Every round the challenge gave us 3 different elements in the same format:

'NEHQAOBYXUGDZMPSKFRIJVWLCT', 2, 'VUB QBJV CHN VK BSVBI KWI QWJGSBJJ GJ VK QB QKIS GSVK GV'

The first element (NEHQAOBYXUGDZMPSKFRIJVWLCT) is always a 26 chars string, a strong indicator of a substitution alphabet. The second element (2) is always a number between 1 and 26, which seems like an offset. It could be related to a rotation, like in a Caesar Cipher. The last element is probably the encrypted message itself.

With these informations in mind we confirmed there were indeed both a substitution and a rotation involved. To decrypt, we first substituted back the message according to the alphabet, and then applied a rotation according to the offset.

The script in the link gave us what we needed.

Original writeup (https://github.com/pogTeam/writeups/tree/master/2017/3DSCTF/cappo).