What is CTF?
Capture The Flag challenge, better known as CTF, is an Information Security competition that requires contestants to exploit a machine or piece of code to extract specific pieces of text that may be hidden in a web page or a server known as the flag. It can comprise of many challenges across various genres such as Reverse Engineering, Networks and Protocols, Programming, Crypto, Web Security, Exploits, etc. All these puzzles have just one goal, capture the flag!
Why should you CTF often?
Why You Should Start Doing CTFs? Capture The Flag (CTF) is a competition in the Information Security field. The main idea is to simulate different kinds of attack concepts with various challenges, which eventually opens your mind to look at things from a different perspective no matter which side of infrastructure you are on. CTFs generally expose you to things You Wouldn’t Learn Otherwise.
If you’re a developer it would teach you how to write secure code. If you’re an Ops/DevOps professional, it would teach you to setup your infrastructure and practices around it in the most secure manner.
So, Why shouldn’t you do it? Plus it’s kinda fun too!
How should you begin ?
Coming to the most important section of this blog with hope that you are slightly convinced to pick up CTF for once at least. Great!
So let’s focus on the how and where part of CTFs now.
Firstly, here you can find a list of all the CTFs going around the world, be it offline or online.
Here you’ll see that there are mostly two types of CTF organized. Maximum times, it’s the Jeopardy style CTF where you are provided a list of challenges and award points to individuals or teams that complete the challenges; groups with the most points wins.
And sometimes if you’re lucky you’ll find Attack-Defense style CTF where CTFs focus on either attacking an opponent’s servers at the same time defending one’s own. You get points for attacking other teams and points are deducted every time an opponent attacks your system.
A good place to start for various genres are listed below :
→ Linux : https://overthewire.org/wargames/leviathan/ , https://overthewire.org/wargames/bandit/
→ Web : https://owasp.org/ , https://sourceforge.net/projects/owaspbwa/ https://overthewire.org/wargames/natas/
→ Reverse Engineering : https://www.root-me.org/ ,
https://crackmes.one/ http://reversing.kr/challenge.php→ Binary Exploitation: https://ctf101.org/binary-exploitation/overview/
→ Pwn challenges : http://pwnable.kr/ , https://pwn0.com/
→ Cyber Forensics: https://ctf101.org/cryptography/overview/
Rest, Always have faith on google to show you the light when it gets dark!
Feel free to join this group on Linkedin to learn and share more on security and DevOps
References : https://blog.usejournal.com/why-you-should-start-doing-ctfs-1c5e88eacabc
Opstree is an End to End DevOps solution provider