The emergence of CTF in the world of Cyber Security

Traditionally speaking ‘CTF’ is a term used for an outdoor game where the goal is to capture the other team’s flag. Similarly, this term is used for conducting competitions all around the world for ethical hackers to brush up their skills. Often it is used by companies and other organizations to find talents in the cyber security domain in general. It is also widely played for fun at the university level if a student is part of a club or chapter. Capture the flags(CTFs) are challenges that are given to the participants who are generally playing individually or as a team.

Security CTFs or Hacking CTFs are not to be confused with the other games like paintball or shooter games. Generally, there are two types of CTFs — Jeopardy and Attack-Defense. Usually, it is easier to get into jeopardy style as a beginner. Some common topics are Web application penetration testing, binary exploitation, Cryptography, Reverse Engineering, Forensics, OSINT or Reconnaissance, miscellaneous(programming exercises), etc. The flag to be found by the participant is a special string like — sample flag {welcome_to_ctf}.

CTFs are one of the best ways to get into ethical hacking. To get good at it — we need to keep practicing. If we expect results in the first week or so, we will often end up getting disappointed. They require hard work, dedication, and also creativity. It can get very interesting and challenging as you progress. Patience and persistence are two of the keys that we have to keep in mind to succeed in these kinds of competitions.

Different competitions have a different set of rules and regulations that need to be followed. One of the best sites that we can get started with CTFs is https://ctftime.org/. This site is made by the CTF community for the CTF community.If you are not able to solve any particular task in the CTF, you can always reach out to people in forums, Reddit groups, or even quora. These participants often discuss the solutions of the tasks in these groups and it can be helpful for others as well. This is a great way of learning to solve problems. It is also important to keep in mind that there is no particular way of solving problems; So have an open mind and read the answers of others even if you can crack the challenge.

Some tips:-

  • Don’t go looking for hints/solutions unless you have tried your best
  • If you find the answer to the challenge, do not reveal it until the end of the competition; in that way, we would have a healthy competition
  • Try to make friends along the way — help each other to grow; if you find them reliable, make your team and participate in the competitions
  • Don’t feel bad if you lose; get better after every competition and eventually, you will win one day. Don’t lose hope.
  • Be kind to one another as it is important to have good relationships in these competitions. Since companies try to recruit the best players from a competition, they look for a team player with their technical expertise.

Some skills you need for CTFs:-

  • Programming
  • Cryptography
  • Exploits
  • Linux Distributions
  • Forensics
  • Reverse engineering

Why CTF?

CTFs are a good way of learning Cyber Security in general. They are often used as the opportunity to make valuable connections in the industry. They help us to enhance our cyber security skills. It gives us hands-on experience and a way to demonstrate our skills to find the flag. Also, if we manage to find the flag it gives us a sense of accomplishment which motivates us to do more.

One interesting thing about these competitions is that there is no prerequisite for you to participate. You just learn along the way. Anyone can participate in these competitions. So what are you waiting for?

We at Andy InfoSec have made a couple of amazing CTFs for you. Go give it a try.

CTF 1

Description:

This CTF is very interesting as this is made in the remembering of Yuvraj Singh who hit “6” sixes and turned the table of the game. There are 6 flags and each flag will help in paving the way to the next flag, and in the end, it will lead to root access which will end the game.

https://tryhackme.com/jr/worldcup2020ctf

CTF 2

Description:

The theme of this CTF is based on Charlie And The Chocolate Factory where the players relive the experience of the Chocolate Factory. It does not matter whether you are a beginner or an expert, this CTF leaves no stone unturned to mesmerize you by the sheer number of different domains. The player is supposed to make his way by escalating the privileges to get the root.txt flag.

https://tryhackme.com/room/chocolatefactory

By Sooraj Sathyanarayanan

Cyber Security Researcher

Andy InfoSec