Cipher's Log #4: Industrial Intrusion

Bornov Shyam KalitaBornov Shyam Kalita
3 min read

Intro

Status: Sleep-deprived with a headache at 3AM.

There’s something wild about chasing digital flags at midnight.

Although in my last blog, I said the next one will be about Web Exploitation, this CTF experience deserved an entry of its own.

When I joined Industrial Intrusion on TryHackMe, I wasn’t trying to win anything. I just wanted to learn, to test what I’ve been building for the past few months.
What I got instead was a warzone of routers, binaries, hidden ports, disassemblies, and the brutal love of cybersec.

💻 The Mission

The event was structured like an industrial control system breach — you had to dive into everything from reversing custom protocols to pwning binaries with no symbols, no mercy, and very little sleep.

I ended up solo-finding 6 flags, each one a new flavor of pain and pride.
My team? We cracked 12+ boxes total, landing ourselves in the top 5% globally.
First-ever CTF.
No hand-holding.
Just grind, wits, and way too much caffeine.

🔍 My Favorite Kill

There was this one box. I had almost given up on it past midnight.

But something inside me wouldn’t let it go.
I kept digging and found a hidden HTML page after snooping through some weird behavior.
That page led me to 20 different links — a messy maze of dead ends... except for one.

Boom — a private SSH key, just lying there like treasure under a pixel. The excitement of finally seeing a light-source after hours of wandering in the dark blew away all the drowsiness inside me.
Slept at 4:30AM, but only after using that key to pivot, get user.txt, and somehow sneak into the root folder via vim, no privesc needed, and then getting the root.txt.

That moment? Pure euphoria.

⚔️ Lessons from the Field

  • Knowledge gaps feel brutal. Especially when you’re staring at raw ROP chains, hex dumps, and stack canaries with a headache. But now I know what to learn next — and that’s a win.

  • Tools don’t solve everything. You do.

  • Sleep is optional when the flag is close. (Still not recommended though 😵‍💫)

  • Nothing beats practical experience. I learned more in 48 hours of CTFing than in weeks of passive reading.

🎯 What’s Next?

I’ve got:

  • A checklist of topics to master (binary exploitation, advanced recon, reversing)

  • A deeper hunger to level up

  • And a ridiculous respect for the people who do this every day professionally

This wasn’t just a CTF.
It was a mirror — showing me who I am under pressure, what I care about, and how far I’ve come since starting this journey.

Final Echo:

“It’s not about being ready.
It’s about showing up broken, tired, and clueless — and still doing it anyway.”

That’s what I did.
And that’s what I’ll keep doing.

Bornov | WizB 🧙‍♂️

Check GitHub for my notes and writeups

2
Subscribe to my newsletter

Read articles from Bornov Shyam Kalita directly inside your inbox. Subscribe to the newsletter, and don't miss out.

#cybersecuritycybersecurityCyberSecCTFtryhackmethmpentestingpenetration testinginfosecITlearningLearning JourneyExperience

Written by

Bornov Shyam Kalita
Bornov Shyam Kalita

An ECE undergrad student at NIT Silchar, India. Interested in cybersecurity and more specifically, the red teaming side of it and wishes to build a career in it. Also extremely passionate about tech and physics.