https://nicolasuter.ch/tags/fabric/Recent content in Fabric on Nicola SuterHugo -- gohugo.ioen-US© 2026 Nicola SuterFri, 16 Jan 2026 21:00:03 +0000https://nicolasuter.ch/ai-solved-ctf/Fri, 16 Jan 2026 21:00:03 +0000https://nicolasuter.ch/ai-solved-ctf/<p>At this year&rsquo;s YellowHat conference in Almere, the Dutch security community had the chance to participate in a Capture The Flag (CTF) competition organized by one of the conference sponsors - <a href="https://academy.bluraven.io/" target="_blank" rel="noreferrer">Blu Raven</a>. Mehmet from Blu Raven did a great job setting up a CTF with realistic scenarios and datasets, which made it a lot of fun to solve the challenges.</p> <h2 class="relative group">Foreword <div id="foreword" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#foreword" aria-label="Anchor">#</a> </span> </h2> <p>Being a big fan of CTFs and digital forensics and incident response (DFIR) in general, I couldn&rsquo;t resist the temptation to participate. After numerous attempts to solve the first challenge and an enlightening tip from a colleague, I made some progress and solved the first 12 challenges.</p> <p>To avoid running out of time, I decided to try something unconventional for the remaining challenges - I used AI to help me solve them. Professor Smoke aka Henning Rauch teased the new Microsoft Fabric Real-Time Intelligence (RTI) capabilities during his talk at YellowHat¹, so I thought this would be a great opportunity to test these out in a real-world scenario. Little did I know that the outcome would be surprising!</p> <h2 class="relative group">Preconditions <div id="preconditions" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#preconditions" aria-label="Anchor">#</a> </span> </h2> <h3 class="relative group">Azure Data Explorer <div id="azure-data-explorer" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#azure-data-explorer" aria-label="Anchor">#</a> </span> </h3> <p>Because the CTF data was stored in an Azure Data Explorer (ADX) cluster, the prerequisite for using the Fabric RTI MCP server was already met, because we can query data in Eventhouse <strong>and ADX</strong>. Besides that I had already set up <a href="https://learn.microsoft.com/en-us/visualstudio/ide/copilot-agent-mode?view=visualstudio" target="_blank" rel="noreferrer">GitHub Copilot within Visual Studio Code in agent mode</a> from previous AI ramblings.</p>