DEV Community

Cover image for How to solve CTF ☠️ (Capture_the_flags)
Kiran Sethumadhavan
Kiran Sethumadhavan

Posted on

How to solve CTF ☠️ (Capture_the_flags)

#ctf #programming #beginners #webdev

Challenge types

Jeopardy style CTFs challenges are typically divided into categories. I'll try to briefly cover the common ones.

Cryptography - Typically involves decrypting or encrypting a piece of data

Steganography - Tasked with finding information hidden in files or images

Binary - Reverse engineering or exploiting a binary file

Web - Exploiting web pages to find the flag

Pwn - Exploiting a server to find the flag

Where do I start?

If I managed to pique your curiosity, I've compiled a list of resources that helped me get started learning. CTF veterans, feel free to add your own resources in the comments below!

Learning

http://ctfs.github.io/resources/ - Introduction to common CTF techniques such as cryptography, steganography, web exploits (Incomplete)

https://trailofbits.github.io/ctf/forensics/ - Tips and tricks relating to typical CTF challenges/scenarios

https://ctftime.org/writeups - Explanations of solutions to past CTF challenges

Resources

https://ctftime.org - CTF event tracker

https://github.com/apsdehal/awesome-ctf - Comprehensive list of tools and further reading

Tools (That I use often)

binwalk - Analyze and extract files

burp suite - Feature packed web penetration testing framework

stegsolve - Pass various filters over images to look for hidden text

GDB - Binary debugger

The command line :)

Practice

Many of the "official" CTFs hosted by universities and companies are time-limited competitions. There are many CTFs however that are online 24/7 that can be used as practice and learning tools. Here are some that I found to be friendly for beginners.

https://ctflearn.com - A collection of various user-submitted challenges aimed towards newcomers

https://overthewire.org/wargames/ - A series of progressively more difficult pwn-style challenges. (Start with the bandit series)

https://2018game.picoctf.com/ - Yearly time-limited CTF now available to use as practice

Conclusion

CTF is a great hobby for those interested in problem-solving and/or cyber security. The community is always welcoming and it can be a lot of fun tackling challenges with friends.

Thank you for reading!
Happy Hacking ☠️

Listen to my favorite Lofi music Tracks
https://www.youtube.com/watch?v=_C12AC2Cxn8

Ask Cyber Security related question on
https://discourse.heeraj.com/

Join my telegram Group to know about latest Ethical hacking news and tools more than 270 members I have big plans for you .....
Join Now
https://t.me/infosecbugbounty

Top comments (1)

Collapse
 
justinnn07 profile image
Justin Varghese

🔥🔥

Read next

trish_07 profile image

Building a Simple TCP Server in C

Trish -

mantisus profile image

12 tips on how to think like a web scraping expert

Max Bohomolov -

msnmongare profile image

M-Pesa Express (STK Push) API Guide

Sospeter Mong'are -

mikeyoung44 profile image

TokenFormer: Rethinking Transformer Scaling with Tokenized Model Parameters

Mike Young -