Introduction to Capture The Flag Competitions (CTF's)

Capture The Flag (CTF) competitions are a popular and engaging way for individuals to develop and showcase their cybersecurity skills. These events simulate real-world cyber challenges, allowing participants to test their abilities in a controlled, competitive environment. CTFs are widely used in educational settings, professional training programs, and even as recruitment tools by organizations seeking to identify talented cybersecurity professionals.

So, what is it?

A Capture The Flag competition is an event where participants solve various security-related challenges to find hidden "flags," which are strings of text that serve as proof of successfully completing a challenge. CTFs typically fall into two main categories: Jeopardy-style and Attack-Defense.

1. Jeopardy-Style: Participants are presented with a series of challenges across different categories such as cryptography, reverse engineering, web security, digital forensics, and binary exploitation. Each challenge is worth a certain number of points based on its difficulty. Teams or individuals compete to solve as many challenges as possible within a given timeframe.

2. Attack-Defense: In this format, teams are given identical environments and must protect their own systems while simultaneously attempting to exploit and attack their opponents' systems. This type of CTF simulates real-world offensive and defensive cybersecurity scenarios.

Importance of CTF Competitions

1. Skill Development: CTFs provide hands-on experience in various areas of cybersecurity as they help participants develop practical skills and deepen their understanding of different technical concepts.

2. Problem-Solving: The challenges encourage creative thinking and problem-solving, as participants must often think outside the box to discover solutions.

3. Collaboration and Teamwork: Many CTFs are team-based, promoting collaboration and teamwork as participants work together to tackle complex problems.

4. Real-World Application: The scenarios and challenges in CTFs are sometimes designed to mimic real-world environments and provide valuable insight into how to handle actual challenges you may face.

5. Networking and Recognition: Competing in CTFs can help participants connect with like-minded individuals, mentors, and potential employers. Ultimately, its a great way of enhancing your professional network and career prospects.

Let's talk about the categories some more

You might be wondering how the jeopardy categories that were mentioned above are relevant to the industry. Below is a quick breakdown on some of the skills you can learn that are transferrable to a career in cybersecurity. Note: There are endless possibilities, don't get discouraged because I've only listed a few below!

• Cryptography: Can be used to protect information, secure communications, and preserve privacy.

• Reverse Engineering: Can be used to analyze malicious software (malware) or understand how a system works.

• Web exploitation: Can be used to help secure web applications by auditing the security controls in place.

• Digital Forensics: Can be used for incident response (i.e. A company has been hacked, now you have to figure out how it happened).

• Binary Exploitaiton: Can be used to audit software and other systems to find bugs that may compromise system security.

Are there any prerequisites for getting started?

While it's not required, it is strongly encouraged that you have some basic knowledge across the following areas:

Networking

Questions to ask yourself: (How does the internet work? What is a network? What is an IP address? What's a port? What's a protocol?)

• https://www.educative.io/blog/computer-networking-basics

• https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Web_mechanics/How_does_the_Internet_work

The Web

Questions to ask yourself: (What is HTTP? What are response codes? What are methods?)

• https://developer.mozilla.org/en-US/docs/Learn/Getting_started_with_the_web/How_the_Web_works

• https://developer.mozilla.org/en-US/docs/Learn/Common_questions/Web_mechanics/Pages_sites_servers_and_search_engines

• https://developer.mozilla.org/en-US/docs/Web/HTTP

Cryptography

• https://medium.com/edureka/what-is-cryptography-c94dae2d5974

Linux

• https://unbcybersec.com/blog/training/linux-basics/

• https://www.geeksforgeeks.org/introduction-to-linux-operating-system/

Where can I learn and practice these skills?

There are many platforms and websites that host CTF challenges, such as HackTheBox, CTFtime, and PicoCTF. While these sites won't necessarily hold your hand through the process, they do host many challenges for people to try. If you're a member of our club, make sure to utilize our custom learning platform!!!!

Okay - But seriously, how does one get started in a specific area before trying challenges? The following are a list of resources and videos for getting started.

Web Security

• Watch the first 6 videos from LiveOverFlow Web Security - Youtube

• Learn about some different web vulnerabilities Web Vulns - Youtube

• Learn about the most common security pitfalls in websites through the OWASP Top 10

Cryptography

• Cryptography, what is it?

• Cryptography CTF challenges overview

Digital Forensics

• Introduction to Digital Forensics

• DFIR 101

• Digital Forensics Guide

Reverse Engineering (RevEng)

• What it reverse engineering?

• Learn Reverse-Engineering

Binary Exploitation

• Learn the basics from LiveOverFlow Beginner Binary Exploitation - Youtube

Okay, I'm ready! How about some challenges?

• cmdchallenge - CMDChallenge, a site to learn and practice using linux commands

• Bandit - An incredibly addicting game to help you learn about SSH, linux and using a terminal

• PortSwigger - Learn Websecurity - The absolute best resource out there for web security

• Natas - Another incredibly addicting game to learn website security

• cryptohack.org - Learn about cryptography through interactive challenges (may require some basic programming knowledge)

• picoCTF - picoGym, a place to practice all the different categories