What is Capture the Flag(CTF) for Beginners

If you know me at all, then you must be known  i am a Huge fan of Mr.Robot, it is a Psychological cyber crime suspense thriller drama, Coming back to me i'm a Security engineer, Research enthusiast, Coder,Pen-Tester and a Python lover.

This blog is all about what is  Capture the Flag Contest (CTF) , i hope most of you are not  aware of  TCS Hacquest ,it is a Campus Level Technical competition similar to other Capture the Flag(CTF) events conducted across the globe. The event is entirely dedicated to Ethical Hacking where we have to find the vulnerabilities and report them to using a report template provided by TCS having a package of 6LPA for freshers those looking for a job in Cyber security

What is CTF (Capture The Flag) ?

Capture the Flag (CTF) is a competition that related to information security where the participants will be test on a various of security challenges like web penetration testing, reverse engineering, cryptography, steganography, pwn and few others more. Participants must get the “flag” to gain their points. So, the team who have the highest point at the end of the game will be the winner.

Usually, CTF competition is free and most of CTF out there are online and organized by various organizer. The organizer not just a big company, but also the organizer may from various local universities. Eg: DEFCON CTF ,NULLCON, C0CONX1 ,Google CTF etc.

Why participate in CTF?

There are few reasons why you must join CTF competition: –

1.         To gain knowledge and experience in Cyber Security environment and Real time Hacking 

2.       Hobby

3.       Socializing and networking

4.       To make your resume awesome!

Sometimes, when you participate on CTF, the industry will acknowledge your skill and maybe you will be recruited as one of their staff.

Types of CTF

There are three common types of CTFs: Jeopardy, Attack-Defence and mixed.

1.         Jeopardy-style CTF
Jeopardy-style usually have multiple categories of challenges, which contains a variety of questions of different point values and difficulties.

2.       Attack-defence CTF
While on this type of CTF competition, each team is given a task to defend their network or server and the other will attack the opponents. Teams may attempting to take an opponent’s flag from their machine by pwn(own)  the opponent’s machine.

Usually the flags that organizer give are easily recognizable strings, like “FLAG{th1s1s7h3fl4g}” so that participants don’t miss them.

Categories of challenge in Jeopardy-style CTF

In such competitions there usually are different categories of challenges and within each category, challenges are sorted by their difficulty.

Traditional categories include:

1.         Web: This type of challenges focus on finding and exploiting the vulnerabilities in web application. The may be testing the participants’ knowledge on SQL Injection, XSS (Cross Site Scripting), and many more.

2.       Forensics: Participants need to investigate some sort of data, like do a packet analysis on .pcap file, memory dump analysis and so on.

3.       Cryptography: Challenges will be focus on decrypting a encrypted strings from various type of cryptography such as Subtitution crypto, Caesar cipher and many more.

4.       Reversing (or Reverse Engineering): RE usually need participants to explore a given binary file weather PE file, ELF file, APK or some types of other executable binary. Participant need to find the key by decompilation, disassemble using static or dynamic analysis or other reverse engineering tools.

5.       Exploitation: Within this type, the goal is to build an exploit, very often for a binary, though sometimes for a Web application. Almost always contestants have (explicit) access to the source code of the application, unlike the Reversing category, where a big part of the challenge is that you have to essentially play “in the dark”.

6.       Miscellaneous: Everything not listed else that is still relevant to Information Security is in this category. This need require Google-Fu skill.

CTF Preparation:

if you are well enough in above topics , then you are  ready to go. for further CTF blogs and writeup check below links

https://medium.com/bugbountywriteup/tagged/ctf

https://ctftime.org/event/list/

https://www.defcon.org/html/links/dc-ctf.html

About TCS Hackquest, Check below Link:

https://campuscommune.tcs.com/en-in/intro/contests/hackquest-30

Think Out of the Box and Capture the Flag

Very smart people are often tricked by hackers, by phishing. I exclude myself from that. It's about being smarter than a hacker. Not about being smart