The main lesson I learned is that if you run into a wall, stop and look for another way.
The second lesson: Like in Zen and the Art of Motorcycle Maintenance, start with the simplest answer first. In all 4 of the cases belw, it worked when I stepped back to doing something simple rather than trying to solve some ultra-complex obfuscation of logic. In the examples, I took my own advice once, and it worked out great. Three times I wasted a bunch of time because I got caught up in the complexity and the noise.
Time saved based on the above:
I solved Unix level 3 in just a few minutes by glancing at the code in IDA and recognizing that it was all noise. I stepped back and reviewed what "strings" revealed, researched the code mentioned in that and had a strategy to work.
Time wasted failing to heed the above:
I spent hours on threat level 1 trying permutations of xor, using parts of the .php name and such to no avail. When I finally dealt with all the noise in the simplest data, just a base64 decode, the answer was clear. I decoded all the lines into a text file, opened it up in sublime, deleted all the 317 occurrences and the key appeared.
I spent hours on Unix level 4 trying to guess a password to either the stego or the zip file. I didn't even think of the simplest case of no password. There were what appeared to be clues, but all the permutations of interpretation I could come up with failed, but I persisted, eventually costing me the time I could have used solving level 7. When I finally took a step back and thought about it, the path was clear and in just a few minutes I was reversing a Mach-O file rather than trying to brute force a password.
I failed level 7 for a couple of reasons, but one in particular messed me up: I couldn't get the program to branch to where I wanted. I should have realized that since I believed I understood the conditions to get there, and since I didn't believe those conditions were achievable, I should have looked elsewhere. After the competition, I stepped back and just played with the strings I had in a way that I expected to work, and it did.