Capture the Flag - Intro

Introduction

  Capture the Flag is a means of teaching cybersecurity principles through practical games. Players either try to find flags (often text strings) either held by the event host or other teams using various tools and techniques in order to win. (source Wikipedia)

  The game originated at DEF CON, but after learning that there are a few online platforms to play and learn, I thought it would be fun to try it out. Though I’ve only made it through the first few very basic challenges, used almost all the hints, and caved to looking up what to do next a couple times, I’ve really been enjoying it and can feel myself learning quickly.

Where to Learn and Play

  • picoCTF was created by Carnegie Mellon University. They run a two week timed CTF competition every year, then post many previous challenges in a practice section of the site.
  • pwn.college was created by Arizona State University. It’s used to grade some of their upper division computer science students, so they’ve asked that details of their modules and challenges not be posted online so it can remain a viable educational and assessment tool.
  • hackthebox advertises itself as the largest cyber-security community on the internet. They have free to start, subscription to continue further challenges, certifications, and more. I haven’t learned very much about this platform yet, but they’re so popular I wanted to include this here for my later reference.

Goals

  My goal with this series of posts is to document my thoughts and process as I go through some of these challenges, starting with picoCTF. In order to respect the guidelines of pwn college, if I do any writing on their material it will just be my thoughts on the section and nothing that could be a hint or guidance through their modules. If I run out of material or just need a change of pace, I’ll move on to hackthebox.

Next Steps

  When interacting with any of these platforms, I’ve read its good to use a virtual machine in order to give yourself another layer of security. When connecting to platforms where some very knowledgeable hackers are, it seems like a good idea to be as protected as possible. My next post will detail how I set up my virtual machine with Virtual Box so I could get started with CTF challenges.