What is CTF? Capture the flag or CTF is kind of gamified activity to learn computer science, cybersecurity, information security and programming in general. This is a awesome way to get into computer science, networking basics, cryptography, reverse engineering, web forensics technologies and many more. Learn with fun.
So, there are different styles or types of CTF games, like:
Attack and difference, where one team, Red, is trying to get into the specific system and another, Blue, is trying to stop them. It might be in a form of online competition which takes a day or even a few days.
Joepardy or problem solving competition. This kind of competition is very popular among student and beginners in computes science. Includes some simple tasks to find or extract a flag from given information of file. Open web page and get access to hidden information or download a file and digging into with reverse engineering and so many more.
Boot-to-root is based on vulnerable VM and gamer have to get remote access to machine and find a flag. Generally flag is a text file hidden somewhere under root account, a participant should conduct some forensics or escalate privilege to root user to get access to it. And much more others competition styles for individual training online where you can follow alone or with friends as part of a team.
But what if you are new and do not know where to start. CTF is diverse in its implementation. The easiest way just start by your own installing Kali or Parrot OS, these two OS are already coming from a lot of tools preinstalled. And than try to login into one of the CTF platform already available all over the internet.
Here is a chart or most popular and interesting platform, my opinion, to start with learning infosec:
Platform | Level | What is it | |
picoCTF | Beginner | Registration for free | For computer science student and beginning infosec specialists |
VulnHub | Beginner | Free | A web repository of vulnerable VMs to download. Ideal starting point for beginners. Great way doing own lab environment |
OverTheWire | Beginner | Free | Wargaming service which help you to learn and practice security concepts in the form of fun-filled games |
CI/CD Goat | Beginner | Free | Deliberately vulnerable CI/CD environment. Lear hacking CI/CD pipelines on Jenkins and Python |
TryHackMe | All levels | Free and paid content | One of the most popular learning platform for cybersecurity. Contains well structured learning path, a lot of well-guided walkthrough. It is possible to create your own lab environment, invite a friends or even create community. |
HackTheBox | All levels | Free and paid content | One ot the best cybersecurity upskilling platform. Consists of advanced HTB Lab environment, where there are tons of vulnerable VMs available with VPN or for paid subscriber dedicated ones. And HTB Academy where you can spend credits earned in labs to get access to one the learning path. |
Smash the Stack | Beginner | Free | A war gaming network which simulates software vulnerabilities and allows for the legal execution of exploitation techniques |
DEFCON CTF | Advanced | Some fee | One of the most prestigious and challenging CTF ever in DEFCON which is currently organized by Legitimate Business Syndicate |
HITCON CTF | Advanced | Some fee | Asian CTF community with high reward system |
CTF makes you better in you role, it is good for Red teaming training offensive stuff as well as for Blue team members to stay on the wave of continuously changing world of cybersecurity. Sure, not all we se in CTF games is applicable in a real world but capture the flag game allows a gamer to dig deeper in any problem. Programming is not easy to train. CTF is just a simple way to learn a hard things.
Be an ethical, save your privacy!