diff --git a/content/posts/adventofctf/challenge_0.md b/content/posts/adventofctf/challenge_0.md
new file mode 100644
index 0000000..42c83a7
--- /dev/null
+++ b/content/posts/adventofctf/challenge_0.md
@@ -0,0 +1,42 @@
++++
+author = "Maik de Kruif"
+title = "Challenge 0 - AdventOfCTF"
+date = 2020-12-02T17:20:28+01:00
+description = "Challenge 0 of AdventOfCTF."
+tags = [
+ "AdventOfCTF",
+ "challenge",
+ "ctf",
+ "hacking"
+]
+categories = [
+ "ctf",
+ "hacking",
+]
++++
+
+- Points: 1
+
+## Description
+
+Do you remember the flag in the teaser website?
+
+## Solution
+
+Use the Wayback Machine to get the teaser page.
+
+
+When taking a look at the source we find the following comment:
+
+```html
+
+```
+
+If we then use `base64` to decode this string we get `NOVI{HEY_1S_Th1S_@_Fla9?}`.
+
+```bash
+> echo "Tk9WSXtIRVlfMVNfVGgxU19AX0ZsYTk/fQ==" | base64 -d
+NOVI{HEY_1S_Th1S_@_Fla9?}
+```
+
+This flag can then be submitted for the [challenge](https://ctfd.adventofctf.com/challenges#0-1).
diff --git a/content/posts/adventofctf/challenge_1.md b/content/posts/adventofctf/challenge_1.md
new file mode 100644
index 0000000..6517bde
--- /dev/null
+++ b/content/posts/adventofctf/challenge_1.md
@@ -0,0 +1,43 @@
++++
+author = "Maik de Kruif"
+title = "Challenge 1 - AdventOfCTF"
+date = 2020-12-02T17:27:25+01:00
+description = "Challenge 1 of AdventOfCTF."
+tags = [
+ "AdventOfCTF",
+ "challenge",
+ "ctf",
+ "hacking"
+]
+categories = [
+ "ctf",
+ "hacking",
+]
++++
+
+- Points: 100
+
+## Description
+
+All starts should be easy
+
+Visit to start the challenge.
+
+## Solution
+
+When taking a look at the source we find the following comment:
+
+```html
+
+```
+
+If we then use `base64` to decode this string we get `advent_of_ctf_is_here`.
+
+```bash
+> echo "YWR2ZW50X29mX2N0Zl9pc19oZXJl" | base64 -d
+advent_of_ctf_is_here
+```
+
+We can then enter this string on the challenge website after which it will give us the flag: `NOVI{L3T_7H3_M0NTH_0F_FUN_START}`.
+
+This flag can then be submitted for the [challenge](https://ctfd.adventofctf.com/challenges#1-2).
diff --git a/content/posts/adventofctf/challenge_2.md b/content/posts/adventofctf/challenge_2.md
new file mode 100644
index 0000000..40d08c7
--- /dev/null
+++ b/content/posts/adventofctf/challenge_2.md
@@ -0,0 +1,56 @@
++++
+author = "Maik de Kruif"
+title = "Challenge 2 - AdventOfCTF"
+date = 2020-12-02T17:30:25+01:00
+description = "Challenge 2 of AdventOfCTF."
+tags = [
+ "AdventOfCTF",
+ "challenge",
+ "ctf",
+ "hacking"
+]
+categories = [
+ "ctf",
+ "hacking",
+]
++++
+
+- Points: 200
+
+## Description
+
+For the 2nd challenge you will need to bypass the login mechanism.
+
+Visit to start the challenge.
+
+## Solution
+
+When opening the website we're provided with a login form. If we fill in the form with random data, we're greeted with some text that says a guest cannot access the flag.
+
+After trying serveral things, I opened the devtools to have a look at the cookies. Here we find a cookie with the name `authenticated`:
+
+```cookie
+authenticated=eyJndWVzdCI6InRydWUiLCJhZG1pbiI6ImZhbHNlIn0%3D
+```
+
+The value of this cookie looks like a base64 encoded string so lets try to decode it:
+
+_Note: in a url encoded string, the text `%3D` means a `=`._
+
+```bash
+> echo "eyJndWVzdCI6InRydWUiLCJhZG1pbiI6ImZhbHNlIn0=" | base64 -d
+{"guest":"true","admin":"false"}%
+```
+
+The result is some JSON data which specifies whether we are a guest or an admin.
+
+Normally, we can easily alter the string to say we're an admin, but this time there is some weird non-printable character at the end. This means we can't easily modify it while still having the correct response. To circumvent this, I'll use `sed` to replace the string while keeping the non-printable character:
+
+```bash
+> echo "eyJndWVzdCI6InRydWUiLCJhZG1pbiI6ImZhbHNlIn0=" | base64 -d | sed 's/"guest":"true"/"guest":"false"/g' | sed 's/"admin":"false"/"admin":"true"/g' | base64
+eyJndWVzdCI6ImZhbHNlIiwiYWRtaW4iOiJ0cnVlIn0=
+```
+
+If we put this string back into the cookie and refresh the page we get the flag: `NOVI{cookies_are_bad_for_auth}`.
+
+This flag can then be submitted for the [challenge](https://ctfd.adventofctf.com/challenges#2-3).
diff --git a/content/posts/adventofctf/intro.md b/content/posts/adventofctf/intro.md
new file mode 100644
index 0000000..af6362e
--- /dev/null
+++ b/content/posts/adventofctf/intro.md
@@ -0,0 +1,26 @@
++++
+author = "Maik de Kruif"
+title = "Intro to AdventOfCTF"
+date = 2020-12-02T17:10:12+01:00
+description = "Challenge 0 of AdventOfCTF."
+tags = [
+ "AdventOfCTF",
+ "challenge",
+ "ctf",
+ "hacking"
+]
+categories = [
+ "ctf",
+ "hacking",
+]
++++
+
+So, I'm in this Discord server and somebody by the name [@credmp](https://twitter.com/credmp) thought it'd be a great idea to do an advent calendar of CTF challenges. Every day of december, up until christmas, a new challenge will open up. It starts out easy, accessible to anyone and will grow in complexity as time progresses.
+
+For me, this will be a good opportunity to share some insight in these kind of challenges for people who aren't familiar with them.
+
+To get an overview of all my writeups for this CTF, go [here](/tags/adventofctf/).
+
+## What is a CTF?
+
+CTF stand for Capture The Flag, it's a kind of information security competition that challenges participants to solve a variety of puzzles. The challenges range from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data. In these challenges, you are usually asked to find a specific piece of text that may be hidden on the server or behind a webpage. This text is called a flag, hence the name "Capture The Flag".