Open in app

Sign in

Write

Sign in

CTFs — Beginner’s Guide

chandan kumar
3 min readOct 23, 2020

--

The best way to learn security stuffs in a gaming way is CTF. In CTF, players have to find a FLAG “a piece of text” & get submitted.

Why do CTFs?

These are one of the best ways to learn specific security skills, like binary exploitation, web exploitation or reverse engineering & Forensics.

And since you often play CTFs in teams, CTFs are also a great way to make friends with likeminded security nerds. The CTF experience of getting stuck in a challenge, persist and finally finding a solution models real-life hacking scenarios.

Types of CTFs

There are two main types of CTFs: Jeopardy-style and Attack-Defense-style.

Jeopardy-style CTFs:

These are essentially a list of hacking challenges that you can complete for flags that are worth a certain number of points. These challenges involve exploiting a vulnerability or solving a programming challenge to steal a “flag”. Teams compete to see who can find the most flags and gain the most points under a time limit.

Attack/Defense CTF:

Every team has its own “vulnerable” servers and services. Teams must attack other teams application while protecting the own from being hacked. Teams must keep their services up and running and must solve additional tasks and achievements in parallel. CTFs can be played either single or with team.

Where do I start?:

Read & watch CTFs writeups & videos . Some of the following are as follow:

1 ) John Hammond

2) HACKING ARTICLES

3) CTF TIME

For Practicing CTFS :

These platforms are available over the year without time bound . These all are Jeopardy-style CTFs.

1. PICO CTF:

It is mixed type of CTF which mainly include web, rev, binary & Forensics. Hints are also available for this CTF. In this ctf you will know about the different sections under ctfs & the visibility about ctf will get more clear.

2 . Wargames:

It starts with teaching the basics of using the command-line and programming. Then you are given a wide range of challenges to choose from: from web security, binary exploitation to reverse engineering. They have different list regarding the type of challenges you will solve.

3. Portswigger:

Not a CTF but yes you will learn a lot from this regarding web exploitations . They have beginners , intermediate & experts levels categories .

4. Hackerone CTF:

I will suggest you to get some knowledge from above three & then start with this CTF. You will rewarded with Private bounty program whenever you will reach a particular amount of score.

5. CTF TIME:

This is the site where you will get all CTFs updates & writeups.

Conclusion:

CTF is a great hobby for those interested in problem-solving and/or cyber security. The community is always welcoming and it can be a lot of fun tackling challenges with friends . I have learnt a lot from these CTFs & still learning.

This is my first post, if I was able to spark interest with even a single person, I’d consider it a success.

Thanks for reading. Is there anything I missed? Feel free to let me know.

--

--

chandan kumar
chandan kumar

Written by chandan kumar

6 Followers
21 Following

Threat Hunting, Detection Engineering, and Incident Response | Threat Researcher | DFIR |Threat Intel

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams