Preparing For A CTF
How it works?
A Jeopardy-Style CTF is a competition where you are given a set of challenges to solve, these will be from different domains/categories in cybersecurity, with a varying level of difficulty. A CTF typically is time-limited, and you have to solve as many challenges as you can within the time limit. Each challenge has a point value, and the team (or individual, in case of individual CTFs) with the most points at the end of the CTF wins.
What you are given?
- A set of challenges, each with
- category - giving you some clue what kind of vulnerability it has or tools you need to use)
- description - giving you some clue on how to solve it, by giving you some hints on where to look for the solution or what kind of problem it is, or may the tool which you need to use to solve it.
- hints - some challenges will also have hints, which may or may not cost you points if decide to open them.
- attachments - some challenges will have attachments, these files may need to be analyzed to solve the challenge, and would probably give you the flag.
- deployment (instances) - some challenges will have deployments (a web service/application), which you need to interact with to find some vulnerabilities, and then exploit them to get the flag. These deployments are usually hosted on a remote server, and you will need to interact with them using a web browser or a tool such as Burp Suite, or netcat (in case of pwn challenges).
What you need to do?
- You will need to use various tools and techniques to solve the challenges. You will need to use your knowledge of various topics such as cryptography, networking, web application security, reverse engineering, etc. to solve the challenges.
- You need to look out for and find a
Flag, a string of text, in the challenge. A flag is a string of text that is usually in the format<SOME_NAME>{...}. You need to find this flag and submit it to the CTF platform to get points for that challenge. The challenge page will usually mention if the flag has a specific or unusual format. - A single challenge may have multiple flags, and you need to find all of them to get the maximum points for that challenge. More the points, higher you go on the scoreboard.
- You need to solve as many challenges as you can within the time limit to get the most points.
- Sometimes, you will need to solve a challenge before you can unlock/solve another dependent challenge.
- CTF organizers might release challenges in waves, i.e. a set of new challenges might be released at various intervals during the CTF. So, you need to keep an eye out for new challenges and solve them as soon as possible.
Hardware
You will most probably need a computer to participate in a CTF, such as a laptop or a desktop computer, with a fully-fledged operating system. You might be able to use a mobile phone or a tablet, but it is not recommended as it will be difficult to use the tools and techniques required to solve the challenges.
You will need to have a good and mostly unfiltered internet connection to participate in a CTF. You will need to be able to connect to the CTF platform and the challenge deployments. You will also need to be able to download challenge files from the CTF platform.
We do not recommend that you use your work-provided computers to participate in CTFs, as you might be violating your company's policies. Your employer, or pre-installed firewall or antivirus tools, might not want you to download an any hacking tools or maliciously looking files on your computer.
If you are student, your school/college lab computers might work, but you may be very limited to what you can download and install on those computers. You may also be limited to what you can do on those computers, as you might not have administrator privileges.
Traboda might be able to provide you with a browser-based VM, that comes with many tools and open internet for you to participate in the CTFs. Similarly, you may also yourself set up a VM on your computer, and use that to participate in the CTFs. We will discuss this in the next section.
Software
Operating System & VM
As you would know, for solving CTF challenges, you might need to use various tools. We recommend that you install these tools inside a separate environment such as a virtual machine (VM), so that you do not clutter your computer especially if you do not use these tools all the time.
You may use virtualization software such as VirtualBox, VMWare, or Hyper-V. We recommend that you use VirtualBox as it is free and open source. You may also use a cloud service such as AWS, Azure, or Google Cloud Platform, and spin up a server to do this.
Here are some VM images that you can use:
- Kali Linux - Popular Linux Distribution among Security Researchers with a lot of tools pre-installed
- Windows - Windows 11 Developer VM (Free & Genuine)
Tools
The tools you might need for a CTF would vary from CTF to CTF, and category to category. However, there are some common tools that you might need for most CTFs. Here are some of them:
- WireShark - Network Packet Analyzer
- Ghidra - Reverse Engineering Tool
- nc/netcat - Network Utility
- John the Ripper - Password Cracking Tool
- Hashcat - Password Cracking Tool
- Burp Suite - Web Application Security Tool
- Volatility - Memory Forensics Tool
We also recommend you to check out CyberChef, a web-based tool that can be used for various tasks such as encoding, decoding, encryption, decryption, compression, decompression, etc. CyberChef is widely regarded as the Swiss Army Knife for CTF players.
We have made a large list of tools that you might need for a CTF. You can find it here.
Practice
Practice makes perfect. You should practice solving CTF challenges before participating in a CTF. You can practice by solving challenges from various CTF platforms, and previous CTF challenges.
Here are some good CTF platforms to practice on:
It is also a good practice to go through writeups (or solutions) of previous CTF challenges to understand different types of challenges that you can expect, and to learn how to solve them. You can find writeups of previous CTF challenges on portals such as CTFTime.