Beginner’s Guide To CTFs

Ctf: Capture the flag

General idea:

Two teams have their own flags, the teams need to find the opposite team’s flags and in that process they have to avoid being tagged. Teams will penetrate inside their opponent’s geographical locations in search of flags but at the same time they have to defend their own flags. (Defense and Attack both at the same time)

In the cybersecurity world, we have CTF, it is a challenge where we have to apply our Infosec skills to real life problems and we have to find flags which are located in any remote location on internet, on machines or inside different file formats. It depends on the challenge, they can be classified into different categories like Web Pentesting, Pwning, Steganography, Cryptography, Forensics, Reverse Engineering, Binary Exploitation, etc. Our task is to break the security by exploiting various vulnerabilities, find the flags and submit it. Scores will be rewarded based on the difficulty level of the tasks. For example: We will be given a website where these challenges will be posted, problem title, hint, and a brief description which might include a file, or a link to a remote website. Titles and descriptions include hints (checks your presence of mind) which is used to reverse engineer the task. CTFs are just for practicing tools, linux commands and your general knowledge of cybersecurity and Linux Operating system. Participants gets the opportunity to work on an intentional vulnerable machines. It requires practical skills, and knowledge of core concepts of Computer science like Memory, Processes and FileSystems.

There are divided into few types-

  • Jeopardy
  • Attack and Defense
  1. Competition type:

In competition types or Jeopardy, time will be given and points will be given based on the number of flags found. Inside jeopardy we have challenges like:

  • Web
  • Cryptography
  • Reverse Engineering
  • Pwning: Inside pwning we have to do system exploitation, machine penetration, privilege acceleration aka gaining root access
  • Forensics
  • Steganography
  • Misc
  1. Attack and Defense

Two teams will be given vulnerable machines and they have to find the opposite team’s flags and defend their own flags at the same time, we technically call them Wargames.

Resources to look at:

ctf101.org CyberChef picoCTF

Ctf platforms uses a flag format like in picoCTF, flags are found in this format picoCTF{xyz} We can submit the flags to earn points but remember learning more important than scoring.

–to-be-continued–