CTF, Capture The Flag
CTF, Capture the Flag is a known form of a game mode for various games like Paintball, laser games and Computer games, but it’s also used in Computer Security.
Capture the Flag is a really good way of enhancing your Security skills, it starts with a few clues and quests you must solve to retrieve the flag for the challenge. These are named as Jeopardy-style CTF. They are often devided into different types of challenges i.e.:
- Cryptography
- Web
- Forensics
- Binary Exploitation
- Reversing
- Networking
There are also modes for CTF called Attack-Defense, where the teams have to defend their own network or machine and att the same time attack the opponents. There is also a version like one team is defending and the other one is attacking, a Blue Team – Red Team approach. Blue Team defends and tries to find out how and when the Red Team makes their way to get the Flag.
Who is CTF for?
It’s for everyone with a interest in cyber security.
Qualify for bigger events
Some CTF’s are qualifiers for bigger CTF events, so get going and solve the challenges!
Example challenge from (https://capturetheflag.withgoogle.com):
This CTF has beginner challenges (which I can recommend if you’re new to this).
Amongst the beginner challenges we have the following one.
This challenge want us to find the flag which will look like “CTF{xxxxxx}” by using the clues in the text and the file which we are able to download.
We download the file (Attachment) and extract the content
The clue from the challenge indicates it’s something fishy with this .ico file.
Tha the initial view, it looks alright.
Let’s use binwalk which is a tool for searching binary images for embedded files and executable code to see if there is something hidden inside.
It looks like we’re getting somewhere, it seems to be a zip archive.
Let’s try to list the content with 7zip
Works! Next step would be to unpack the content in our hunt for the flag
We have extracted our files
And we now have the flag!
We enter it on the website and the challenge is completed and can start the next challenge…
Where to start?
So, for those of you who are new or want to get some good links into CTF, I have tried to gather all CTF Links in this post for reference, I will try to keep the links updated along the way.
- CTF Time – https://ctftime.org/
- Hack The Box – https://www.hackthebox.eu/
- CTF 365 – https://ctf365.com/
- CTF Field Guide – https://trailofbits.github.io/ctf/
- CBT Nuggets Preparation Tips
–
https://www.cbtnuggets.com/blog/2018/07/how-to-prepare-for-a-capture-the-flag-hacking-competition