The Ultimate Guide on How to get started in CTFs?
Welcome to another awesome series, my aspiring hackers, which is called the CTFs. So, as a hacker or a cybersecurity professional, We have to make the cyberspace secure better. There are different roles in Cyber-security which are responsible for different tasks to do.
The Role in security is equally divided into both the white hats and the black hats, If there aren’t bad guys, there is no need to patch and update any security. The art of hacking is a miraculous job of modifying systems and pwning it. So. The credit goes to both the dark and the bright side.
We generally termed hacker or Ethical hacker for a person who hacks. But In reality, there is nothing like a hacker or an Ethical hacker, when we use the term “hacker” which means a “penetration-tester” or “pen-tester”.
What is Pen-testing?
Pen-testing is the process of testing the security of the computer system and network in order to find potential vulnerabilities. A person who performs a pen-test or break into the security of any computer system or network is called the Pen-tester.
In Pen-testing or Cybersecurity Industry, the roles are broadly classified into two terms:
- Blue team: Blue team is referred to as those individuals who develop and ensure the network and computer system security and avoid and detect any intrusion. They use different techniques and tools to make the security better and take measures to mitigate the attack.
- Red team: Red team is referred to more on the offensive side of things. The individuals on the Red-team are mostly “pen-testers” who tries to break in the security to test the application/network.
What is CTF?
CTF stands for Capture The Flag. It is an outdoor sport which is played by two teams. In this, each team has to go to the enemy base and get the flags, whosever got the flag first, wins the game.
What is Capture The Flag in Cybersecurity?
Capture the flag in Cyber-security is a contest or event in which a hacker tries to compromise machines in order to get and find flags in the machine. It is like a challenge or a puzzle game with each flag you get closer and eventually wins. CTF are of 4 types in computer security but we mostly count is two.
- Attack/Defense style: In Attack/Defense style CTF, Each team of hackers tries to compromise each other system/machines/networks and at the same time defending it. Just like the original CTF game, you have to get the flags from the enemy’s side and defend your flag also. Two of the most prominent attack/defense CTFs held every year are at DEF CON, which is the largest hacker conference held every year at Las Vegas and the other is NYU-CSAW (Cyber Security Awareness).
- Jeopardy Style: This is the most common type of CTF. In this instead of having its own machines, the hacker has to compromise given machines in order to get the flag. It is more kind of a racing event, where you get points on each challenge you solve and get ahead of others. A lot of people compete on online platforms on this.
These are the most commonly known CTFs other two are:
- King of the Hill: The king of the Hill type of CTF is very interesting. It is like the attack/defense CTF but rather than having their machines. Each team tries to compromise a single machine whosever gets the access first. Then, they have to defend the machines to avoid losing it. It is more likely that, you have given a fort, whose army will get it first will capture it and then have to defend against other armies who are coming to capture the fort.
- Hardware Challenges: In this, player get unknown pieces of Hardware and was asked to bypass the physical security. It is more on the physical side of things rather than the technical side of things.
How to start learn hacking using CTFs?
So, now you know, what a CTF is, what are its types. So how can we learn to hack with the CTF?
Let me tell you something and what I think, why CTFs are necessary and how can you learn by it.
CTFs are more likely a simulation of real-world scenario, not exactly. I know, now many will say to me, “Hey! In CTFs, the machines are intentionally vulnerable”, I know. The real and practical side of hacking is Bug bounties, where you get paid if you find a bug in an application but CTFs are good for practicing penetration testing and sharpen your skills.
Most of the time, we learn a concept and follow up a tutorial for a tool to do the task. Some times we never get in-depth of a concept like Steganography, in which we hide text or message in an image. We won’t be doing any practical of it very often and most of the time, we don’t have enough machines to test different vulnerabilities. We can use Metasploitable 2 to exploit Linux and other vulnerabilities but that’s a Linux machine, what about a Windows Machine? You can’t have enough machines to test and practice your skills legally and deeply. So that’s when CTF is a good choice.
So, why should you learn CTF:
- It provides you with machines to practice.
- You learn more concepts and get hands-on experience.
- It makes up a mindset of your on how to approach things and choose a methodology.
- It improves your problem-solving skills.
- You can compete and get to know like-minded people.
Where to find and learn from CTFs?
Ctftime.org is the website which holds the information of all the CTFs and also the incoming one, You can get the information there.
- Try Hack me: Try Hack me is an online platform that teaches Cyber-security hands-on experience using virtual labs. I personally use Try Hack me and I am very satisfied with it. I will be posting Try hack me Walkthroughs also. Here: https://tryhackme.com/
- Pico-CTF: Pico- CTF is a free computer game or CTF specially designed for middle and high school students but you can also try it. Here: https://picoctf.com/
- Hacker101: The famous bug bounty platform Hackerone has a CTF under Hcaker101 where you get a simulation of a real-world scenario and you try to compromise it. Here: https://ctf.hacker101.com/
- Vulnhub: Vulnhub is an online platform which provides machines for CTFs for offline purpose. You can download an image and run on your local machine using Vmware or Virtual Box. Here: https://www.vulnhub.com/
- Hack the Box: Hack the Box is one of the most famous CTF platform which provides labs to test your skills. here: https://www.hackthebox.eu/
So, here are some of the resources, you can use, other good resources to learn hacking is “Invent Your Shit”. Yes, we will soon be posting walkthroughs, so you can use, if you get stuck, till then Play CTFS and “keep hacking”.