CTFs

CTFs

Capture-The-Flags (CTF) are computer security competitions. The most common type of CTF is Jeopardy, consisting of individual challenges with varying points. The goal of each challenge is to find a string of text known as the flag, like flag{thisisaflag}. The team that solves the most challenges and has the most points wins.

Challenge Types

1. Web

   • Enumerate, scan and hack a website to get the flag!

2. Forensics

   • Analysis of a file, such as disk files, log files or Wireshark packet captures to find hidden information.

   • Steganography is technically part of this, and that involves finding hidden information in images.

3. Pwn / Binary Exploitation

   • Exploitation of a program running on a server by connecting to it, then sending a specific input to gain control via variations of buffer overflows.

   • The program that is running is given (.exe or .elf).

4. Cryptography

   • Exploitation of an incorrectly implemented algorithm, such as RSA, to decrypt information.

5. Reverse Engineering

   • Given a program or file, find out how it works and reverse engineer it to find exploitable vulnerabilities.

6. Misc.

   • Could be anything, such as random scripting, OSINT, or knowledge tests on operating systems.

CTFs are insanely fun, and it's a great way to start cybersecurity. It's how I started too.

CTF Websites

CTF Time

CTF event tracker, just sign up and join one!

CTF Learn

A website to practice user created CTF challenges at your own time and pace.

PicoCTF

A CTF platform hosted by Carnegie Mellon University for everyone to learn more about security. One can either take part in the upcoming PicoCTF, or attempt challenges from the past in PicoGym.

PortSwigger Academy

The best possible resource to learn web application vulnerabilities, mainly to prepare for the Burp Suite Certified Practitioner certification. Comes with hundreds of labs to test your skills, and it is absolutely free!