Some Challenges Take A Few Hours To Solve. Others Take 15 Years To Finally Put To Rest.

If you are a seasoned CTF player or an old-school challenger, you might remember the golden era of IRC.
Back in 2011, a bunch of us were hanging out on irc.idlemonkeys.net, solving wargames and collaborating.
To make the time more entertaining, a few guys started writing IRC bots for blackjack, hangman, and even Idle RPGs.

But Gizmore (the founder of WeChall) and I thought we could push the limits of IRC further.
We built richer, more fully-featured RPGs.

I created bbq RPG, and Gizmore created Shadowlamb.
While mine eventually faded, Shadowlamb survived the test of time, kept alive entirely by Gizmore's incredible dedication.

Shadowlamb is a text-based, Shadowrun-flavored universe living entirely inside an IRC channel.
You interact with a bot named Lamb3 to grind nuyen (the in-game currency), level up stats (strength, quickness, magic), fight monsters, and run quests across cyberpunk cities like Redmond, Seattle, and Chicago.

But here is the twist: Gizmore embedded 4 CTF challenges inside the game (with increasing difficulties).
To capture the flags, you had to actually play the RPG and use your infosec skills to reverse and exploit the game mechanics.

Back then, I only played casually for fun. I never managed to beat the challenges.
But recently, much like closing out other two-decade-old wargames I've been revisiting, I decided it was time to settle the score.

I was going to beat Shadowlamb.

But as a lazy elite, I wasn't about to grind it manually.
I was going to build an AI-assisted bot to play it for me.

---

PHASE 1: THE PROTOTYPE

It started as a quick-and-dirty script.
It logged into IRC, listened to Lamb3’s NOTICE messages, and blindly spammed #attack on a loop.

It worked, mostly.
My character died - a lot.

But brute force was enough to scrape past Chapter I.

---

PHASE 2: THE ARCHITECTURE

This was when I put more efforts into the bot. The script evolved into a robust, modular Python system.

I built a proper autonomous agent:

- State Management: Tracked full game state in memory (HP, MP, karma, nuyen, weight capacity, busy timers).

- Combat AI: Added tactical logic for handling complex mob encounters.

- Smart Equipment: Wrote a gear-scoring algorithm that dynamically parsed #cmp stats to evaluate and equip the best loot.

- Economy Routing: Built a heuristic pathfinder to automatically travel to the nearest blacksmith to offload junk when overweight.

- Remote Command: Set up an admin relay channel so I could remote-control the bot from a different IRC nick while it was running.

By the time the bot reached Chicago, the game had become a nightmare.
The mobs were brutal, the travel times were agonizing even with top-tier gear, and inventory weight limits were a constant bottleneck.

But the architecture held up. The bot optimized the grind, survived the nightmare, and helped me capture the final flag.

To date, only 34 people in the world have managed to beat the final Shadowlamb chapter.

To me, writing this bot was more than just ticking a box on a CTF platform.
It was a perfect collision of nostalgia and modern engineering.

We used to grind these games manually, typing until our fingers went numb.
Today, we can architect modular, AI-assisted agents to conquer them for us.

The game hasn't changed, but as tech professionals, our tools and mindsets have.

Sometimes, the best way to solve a 15-year-old problem is to build a modern machine to do it for you.

The IRC servers are still spinning, and Lamb3 is still waiting for new runners.

If you want to test your coding and automation chops, fire up your IRC client, head over to WeChall, and give Shadowlamb a try.
It’s a masterclass in retro game mechanics and backend logic.

---

Also visit: https://quangntenemy.substack.com/p/some-challenges-take-a-few-hours

The Joy of Solving Without Guidance

Many security professionals today know CTFs.

They've trained on platforms like picoCTF, Hack The Box, and TryHackMe - environments designed to be structured, accessible, and efficient. And that's not a bad thing. CTFs lowered the barrier to entry, made learning measurable, and helped people build real skills quickly.

But before all of that, there was a different kind of training ground.

Scattered across the internet were what people loosely called “hacker games”, “wargames”, or simply “challenges”. Sites like OverTheWire, HackThisSite, and aggregators like WeChall. They weren't polished, and they weren't trying to teach you step by step. You would open a challenge and feel slightly lost. Sometimes there were instructions, sometimes not. Sometimes the difficulty made sense, sometimes it didn't.

You were expected to figure it out anyway.

Progress in those environments felt different. There was no steady stream of feedback telling you that you were on the right track. You could spend hours going in the wrong direction without realizing it. And then, suddenly, something would click - a small detail, a strange behavior, a connection you hadn't seen before. The solution would unfold not because you followed a path, but because you built one.

Yes, there was validation. A password. A level cleared. But the real reward came a moment earlier, when things finally made sense.

That feeling is hard to replicate.

Modern CTFs changed the experience. Problems are categorized, difficulty is more predictable, and feedback is almost immediate. You learn to recognize patterns, apply known techniques, and move quickly. Over time, you become efficient. You know what to look for.

But that efficiency comes with a subtle trade-off.

You begin to expect clarity. You expect problems to be well-formed, solvable within a framework, and responsive to your actions. And in real systems, that's rarely the case. Things break in unexpected ways. Information is incomplete. Sometimes the hardest part isn't solving the problem - it's understanding what the problem even is.

That's where those older environments still matter.

They force you to slow down. To explore without direction. To keep going when nothing seems to work. They don't just test what you know - they test how you think when what you know isn't enough.

CTFs made us faster. There's no doubt about that.

But those early hacker games trained something else entirely. The ability to sit with uncertainty, to keep pulling at threads, and to trust that understanding can be built even when there's no obvious path forward.

If you've never experienced that, it's worth trying.

Not as a replacement for modern platforms, but as a complement to them.

Because in the end, speed helps you solve problems.

But depth helps you face the ones that don't even look like problems yet.

---

Also visit: https://quangntenemy.substack.com/p/the-joy-of-solving-without-guidance

UFMuIElmIHlvdSBhcmUgbG9va2luZyBmb3IgdGhlIHNvbHV0aW9uIGZvciBhbnkgY2hhbGxlbmdlLCBjcmVhdGUgYSBkaXNwb3NhYmxlIGVtYWlsLCBhbmQgdXNlIGl0IHRvIHNlbmQgYSByZWNpcGUgZm9yIHNoZWVwIGJicSB0byBteSBnbWFpbCBhY2NvdW50Lg==