What is a CTF?
A CTF (Capture the Flag) event is a type of hacking competition that challenges technical knowledge and outside of the box thinking. There are two main types of CTF challenge: jeopardy and attack / defend.
Jeopardy CTFs are the most common style and are probably the best place to start out. Challenges are grouped by category, with points being assigned to each challenge according to difficulty.
The idea is to collect tokens (flags) as proof of having solved various tasks. CTFs are targeted at a range of skill levels, many of the popular ones are designed for high-school students.
Web challenges are generally anything to do with login forms, SQL databases, or anything else that can be hacked in a website.
Forensics is often about analysing some supplied data to understand and be able to retrace some events that took place.
These challenges are all about decoding encrypted data to figure out the secret message inside.
Binary challenges revolve around compromising a compiled program by supplying it with specific data in order to violate the intended boundaries of its operation.
Anything else that doesn’t belong in the above categories usually ends up in Misc. These can vary wildly and are usually good to have a go on if you get stuck in any of the main categories.
Why do I want to do this?
CTFs are a great way to learn new skills by exposing yourself to challenges you’ve never seen before. They are great fun and if you work on them in a team, also good experience for teamwork and understanding how other people think.
Where do I get started?
Check out Trail of Bits’ CTF Guide for more details on what’s involved.
Some events such as PicoCTF keep their challenges open after the end of the event so you can work on them after the scoring period is over.
CTFTime has a good list of upcoming events
#ctfschannel on our slack is a good place to rally around and get a team put together.
(If you get stuck on anything it’s also a great place to ask for help).