It's officially CTF Season! Some tips n' tricks to help

Published by Rajvi Khanjan Shroff, November 15th, 2020

Author:

Rajvi Khanjan Shroff

So....what exactly are CTFS? Have you been wondering how you can join one, or if you have been to a few, how to improve your score?

You've come to the right place --- this handy guide has you covered!

An introduction

CTFs, or Capture The Flag, is a cybersecurity competition that helps in practicing cybersecurity concepts using various challenges, with the goal of finding "flags" (hence the name.) Flags are often strings of text, numbers, and special characters and can be discovered upon a successful completion of a challenge. These challenges span a lot of topics, here is a visual that can help break it down further:

Here are some example CTFs that you can join:

1. Pico CTF: https://picoctf.org/

2. Cyberstart America: https://www.cyberstartamerica.org/communities/

3. National Cyber League: https://nationalcyberleague.org/home

With the beginning of many high-school level CTFs, now is the perfect opportunity to perfect your skills. So, without further ado, here are a few quick and easy tips to get the most of your time:

** NOTE: Be sure to check out the Youtube version of this article for a more visual experience ;)

Link: https://youtu.be/2EPUQJkuZGY

Here is the breakdown:

Research & Reading the field manual
Log your learnings!
Use past resources
Participate in more CTFs!
Don’t forget to take breaks

The value of researching & using your resources wisely:

The internet is one of the largest assets in solving CTF challenges: being able to identify the skill a particular challenge is testing and then sleuthing through the vast resources at one's fingertips with the advent of Google is a lifesaver. Especially if you are relatively new, simply doing a search can pull up a whole list of websites and videos that can make it easier to solve more.

However, as we all know, sometimes google searches tend to be nothing more than a few precious hours worth of time down the rabbit hole. So how are we to get the information that we need, and solve the challenges as quickly and efficiently as possible? This brings me to the 2nd point: Use the built-in resources! Most CTFs contain a "field manual" or resource center that is a great tool to refer to time and again. It explains, for the most part, everything it is that you might want to know in order to successfully solve challenges, and are a great launching board for when you do need to do some more research. So be sure to use 'em!

Creating a Learning Log:

It can a great idea to have a log of your learnings: noteworthy details like the technique you used to solve a particular challenge, how you realized what needed to be analyzed further/what stuck out to you, can be great to jot down. A google doc, a notepad--anything goes, whatever helps you process what you are learning and have a helpful record to look back on! It can be a great way to touch base with if you come back to CTFs after a long time or even flip back to in a few months time to see how far you have come.

Use past resources:

For most of the high-school student oriented competitions, there are usually write-ups/video walk-throughs for past challenges by the competition holders or participants. For instance, PICO CTF has released videos on their Youtube Channel that are an excellent guide for study and reflection! If you are stuck on how to solve a particular problem, it can be helpful to look back on how a similar concept (say, a web challenge or a server-based problem) was solved in previous years. If you are new to a particular, it is a good idea to attempt solving the challenges on your own and refer to the videos as needed for hint or inspiration.

Participate in more CTFs:

And lastly, practice makes perfect! CTFs are a long term way of understanding cybersecurity at a deeper and more holistic level. Hence, don't worry if it doesn't make total sense at the beginning--the more you participate in these sorts of competition, the better it will all fit together. Another great way to learn more is to find write-ups of the solutions for previous years' competitions.

Don't forget to take breaks:

The fun part of the CTFs is that they are interesting puzzles that often take hold of your imagination! They pique your interest --- sometimes to the point where hours go by on the same challenge! When one is so close to finding the flag, endless hours can slip by in attempts to break through. However, it is important to recognize that it is best to take a break. Listen to music, chat with your friends, or do some light reading, and then come back to it; you may just find the flag more quickly than you thought possible!

So there you have it--hope this helped you out, and carpe diem!