DragonDefense
  • DragonDefense
  • Cybersecurity
    • Overview
  • Capture The Flag
    • About CTFs and General Advice
    • 2024 Target Cyber Defense Challenge
      • Tutorial
      • Defense
      • Offense
Powered by GitBook
On this page
  • What are Capture the Flag Competitions?
  • General Tips
  • More information and writeups
  • Other CTFs to try
  1. Capture The Flag

About CTFs and General Advice

Information on various CTF competitions

Last updated 8 months ago

What are Capture the Flag Competitions?

Capture the Flag Competitions (CTF Competitions or CTFs) are basically gamified learning competitions for cybersecurity. There are lots of them out there, all different, but most of them have different categories and different levels in each category, starting with easy challenges up to extremely difficult challenges. For instance, one category might be "Cryptography" and there might be 6 challenges in that category; 1 easy, 3 medium, and 2 hard. Some are solely for learning and bragging rights, while others have actual prizes at the end of them, such as scholarships or drones. Some have hints and some do not. For the most part, the challenges give you a question, sometimes resources such as txt files or reference sites, and realistically nothing else. Continuing with our Cyptography example, the easy challenge might simply say:

Given the following, what is the flag? ZmxhZ3thbUB6aW5nIX0=

If you've never studied Cryptography or done any CTFs previously, you might not know what to do and would need to start looking up information and reading about Cryptography. And that's how this works! Also, I'm not going to tell you the above. You'll know when you figure it out If this is frustrating for you, you're not alone and you might not entirely enjoy CTFs. But I'd still say to try it at least once if you haven't already.

General Tips

  • Don't compare yourself to others and give yourself grace. This is for learning and not a measure of who you are and what you can become! Recognize that others may have more years of experience than you. They may have more time than you do to dedicate to this. No matter what, just focus on what you can do and what you can learn from these. That's why they were created.

  • Use your resources. Unless there is a rule against it (and follow those rules!), you're welcome to look up anything and ask others. Also, it might help save some time to have ChatGPT or another AI explain some concepts like you're 5. I wouldn't recommend having it solve the challenge though! You still want to learn!

  • Take a break. Seriously. Sometimes that 30 minutes I spend walking my dog gives me a surprising number of ideas to work on. After I spent 5 hours trying to figure something out and had no idea what to do next, I took 30 minutes to walk my dog, and came back with the answer. Really! Breaks are important for our brains and we don't give them enough of them.

  • Try a different device. The device you're using will sometimes influence what your output is, so if you're having no luck on one device (like Windows or an Android phone), try another (like Kali or a desktop)! Same goes for different tools. If CyberChef isn't giving you what you think it should, try another tool.

  • Multiple same-name files: If you're given files that share the same filename for two different challenges, don't assume they are the same! Delete the old one and download the new one for the new challenge. You can always check if they are the same by using the "diff" command on Linux, the "fc" command in Windows, and the Compare-Object command in PowerShell. If the files are the same, nothing will be output and you'll get the command prompt again. If they are different, the difference will be printed out.

  • Spaces are important. Sometimes an errant or a missing space is the difference between a flag and a fail!

  • Always try escaping. Sometimes you KNOW you have the answer... it just doesn't work. Depending on what you are working on, sometimes the command you are running needs something to be escaped, like a file path. Every different tool has it's own escapes, which you'll have to look up on your own, but be mindful of that and try it if you think it'll help.

  • Know the Path. It's half the battle. Truly. Not only is it important when you are given information, but also... I've saved things and couldn't find it until I realized I hadn't specific the path and was looking in the wrong folder!

More information and writeups

Other CTFs to try

  • WiCyS - Target Cyber Defense (spring) and Security Training Scholarship (fall)

  • Hack The Box

  • TryHackMe

  • PlaidCTF

  • Root Me

  • CTFlearn

  • OverTheWire

  • PicoCTF

SANS Holiday Hack (past challenges available to try: and )

😄
Capture the Flag (CTF) 101 by WiCyS
https://ctftime.org/writeups
https://infosecwriteups.com/
JohnHammond's Repo
Google CTF
National Cyber League
Search Party CTF by Trace Labs
2023
previous