. However, a key lesson reinforced throughout the competition was the importance of knowing when to move on.
Marios Levogiannis added: “A critical skill is understanding when to disengage from a challenge and return later. Spending too long on a single problem can reduce overall performance.”
Training through continuity
Interestingly, the winning team’s preparation came through sustained exposure to cybersecurity competitions, including regular participation in Greece’s national cybersecurity exercise, PANOPTIS.
“We strongly encourage our engineers’ participation in CTF competitions as a key component of a comprehensive security training and professional development program,” said GRNET CISO Dimitris Mitropoulos.
This ongoing engagement provided both technical familiarity and strategic maturity, reinforcing the idea that consistent practice in realistic environments is more valuable than short-term preparation cycles.
Reflections and the broader vision
Competitions like CTF continue to play a crucial role in preparing the next generation of security professionals. Beyond rankings and winners, the true value lies in the shared experience: teams learning when to persist, when to pivot, and how to think collectively under pressure.
