What are CTFs and how to get started
# CTFs?! What is that?
CTF stands for Capture The Flag and it consists of challenges in which the players attempt to break into a system or to solve some problem to get the flag. CTFs are a great way to develop your problem-solving skills, to improve your computer science knowledge in almost every aspect, since networks, cryptography, web, among others, and if you decide to work in a team it is a great way to meet people, make friends and learn a lot and share your knowledge with others!
The challenges usually have a point value associated with them, the harder the challenge the more points you get by solving it. There are challenges for every level of knowledge, from newcomers to advanced hackers. Don’t be afraid if you are new to CTFs, and don’t assume that they are too easy for you. Everyone can learn, have fun, and challenge themselves playing CTFs. In sum, CTFs are for everyone that wants to learn about computer science, in particular, hacking, and likes to solve challenging problems.!
# What are the most common challenge categories?
There are two main types of CTF challenges: Attack-Defense and Jeopardy-style.
Jeopardy-style CTFs can be divided into subcategories:
- Cryptography – These types of challenges usually involve decrypt something to get the flag.
- Forensics – In these challenges, we usually have something like a disk image or a network capture and we have to perform an investigation to retrieve the flag
- Web exploitation – These challenges are on the Web, the most common vulnerabilities exploited in these challenges are XSS, SQL injection.
- Binary exploitation – In these challenges, it is usually necessary to reverse engineer or exploit a binary file.
- Pwn – In these challenges, we usually have to exploit a server to get the flag.
- Misc – This type consists simply of a mix of the others
# What do you need to know to be able to solve CTFs?
To solve CTFs the skills you need are mainly willingness to learn and to put in the time. Of course, it is easier if you already have a Tech background but it is not necessary. CTFs or even hacking is a hands-on learning process anyway so only by doing will you learn how to hack and solve CTFs. Therefore all you need is to put in the time and consistently work on this and eventually you will become a real hacker/CTF player!
# Where can you learn the required skills to solve CTFs?
Ok, I just said you do not need any particular background or previous knowledge to start, but you are not yet ready to solve CTFs and to hack! You will first need to learn a few basics of computer science, in particular, computer networks, cryptography, data encoding, programming (just a little bit, do not worry), operating systems, etc.
There are great youtube channels that I follow and that could help you get started:
- Jonh Hammond
- LiveOverflow
- Among several others
- My blog
- Portswigger Academy
- Medium (Some people post writeups on there and even some tutorials)
- http://ctfs.github.io/resources/
- https://trailofbits.github.io/ctf/forensics/
- CTFtime Writeups
There are tons of other options out there. If these are not good for you or you want more material just google it, or send me a message I might be able to help.
# Where can you practice CTFs at your own rhythm?
Starting in a live competition versus other hackers/players more experienced than you could be scary. To avoid this problem you can practice on your own time, as much as you’d like. There are several sites that host CTFs all year round for people like you and me that want to keep practicing this amazing game.
A few examples of such sites are:
- picoCTF (Good for beginners and a great place to start)
- Overthewire
- CTFChallenge
- CTFlearn
- CTF101
- Hacker101 CTF
- TryHackMe
- HackThisSite
- Hack The Box
# What are some tools you may need?
Well, some of the CTF challenges available on the internet require the usage of some tools. A few examples of such tools are:
- Burp Suite
- Wireshark
- Xxd (or any other hexadecimal editor)
- Linux OS (Some may say it is not exactly a tool, but using Linux certainly helps to solve some challenges)
- curl
- Nmap
- among several others, some tools you could develop yourself as you go along.
# Where can you find the future CTF events?
You can find CTF events in several places. One example of a major site that has several CTF events is CTFtime.
In CTFtime you can find previous competitions, the respective scoreboard, and even some writeups of the solutions of others.
It is a great place to both practice CTFs, and to learn about them through the writeups of others. I recommend you to create a team (you can be the only member, there is no shame in that, or you can try to join a team, or even invite some friends to play with you) and enter some of these competitions to see for yourself how it is like to participate! You will certainly feel overwhelmed at first if you are not properly prepared, but you will learn a lot from the experience and the next time you’ll do better!
# Intrigued and willing to give CTFs a try?
CTFs are a great way to learn about cybersecurity, computers in general, they are also a great way to develop your problem-solving skills and if you decide to work as a team, a great way to meet like-minded people and make friends! As a cybersecurity enthusiast and cybersecurity professional, I am biased by saying that you should try out CTFs, but I am going to advise you to at least give it a go and see for yourself. If you want to, follow my work on this blog I will be posting about cybersecurity and CTF writeups weekly (daily is my goal though…). This could help you on your own journey.
Thank you very much for reading!
Cheers,
MRegra
magnificent submit, very informative. I’m wondering why
the opposite specialists of this sector do not understand this.
You should continue your writing. I’m sure, you have a great
readers’ base already!