Open in app

Sign up

Sign in

Write

Sign up

Sign in

InfoSec Write-ups

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow publication

Member-only story

Beginner’s Guide to CTFs

Vickie Li
InfoSec Write-ups
Published in
6 min readMar 19, 2020
Photo by Darpan Dodiya on Unsplash

Security CTFs, or Capture The Flag competitions, are a great way to learn how to hack. They are competitions where competitors compete to try to find a “flag” to prove that they have hacked into a system.

Why do CTFs?

They are one of the best ways to learn specific security skills, like binary exploitation, web exploitation or reverse engineering.

And since you often play CTFs in teams, CTFs are also a great way to make friends with likeminded security nerds. There are many collegiate-level CTFs where you can compete with fellow students, and you’ll find that many practicing security professionals play CTFs as well.

Finally, CTFs train your hacker persistence. The CTF experience of getting stuck in a challenge, persist and finally finding a solution models real-life hacking scenarios. CTFs teach you to remain patient and optimistic when you are stuck hacking.

Types of CTFs

There are two main types of CTFs: Jeopardy-style and Attack-Defense-style.

Jeopardy-style CTFs are essentially a list of hacking challenges that you can complete for flags that are worth a certain number of points. These challenges involve exploiting a vulnerability or solving a programming challenge to steal a “flag”. Teams compete to see who can find the most flags and gain the most points under a time limit.

The hacking challenges in Jeopardy-style CTFs are often sorted by difficulty levels, so beginners can easily participate as well. There are often different skillsets that you can choose from, from cryptography, reversing, binary, web, programming, forensics, networking challenges to problems that are a mix of some or all of these skills.

A more advanced version of CTFs is the Attack-and-Defense-style CTF. In these competitions, teams defend their own servers against attack, and attack opponents' servers to score. These CTFs require more skills to compete and are almost always done in teams. For example, the annual DEFCON CTF finals is an Attack-and-Defense-style CTF.

CTF skills

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Continue in app
Or, continue in mobile web

Already have an account? Sign in

InfoSec Write-ups
InfoSec Write-ups
Follow

Published in InfoSec Write-ups

57K Followers
Last published 9 hours ago

A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters. Subscribe to our weekly newsletter for the coolest infosec updates: https://weekly.infosecwriteups.com/

Follow
Vickie Li
Vickie Li
Follow

Written by Vickie Li

18.6K Followers
24 Following

Professional investigator of nerdy stuff. Hacks and secures. Creates god awful infographics. https://twitter.com/vickieli7

Follow

Help

Status

About

Careers

Press

Blog

Privacy

Rules

Terms

Text to speech