2022 Overview


Like 2022, we took in everyone who applied and showed interest to follow along with the program. The full sheet of participant attendance can be seen here

Of the 20 participants who marked themselves present at some point, 4 finished all the assigned task.

Our initial claim for 2022 session was

This year we are taking a more heads-on approach to cybersecurity. We will focus on a single platform Proving Grounds and tackle machines from there. Each week, one of the mentors will root/hack one machine in real time during a lecture session. Afterwards, one to two machines of related concepts and comparable difficulty will be picked as practice machines for the week. Mentors will be available for office hours to help with the machines.

During the weeks, we covered eight Proving Grounds and HackTheBox machines and assigned eight take home machines for practice. In turn, we asked mentees to submit their writeups for eight of the Proving Grounds or HackTheBox machines for certificate of completion. The final submissions from the particpants are available here at notion


At the end of the 2022 cycle, we asked the candidates in the program to:

Write a letter to our 2022 applicant telling them about your 2021 experience with gajabaar (250-500 words). Use this as a moment to reflect upon your past two months of working with us. What was your impression going in? Did we live up to it/surpass it/let you down? In what ways? Do you have tips for our future applicant?

The letters have been reproduced exactly as they were submitted (with possible exception of removing identification).

Experience ramro thiyo~~

Dear 2023 applicant, When I join gajabar I was just beginer or say totally new in cyber security field due to which I got lots of difficulty in understanding the simple simple things. So before joining this cyber security you should know at least the basic of cyber security . You should know the cyber security tools, service vulnerability .

Dear applicant, I assume you too are new to cybersecurity and pentesting much like I was when I signed up for Gajabaar. Then, I would wholeheartedly recommend you enroll in the program. This program will be more than just a teaching session. Initially, cybersecurity seems like a foreign topic to most people. Here, Gajabaar gives you the headstart needed to start dabbling into pen-testing and CTFs. Along with that you will make new friends, and improve your communication and presentation skills. Our Sessions which happened every Saturday were very exciting as we were introduced to newer topics and domains. Then came the fun part of doing Assignments or Boxes as we called them. Solving these machines was a challenging and time-consuming task but was the most fun time of the week for me. Then came the part of writing a report for the boxes. Although not as fun as solving CTFs, It really helped me reflect on what I did and what kind of exploitation methods I used. Your time at Gajabaar is going to be a fun one. You never feel like an outsider. Our mentor Prasant dai is a very friendly person. You will solve various challenging problems and learn new topics and concepts. You get to meet other like-minded people. With that being said hope you have a great time at Gajabaar.

Dear applicant, I remember the time when I first heard about this program through a friend. I was in first year of college, and had absolutely no idea about security. I did have an interest in security, more specifically low level stuff (didn’t know “binary exploitation” was the term to use at that time), and had been doing some basic CTFs. I read all I could find about Gajabaar, and decided to join. I wrote the application and after a few days, there was the first orientation session. The mentors were very chill which helped me talk and ask questions. Fast forward a few more days, and we had our first official session. At first, the mentors got us familiar with the general steps to solving machines. This helped tremendously as I could have a series of steps to perform during the labs rather than trying whatever came to my mind. After we were comfortable with the basics, we started to tackle some complex machines and although they were definitely harder, the mentors were quite helpful with with things we didn’t understand. In each session, the mentors would show us a machine introducing a new concept, and walk us through tackling them. At the end of every session, we were assigned to tackle a similar machine and submit write-ups. The write-ups helped us understand the concepts better and also served as a way to show that we completed the machines. Although the mentors helped us through many of our obstacles, I thought I should mention this: the applicants shouldn’t expect the mentors to cover the computer science concepts themselves as it’s simply not feasible. We will use tools like nmap assuming that we already know some basic networking (like ports and IP addresses). Anyway, I hope you enjoy this program as much as I did. Wish you all the best!

When I first heard about the program, I was very excited to join but I was in dilemma whether to join or not since my university classes were about to start. But after realizing the classes would run online, I decided to join. The first week was overwhelming and so fun especially bandit. The following weeks were very engaging and provided a lot of new knowledge as well. I got stuck at various places but overcame them easily until the lab of sqli came in. I think the mentors and volunteers were beyond my expectation in their enthusiasm to provide us the knowledge, resources and help. Mentors always responded to my queries and were very friendly. The only tip I have for future applicant is make sure you have enough time to work on the materials and be consistent with each week otherwise things pile up and motivation goes downhill.