Is a CTF pointless? Learning through games.

What is CTF? Capture the flag or CTF is kind of gamified activity to learn computer science, cybersecurity, information security and programming in general. This is a awesome way to get into computer science, networking basics, cryptography, reverse engineering, web forensics technologies and many more. Learn with fun.

So, there are different styles or types of CTF games, like:

Attack and difference, where one team, Red, is trying to get into the specific system and another, Blue, is trying to stop them. It might be in a form of online competition which takes a day or even a few days.

Joepardy or problem solving competition. This kind of competition is very popular among student and beginners in computes science. Includes some simple tasks to find or extract a flag from given information of file. Open web page and get access to hidden information or download a file and digging into with reverse engineering and so many more.

Boot-to-root is based on vulnerable VM and gamer have to get remote access to machine and find a flag. Generally flag is a text file hidden somewhere under root account, a participant should conduct some forensics or escalate privilege to root user to get access to it. And much more others competition styles for individual training online where you can follow alone or with friends as part of a team.

But what if you are new and do not know where to start. CTF is diverse in its implementation. The easiest way just start by your own installing Kali or Parrot OS, these two OS are already coming from a lot of tools preinstalled. And than try to login into one of the CTF platform already available all over the internet.

Here is a chart or most popular and interesting platform, my opinion, to start with learning infosec:

PlatformLevelWhat is it
picoCTF BeginnerRegistration for freeFor computer science student and beginning infosec specialists
VulnHubBeginnerFreeA web repository of vulnerable VMs to download. Ideal starting point for beginners. Great way doing own lab environment
OverTheWireBeginnerFreeWargaming service which help you to learn and practice security concepts in the form of fun-filled games
CI/CD GoatBeginnerFreeDeliberately vulnerable CI/CD environment. Lear hacking CI/CD pipelines on Jenkins and Python
TryHackMeAll levelsFree and paid contentOne of the most popular learning platform for cybersecurity. Contains well structured learning path, a lot of well-guided walkthrough. It is possible to create your own lab environment, invite a friends or even create community.
HackTheBoxAll levelsFree and paid contentOne ot the best cybersecurity upskilling platform. Consists of advanced HTB Lab environment, where there are tons of vulnerable VMs available with VPN or for paid subscriber dedicated ones. And HTB Academy where you can spend credits earned in labs to get access to one the learning path.
Smash the StackBeginnerFreeA war gaming network which simulates software vulnerabilities and allows for the legal execution of exploitation techniques
DEFCON CTFAdvancedSome feeOne of the most prestigious and challenging CTF ever in DEFCON which is currently organized by Legitimate Business Syndicate
HITCON CTFAdvancedSome feeAsian CTF community with high reward system

CTF makes you better in you role, it is good for Red teaming training offensive stuff as well as for Blue team members to stay on the wave of continuously changing world of cybersecurity. Sure, not all we se in CTF games is applicable in a real world but capture the flag game allows a gamer to dig deeper in any problem. Programming is not easy to train. CTF is just a simple way to learn a hard things.

Be an ethical, save your privacy!

subscribe to newsletter

and receive weekly update from our blog

By submitting your information, you're giving us permission to email you. You may unsubscribe at any time.

Leave a Comment

Discover more from #cybertechtalk

Subscribe now to keep reading and get access to the full archive.

Continue reading