Hey, In this blog we are going to discuss how to get started in CTF? What actually ctf is? Some tools to solve challenges. So, let’s start it.
What is CTF?
Capture The Flag is a kind of information security competition that challenges contestants to solve a variety of tasks ranging from a scavenger hunt on wikipedia to basic programming exercises, to hacking your way into a server to steal data. Here you get challenges, completing challenges provides you points & ranks.
Types of CTF:-
There are three types of capture the flag event. 1) Jeopardy 2)Attack-Defence & 3)Mixed.
•Jeopardy Style CTF
has a couple of questions (tasks) in range of categories. For example, Web, Forensic, Crypto, Binary or something else. Team can gain some points for every solved task. More points for more complicated tasks usually. The next task in chain can be opened only after some team solve previous task. Then the game time is over sum of points shows you a CTF winer. Famous example of such CTF is Defcon CTF quals.
attack-defence is another interesting kind of competitions. Here every team has own network(or only one host) with vulnarable services. Your team has time for patching your services and developing exploits usually. So, then organizers connects participants of competition and the wargame starts! You should protect own services for defence points and hack opponents for attack points. Historically this is a first type of CTFs, everybody knows about DEF CON CTF – something like a World Cup of all other competitions.
Mixed style CTF is a mix style CTF of Jeopardy and Attack-Defense.Mixed competitions may vary possible formats. There can be an attack-defense competition having a few jeopardy tasks set as bonuses or a jeopardy competition with a global task including an attack-defense dynamic. It may be something like wargame with special time for task-based elements (e.g. #UCSB iCTF).
Types of challenges:-
•Crypto- Cryptography involves encrypting or decrypting a piece of data.
•Stego- Steganography is tasked with finding information hidden in files or images.
•Binary Exploitation/pwn– It is basically exploiting a binary file and exploiting a server to find the flag.
•Reverse Engineering- Reverse Engineering in a CTF is typically the process of taking a compiled (machine code, bytecode) program and converting it back into a more human readable format.
•Web- Web includes challenges like finding password, brute-forcing, FTP server details exploring & more.
•Forensics- Forensics challenges can include file format analysis, steganography, memory dump analysis, or network packet capture analysis. Any challenge to examine and process a hidden piece of information out of static data files (as opposed to executable programs or remote servers) could be considered a Forensics challenge.
•Misc- Miscellaneous! Many challenges in CTFs will be completely random and unprecedented, requiring simply logic, knowledge, and patience to be solved. There is no sure-fire way to prepare for these, but as you complete more CTFs you will be able to recognize and hopefully have more clues on how to solve them.
Where to practice?
Here are some platforms and YouTube channels mentioned below from where you can practice CTFs.
- CTF Time https://ctftime.org/
- VulnHub https://www.vulnhub.com/
- HackTheBox https://www.hackthebox.eu/
- TRYHACKME https://www.tryhackme.com/
- Major League Cyber https://www.majorleaguecyber.org/
- CTF 101 https://ctf101.org/
- CTF Learn https://ctflearn.com/
- Pico CTF https://picoctf.com/
- Ring Zer0 CTF https://ringzer0ctf.com/
- Live Overflow https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
- HackerSploit https://www.youtube.com/channel/UC0ZTPkdxlAKf-V33tqXwi3Q
- Ippsec https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
- Innovative Justice https://www.youtube.com/channel/UC57jqKxunieyGsHkHaGd7Ow
- Amrita InCTF Junior https://www.youtube.com/channel/UC2upioDqOCMYnGvgJw7iOMA
Thank you for reading ☺️ our blog… Hope this can help you in getting started with ctfs. We have not mentioned tools. If you guys need tools then drop a ❤️ and comment your opinion.