A path to get from a capture the flag (CTF) newbie to an active participant.
Are you interested in participating in a capture the flag event? This is the place to be if you have no prior experience and want to learn more about CTFs.
A CTF is a competition to practice the knowledge and skills required within various cybersecurity disciplines. Some people participate to learn skills to advance their careers, others do it as a hobby.
There are various types of CTFs.
- Jeopardy style is a collection of trivia style questions to test basic knowledge about cybersecurity topics.
- Attack & Defense CTFs are more hands on. Teams are given identical "cyber terrain", usually a virtual private server. They must then defend their own server and attack opposing teams servers.
- Hybrid is... you know.
In order to become more comfortable with the command line I recommend a couple of resources.
- Over The Wire: Bandit Wargame - This website is a great tool to introduce you to the linux command line and many useful commands.
- Under The Wire: Century Wargame - This will introduce you to the Windows command prompt.
- Hacking The Art of Exploitation - This book was instrumental in forming my understanding of exploitation.
CTFs are run at many times all over the world. Some you have to be local and onsite, others you can participate virtually from anywhere in the world.
- CTF Time website - This site lists many events.
You will want to build a virtual environment to practice in. Here are a couple of virtual machines I've used in the past.
- Pico CTF
- A CTF style learning environment run by Carnegie Mellon University.
- CTFlearn
- A collection of challenges to help you learn and practice CTF skills.
- Ubuntu - This is a ubiquitous OS and an easy learning curve for those whom never have used Linux.
- Kali Linux - This is a powerful OS favored by many who are experienced cybersecurity practitioners.
- Parrot OS - Another popular Linux OS that comes in various states, from fully loaded to bare bones.