Hey folks, in this blog I’m going to share how do you guys get started in CTF: Capture The Flag (“Jhande Ukhaadne Hai”). So let’s jump into it.
Before knowing about how to get started in CTF let’s first understand what CTF is, what we do in CTF, what is a flag, and is CTF helps you to polish your hacking skills.
CTF: Capture The Flag
CTF: Capture the Flag is a type of information security competition that challenges competitors to solve a variety of tasks. It is a special type of cybersecurity competition designed to challenge computer participants to solve computer security problems or capture and defend computer systems. Typically, these competitions are team-based and attract a diverse range of participants including students, enthusiasts, and professionals. A CTF competition may take a few hours, a full day, or several days.
Computer security represents a challenge for education due to its interdisciplinary nature. The topics of computer security range from theoretical aspects of computer technology to applied aspects of information technology management. This makes it difficult to encapsulate the feeling of constituting computer security professionals.
How to Get Started into CTF | Importance Of CTF in Bug Bounties
Types of Capture The Flag challenge
Jeopardy-style CTFs have a couple of tasks in a range of categories. For example, web, forensics, crypto, binary, or anything else. The team can gain some points for each solved task. More points usually for more complex tasks. The next task in the series can only be opened after some team resolves the previous task. Then the playing time is more than the sum of digits which shows you the CTF winner
ATTACK DEFENSE STYLE:
Attack-defense is another interesting type of competition. Every team here has its own network (or only one host) with rude services. Your team has time to patch your services and usually develop adventures. So, then the organizers add the contest participants and the battle begins! You should protect your own services for defense points and hack opponents for attack points.
Possible formats for mixed competitions may vary. This can be something like a wargame with specific times for task-based elements.
CTF games often touch on many other aspects of information security: cryptography, stenography, binary analysis, reverse arranging, mobile security, and others.
Challenge Types & Tools
In the case of CTFs, the goal is usually to crack or clone cryptographic objects or algorithms to reach the flag.
- FeatherDuster — An automated, modular cryptanalysis tool
- Hash Extender — A utility tool for performing hash length extension attacks
- PkCrack — A tool for Breaking PkZip-encryption
- RSATool — Generate private key with knowledge of p and q
- XORTool — A tool to analyze multi-byte xor cipher
In the context of CTFs steganography usually involves finding the hints or flags that have been hidden with steganography. Most commonly a media file will be given as a task with no further instructions, and the participants have to be able to uncover the message that has been encoded in the media.
- Steghide — Hide data in various kind of images
- Stegsolve — Apply various steganography techniques to images
- Zsteg — PNG/BMP analysis
- Exiftool — Read and write meta information in files
- Pngtools — For various analysis related to PNGs
- BurpSuite — A graphical tool to testing website security.
- Postman — Add on for chrome for debugging network requests
- Raccoon — A high-performance offensive security tool for reconnaissance and vulnerability scanning
- SQLMap — Automatic SQL injection and database takeover tooli
- W3af — Web Application Attack and Audit Framework.
In a CTF context, “Forensics” challenges can include file format analysis, steganography, memory dump analysis, or network packet capture analysis
- Audacity — Analyze sound files (mp3, m4a, whatever)
- Bkhive and Samdump2 — Dump SYSTEM and SAM files
- CFF Explorer — PE Editor
- Creddump — Dump windows credentials
- Foremost — Extract particular kind of files using headers
- NetworkMiner — Network Forensic Analysis Tool
- Shellbags — Investigate NT_USER.dat files
- UsbForensics — Contains many tools for USB forensics
- Volatility — To investigate memory dumps
Reverse Engineering in a CTF is typically the process of taking a compiled (machine code, bytecode) program and converting it back into a more human-readable format.
- ApkTool — Android Decompiler
- Barf — Binary Analysis and Reverse engineering Framework
- Binary Ninja — Binary analysis framework
- BinWalk — Analyze, reverse engineer, and extract firmware images.
- Boomerang — Decompile x86 binaries to C
- Frida — Dynamic Code Injection
- GDB — The GNU project debugger
- GEF — GDB plugin
- IDA Pro — Most used Reversing software
- Jadx — Decompile Android files
Many challenges in CTFs will be completely random and unprecedented, requiring simply logic, knowledge, and patience to be solved. There is no sure-fire way to prepare for these, but as you complete more CTFs you will be able to recognize and hopefully have more clues on how to solve them.
[+] CTF Calendar
CTFtime.org / All about CTF (Capture The Flag)
May 18, 2020, 8:05 p.m. Team "TwoSixNone" added as an alias to "TwoSixNine". May 18, 2020, 2:09 p.m. Team "The_WinRaRs"…
[+] Write-ups to learn CTF
Dismiss GitHub is home to over 50 million developers working together. Join them to grow your own development teams…
[+] How to start CTF
CTF Field Guide
"Knowing is not enough; we must apply. Willing is not enough; we must do." - Johann Wolfgang von Goethe We're glad…
[+] Starter CTF
picoCTF - CMU Cybersecurity Competition
picoCTF is a free computer security game targeted at middle and high school students, created by security experts at…
TryHackMe | Hacking Training
TryHackMe is an online platform for learning and teaching cyber security, all through your browser.
Capture The Flags, or CTFs, are a kind of computer security competition. Teams of competitors (or just individuals) are…
Home - RingZer0 CTF
RingZer0 Team's online CTF offers you tons of challenges designed to test and improve your hacking skills through…
[+] Hard CTF
Plaid CTF 2020
HITCON CTF 2019
Qualification: Online Jeopardy Oct 12 10:00 AM ~ Oct 14 10:00 AM, 2019 (GMT+8, 48 hours) Currently 2019 HITCON CTF…
Vulnerable By Design ~ VulnHub
VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer…
Home | CSAW
CSAW is the most comprehensive student-run cyber security event in the world, featuring 9 hacking competitions…
Dragon Sector is a Polish security Capture The Flag team. It was created in February 2013 and currently has 17 active…
[+] PHP Challenge (Real World CTF)
HackMD - Collaborative Markdown Knowledge Base
One Line PHP Challenge without session.upload ### Contact Me email@example.com ### Tribute to
[+] Networking / Linux Challenges
The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of…
[+] VPS (Virtual Private Server)
DigitalOcean - The developer cloud
We make it simple to launch in the cloud and scale up as you grow - with an intuitive control panel, predictable…
[+] Hack The Box (Pentesting style CTF)
Hack The Box :: Penetration Testing Labs
Hack The Box provides a wealth of information and experience for your security team. Train your employees or find new…
[+] Web Application CTF
Web security challenges from the people of websec.
The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free…
[+] Binary Exploitation CTF
ABOUT Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills. HOW-TO Try to find…
[+] Reverse Engineering CTF
서비스 오류 안내
The Cryptopals Crypto Challenges
We can't introduce these any better than Maciej Ceglowski did, so read that blog post first. We've built a collection…
just a wannabe hacker... -=[ ❤️ Support me ]=- Patreon per Video: https://www.patreon.com/join/liveoverflow YouTube…
HackerSploit is the leading provider of free and open-source Infosec and cybersecurity training. Our goal is to make…
Video Search: https://ippsec.rocks
The ethical hacking channel where I focus on creating videos for aspiring ethical hackers, programmers, computer…
Aaditya Purani - Ethical Hacker
Here are few Writeups for CSAW CTF. We participate as dcua team, group of awesome people trying the best effort for the…
Dump of codes for the challenges I attempted / solved in various Capture the Flag challenges. Not intended to be very…
John Hammond | February 1st, 2018 This repository, at the time of writing, will just host a listing of tools and…
Introduction | CTF Resources
This repository aims to be an archive of information, tools, and references regarding CTF competitions. CTFs…
CTFtime.org / Writeups
Capture The Flag, CTF teams, CTF ratings, CTF archive, CTF writeups
This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a…
Hope you will start playing CTFs after go through this write-up.
Special Thanks to My Tesla Friend Aaditya Purai for sharing different types of challenges.
Thanks, everyone for reading:)
Happy Hacking 😉
Support me if you like my work! Buy me a coffee