How to solve CTFs
Capture The Flag (CTF) is one of the most interesting ways to learn cybersecurity. Learning through playing is an effective way to boost your skills and start in the cybersecurity field.
I will discuss all that you need to know about capture the flag (CTF) competitions, challenges, tools, resources, and how they can help you boost your career.
In this blog, I will help newcomers to these types of competitions and provide them with the skills required to get started in cybersecurity or seek a new career in information security.
What is a CTF Competition?
CTF stands for Capture the Flag, this is a cybersecurity competition or a game where you are facing a vulnerable challenge, and usually, your main goal will be to exploit it.
Capture the Flag competitions usually simulate real-world scenarios by demonstrating some famous vulnerabilities so you can practice and sharpen your skills. You can participate in a CTF competition either individually or in a team depending on the competition rules.
And as proof of your success, you need to find a particular piece of text called a flag. It proves that you have done the mission successfully. This flag is what you are going to submit.
What is a Flag?
A flag is some sort of text/MD5 hash that you submit to the CTF portal to get the challenge points.
Flag Format Examples:
flag{Th1s_1s_c00l_fl1g}
Flag{9e58967420ac5b2d87578e88b389e306}
What is a Write-up?
A writeup is a full documentation on how to solve a certain challenge. Reading writeups will help you to gain more knowledge and enhance your CTF skills. However, make sure to read the write-up only when you are really stuck in solving the challenge.
Types of CTF Competitions
There are two common types of CTFs: Jeopardy and Attack-Defense:
1. Jeopardy CTF
This type includes problems (challenges) like web, machines, digital forensics, reverse engineering, OSINT, and others. Teams or individuals will gain points for any correct challenge they solve.
Points are defined depending on the difficulty of the challenge, (i.e.: challenges labeled as hard will help you to gain more points).
Challenge Types
Jeopardy-style CTFs challenges are typically divided into different categories. You will find below the most common types:
Cryptography
It includes understanding the different encryption algorithms (for example RSA, AES, DES ) or even some custom encryption algorithms that you need to understand to decrypt a message. Digital Forensics It includes file format analysis, steganography, memory dump analysis, or network packet capture analysis.
Reverse Engineering
It includes the process of taking compiled code like .exe files or .apk or others and trying to convert it back into a more human-readable format.
Web Security
It includes discovering vulnerabilities in web applications and exploiting them.
Exploitation
Exploiting a service to find the flag, reverse engineering techniques are also applied here to analyze the structure and behaviors of the binaries.
Network Security
It includes analyzing traffic data like pcap files and others.
Open Source Cyber Intelligence
Using different open-source intelligence techniques to gather information about some target.
Machines
Where you need to scan a machine and find vulnerabilities to get in then you may need to get the highest privilege on the box to read the flag.
2. Attack-Defense
Here, each team has its network of insecure devices (or just one host). Your staff typically has time to repair the infrastructure and fix vulnerabilities.
So you will defend your own services for defense points and attack opponents for getting attack points.
CyberTalents offers organizations and universities to host their own CTFs either Jeopardy or Attack and Defense style. Check out more
Skills Required to Play CTFs
It depends on the category you will play, but in general, there are some common skills between almost all categories that will help like:
- Basic understanding of networking.
- Programming (python, maybe assembly and C/C++ for reverse category).
- Linux command line.
There are skills related to each category that will help you:
1 - Web Exploitation
- Basics of web programming languages
- OWASP Top 10
- For more check resources here
2 - Machines
-
Basics of penetration testing
-
Web exploitation knowledge
3 - Cryptography
-
Mathematics background
-
Basic ciphers knowledge
-
Symmetric and asymmetric encryption methods
-
Suggested books here and here
4 - Reverse Engineering
-
Understanding of low-level languages (assembly)
-
Check the skills here
After getting these basic skills you can start focusing on a specific category to master it and note that the learning process is continuous. You will keep learning new stuff every time you study a course/read a blog/read a book/play a CTF.
The most important skill you need to have is to be persistent, you won’t be able to solve challenges from the first day. You will need to practice days and nights to be able to solve your first group of challenges. So, don’t give up easily, and keep trying.
Why is it Better to Learn Cybersecurity through CTFs?
Some recruiters keep their eyes on the top winners at the competitions which is a great opportunity to get an interview with big companies. Rather than that participating in competitions proves your skills and can be sometimes enough for applying for security jobs.
Onsite CTFs could give you the chance to extend your network and this could help you to gain more opportunities/support from the community.
Most cybersecurity field professionals recommend learning by participating in CTFs even if you are a complete beginner.
When we had an interview with Eng. Ibrahim Mosaad, Product Security Engineer at Facebook, said “CTFs help you work in large companies. I am currently working at Facebook and the main reason that helped me work there was participating in CTFs. It helped me very much so if you would like to work for a large company and have ambition, focus on playing CTFs”.
He continued “Track your performance for a year when you first start playing CTFs and see how your performance will develop.”
Moreover, CTFs can help sharpen your technical skills and get some other benefits like:
- Know your weak points and focus on developing them.
- Enhance your methodology/ approach for a real-world engagement.
- Learn basics for other categories you are not interested in.
- Build critical thinking skills.
- Participating with teams will enhance your technical/ communication skills.
- As it is a competition, it is motivating and thrilling.
- It will motivate you to learn more to get a higher rank in the next CTF.
- In some competitions, getting higher ranks will make recruiters contact you to offer jobs.
- Most of the competitions have valuable prizes for the top winners.
How Can CTFs Improve Your Cybersecurity Career?
CTF challenges test participants’ skills in areas such as cryptography, network analysis, and reverse engineering. These challenges are designed to simulate real-world scenarios that cybersecurity professionals face daily. By participating in CTF challenges, you can gain valuable experience and hone your skills in a safe and controlled environment.
One of the biggest benefits of participating in CTF challenges is that they can help you get noticed by potential employers. Many companies and organizations use CTF challenges as a way to recruit cybersecurity talent.
By performing well in these challenges, you can demonstrate your skills and knowledge to potential employers. This can help you stand out from other candidates who may not have as much hands-on experience.
In addition to helping you get noticed by potential employers, participating in CTF challenges can also help you become a better cybersecurity professional. These challenges require you to think creatively and develop innovative solutions to complex problems. By practicing these skills in a CTF environment, you can develop the critical thinking and problem-solving abilities that are essential for success in the cybersecurity field.
How Can I Learn More About CTFs?
Start practicing on the easy challenges of the category you are interested in if you get stuck, no worries you can check the writeups offered by the platform or the community and understand why you have been stuck. Surely you will learn new stuff.
After having Hands-on experience, you can start participating in Capture the Flag events and it is fine if you can’t solve some challenges, checking writeups after the Event ends will Expand your knowledge eventually.
Practicing regularly and participating in CTF events will make you eventually comfortable with the categories you are interested in.
The best way to learn is to practice on platforms that offer challenges with the CTF style like:
- CyberTalents
- PicoCTF
- Portswigger (Web challenges)
- Rootme (Web challenges)
- Cryptohack (Cryptography challenges)
- Cyberdefenders (Digital Forensics)
- TryHackMe
- Hack The Box
CTF Tools You Might Need
To start in Capture the Flag (CTF) competitions, we have listed some of the basic tools that you can use ordered by different challenges categories:
WEB
- Burp Suite: A commonly used tool for testing web applications with several features one of them is a burp proxy for intercepting HTTP requests.
- Cookie Editor: A useful browser extension for editing cookies.
- SQLMap: SQL injection and Database Exploitation tool.
- DirBuster: Directory brute forcing tool.
- XSSer: Useful tool to detect, exploit and report XSS vulnerabilities.
Crypto
- Rsatool: A tool used to calculate RSA and RSA-CRT parameters.
- CyberChef: Web app for analyzing and decoding data.
- PkCrack: A tool for Breaking PkZip-encryption.
- QuipQuip: An online tool for breaking substitution ciphers or vigenere ciphers (without key).
- XORTool: A tool to analyze multi-byte xor ciphers.
Digital Forensics
- ExifTool: A tool used for reading, writing, and editing meta information in a wide variety of files (e.g. JPEG, JPG, JPE).
- Wireshark: A tool for analyzing Network traffic and PCAP files.
- Linux installation: apt-get install Wireshark.
- Audacity: A tool for analyzing audio files (e.g. .mp3,.wav, etc).
- Foremost: Extracting files based on their headers, footers, and internal data structures.
- Stegsolve: A tool used for applying different techniques to images.
- Volatility: To investigate memory dumps.
Reverse Engineering
- IDA Pro: Most used Disassembler and Debugger.
- Exploitation
- DLLInjector: Inject dlls in processes.
- libformatstr: Simplify format string exploitation.
- Metasploit: Penetration testing software.
- One_Gadget: A tool to find the one gadget.
- Pwntools: CTF Framework for writing exploits.
- Qira: QEMU Interactive Runtime Analyser.
- ROP Gadget: Framework for ROP exploitation.
- V0lt: Security CTF Toolkit.
How to Join CTF Events?
Most public CTF competitions can be found at ctftime.org where you can find the upcoming competitions and then the CTF official link will be attached where you can register easily once the registration is open, also you can read the past competitions’ write-ups to gain more knowledge.