atan
Posted on • Updated on
#security #ctf #beginners
CTFs are one of my favorite hobbies. I love the feeling of solving a particularly difficult task and seeing all the puzzle pieces click together. I'd like this post to serve as an introduction to CTF for those in the dev.to community that may not know what it is.
CTF (Capture The Flag) is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data. In these challenges, the contestant is usually asked to find a specific piece of text that may be hidden on the server or behind a webpage. This goal is called the flag, hence the name!
Like many competitions, the skill level for CTFs varies between the events. Some are targeted towards professionals with experience operating on cyber security teams. These typically offer a large cash reward and can be held at a specific physical location. Other events target the high school and college student range, sometimes offering monetary support for education to those that place highly in the competition!
CTFtime details the different types of CTF. To summarize, Jeopardy style CTFs provide a list of challenges and award points to individuals or teams that complete the challenges, groups with the most points wins. Attack/Defense style CTFs focus on either attacking an opponent's servers or defending one's own. These CTFs are typically aimed at those with more experience and are conducted at a specific physical location.
CTFs can be played as an individual or in teams so feel free to get your friends onboard!
I'd like to stress that CTFs are available to everyone. Many challenges do not require programming knowledge and are simply a matter of problem solving and creative thinking.
Jeopardy style CTFs challenges are typically divided into categories. I'll try to briefly cover the common ones.
- Cryptography - Typically involves decrypting or encrypting a piece of data
- Steganography - Tasked with finding information hidden in files or images
- Binary - Reverse engineering or exploiting a binary file
- Web - Exploiting web pages to find the flag
- Pwn - Exploiting a server to find the flag
If I managed to pique your curiosity, I've compiled a list of resources that helped me get started learning. CTF veterans, feel free to add your own resources in the comments below!
Learning
- http://ctfs.github.io/resources/ - Introduction to common CTF techniques such as cryptography, steganography, web exploits (Incomplete)
- https://trailofbits.github.io/ctf/forensics/ - Tips and tricks relating to typical CTF challenges/scenarios
- https://ctftime.org/writeups - Explanations of solutions to past CTF challenges
Resources
- https://ctftime.org - CTF event tracker
- https://github.com/apsdehal/awesome-ctf - Comprehensive list of tools and further reading
Tools (That I use often)
- binwalk - Analyze and extract files
- burp suite - Feature packed web penetration testing framework
- stegsolve - Pass various filters over images to look for hidden text
- GDB - Binary debugger
- The command line :)
Practice
Many of the "official" CTFs hosted by universities and companies are time-limited competitions. There are many CTFs however that are online 24/7 that can be used as practice and learning tools. Here are some that I found to be friendly for beginners.
- https://ctflearn.com - A collection of various user-submitted challenges aimed towards newcomers
- https://overthewire.org/wargames/ - A series of progressively more difficult pwn-style challenges. (Start with the bandit series)
- https://2018game.picoctf.com/ - Yearly time-limited CTF now available to use as practice
CTF is a great hobby for those interested in problem-solving and/or cyber security. The community is always welcoming and it can be a lot of fun tackling challenges with friends. This is my first post, if I was able to spark interest with even a single person, I'd consider it a success 😊. Thank you for reading!
Top comments (16)
Subscribe
Boris Quiroz
Boris Quiroz
Senior Systems Engineer
-
Location
SCL
-
Joined
• May 2 '20
- Copy link
Hello! Just to mention that seems to be a typo in https://cftime.org - CTF event tracker
. (Missing t between c and f?) :)
atan
atan
Application Security Engineer based in Japan.Penetration Testing and general hackery fun.
-
Location
Japan
-
Joined
• May 7 '20
- Copy link
Sheesh that typo has been there for way too long! Thanks for checking out this ancient post!
Aman Jaswal
Aman Jaswal
Learning the art of programming! After a gap of 3 years I am back here to share what I have learned so far!Happy to share
-
Email
v4vendetta5v@gmail.com
-
Location
Chakradharpur
-
Joined
• Sep 23 '20
- Copy link
loved the info. It's been months since I have been looking for resources to start with security and then I find this.. It's like a ray of hope for something I want to learn. Please don't mind if I bug you with more questions !! ;-)
Ochirgarid Chinzorig
Ochirgarid Chinzorig
I'm passionate hacker wizard unicorn ninja developer
-
Location
Ulaanbaatar
-
Work
Backend Dev & Data analyst at AND Systems LLC
-
Joined
• Sep 9 '19
- Copy link
Thank you, The sources are wonderful, I think adding some video tutorials to the list like "LiveOverflow" channel on Youtube
ASM💡📚.
ASM💡📚.
love webdev .
-
Joined
• Jul 13 '20
- Copy link
thank so much 😊
Franco Melandri
Franco Melandri
Proudly and opinionated Software Craftsman
-
Location
Bologna, ITALY
-
Education
Electronic Engineer
-
Work
Proudly and opinionated Software Craftsman
-
Joined
• Mar 30 '21
- Copy link
First time I ever heard about CTF, thanks for the tiny description.
My curiosuity was born from here:
google.github.io/kctf/
Lena
Lena
Nothing to see here.
-
Location
Japan
-
Joined
• Mar 25 '22
- Copy link
Thank you for this blog post. This inspired me to publish write-ups of CTFs on dev.to! So far I've published some write-ups of CTFs, and I plan to publish more in the future!
batchuharish
batchuharish
-
Joined
• Jun 26 '21
- Copy link
Thank you so much.
mvisaya
mvisaya
-
Joined
• Sep 1 '20
- Copy link
Thank you @atan, this was very clear and informative. I appreciate you also linking to other resources :)
saktipong
saktipong
-
Location
Thailand
-
Work
none at IT Support
-
Joined
• Dec 23 '19
- Copy link
Thank so much.
Musab
Musab
Graduate student learning one thing at a time
-
Location
Washington DC
-
Joined
• May 28 '20
- Copy link
Thank you this cleared up many things
HapyDox
HapyDox
-
Joined
• Aug 28 '21
- Copy link
It's very useful for me <3
suhaibali2002
suhaibali2002
Beginner Coder want to start my journey in coding
-
Education
High school diploma
-
Work
Student
-
Joined
• May 8 '22
- Copy link
Thank you for the information
parrot
parrot
-
Joined
• Apr 6 '23 • Edited on Apr 6 • Edited
- Copy link
This is an awesome article. be sure to check out Parrot CTFs I made this a while back : )
Vinay Rayala
Vinay Rayala
I am a SOC Analyst L1 having 2 years of experience. Looking learn new skills like CTF, Cyber write ups etc.
-
Joined
• Aug 25 '23 • Edited on Aug 25 • Edited
- Copy link
Very useful information from this blog. Impressive writeup on CTF. Satisfied with the details contained in the article. Helpful for beginner to know about CTF challenge.
John Dow
John Dow
The enterprise isn't living right now
-
Education
Fablab de Guadeloupe
-
Work
Services material hacking
-
Joined
• Apr 23 '22
- Copy link
Thank you so much for talking the basics.
This is an open gate for these like me who wants to learn.
View full discussion (16 comments)
For further actions, you may consider blocking this person and/or reporting abuse