Capture the flag(CTF): The security game of developers

21 Jun 2020 in CTF

What is CTF? Most of the developer are familiar with this CTF as this is the doorway for taking the first step in the field of security. Any developers first priority is security. They don’t want to leave a door open in their site for hackers to exploit. now, how do they gain the experience to protect their site? CTF provide exactly that. Its a playground for developers to play and learn what threats their site can face in the real world and how to fix them without risking their products. Like many competitions, the skill level for CTFs varies between the events. Some are targeted towards professionals with experience operating on cyber security teams. These typically offer a large cash reward and can be held at a specific physical location. Other events target the high school and college student range, sometimes offering monetary support for education to those that place highly in the competition! CTFs can be played as an individual or in teams so feel free to get your friends onboard!

Where do I start?

if CTF seems exciting to you, let me tell you where you can start playing it ring away.

Learning

• Introduction to common ctf technique [https://ctfs.github.io/resources/
• Tips and tricks to solve typical ctf challanges faster [https://trailofbits.github.io/ctf/forensics/
• solution to previous CTF challenges [https://trailofbits.github.io/ctf/forensics/

  Resources

  -CTF event tracker [https://ctftime.org/

• list of tools and reading [https://github.com/apsdehal/awesome-ctf

### Tools

• Binwalk[https://github.com/ReFirmLabs/binwalk
• Burp Suits-Feature packed web penetration testing framework
• Stegsolve- pass various filter to look for hidden text
• GDB-Binary debugger
• COMMAND LINE. DEFINITELY. DUH! ### Practice Many of the “official” CTFs hosted by universities and companies are time-limited competitions. There are many CTFs however that are online 24/7 that can be used as practice and learning tools. Here are some that I found to be friendly for beginners.

-[https://ctflearn.com -A collection of various user-submitted challenges aimed towards newcomers

-[https://overthewire.org/wargames/ -A series of progressively more difficult pwn-style challenges. (Start with the bandit series)

-[https://2018game.picoctf.com/ -Yearly time-limited CTF now available to use as practice

Conclusion

GOOD LUCK OUT THERE!