Open in app

Sign in

Write

Sign in

Mystery behind CTFs

Shreyansh Sancheti
4 min readSep 15, 2020

--

Some people say CTF(Capture the Flag) means a cybersecurity puzzle, a virtual learning experience, a hacking competition involving various categories. All these definitions are a mere fact of what CTF is. But the real definition of CTF is that it is a treasure map. Where skills are tested based on real world incidents. It is basically a roadmap for anyone who is enthusiastic and eager to learn about Cybersecurity.Cybersecurity is very vast and broad stream, we just can’t learn everything but

“ Learning is a treasure that will follow its owner everywhere.”

- Dr. Mayur Ajmera

So as this stream is, here treasure is related to skills you learn and earn through solving or competing in CTFs. The purpose behind every CTF is that, every participant should learn new skills to defend against the Black hat hackers and the people who misuse this knowledge. Moving on to my views, I don’t have that much knowledge as I am also a beginner to this branch of study but still I learned most of the new things and specific things by solving various CTF challenges, some practice labs that are also open source and started to collect my treasure(skill, knowledge) through this map(CTF).

Types of CTF :-

1. Jeopardy Style :-

The most common type of CTF where a series of challenges are given and you will see the challenges from different categories like web exploitation, cryptography, XSS scripting, pwning, Forensics, reverse engineering. Depending on the creator what he want to make focus on challeneges are categorized. Simply, participants have the freedom of choosing the challenges they want to focus on and the evaluation is based on submitting a special 32 hexadecimal string which is called as FLAG. After solving every challenge you get the hidden flag and the points are based on submitting the flags only.

This type of CTF can be seen in DEFCON CTF and NYU Polytechnic Institutes Cyber Security Awareness (CSAW).

2. Attack/Defense Style :-

This type of CTF is divided into Red team and Blue team. Red team — attacking team whereas Blue team- defense team.

Both teams are provided with servers with vulnerabilities and hidden flags.

Blue team has the only role to play defensive , they defend the systems or the servers with the hidden flag and patch any weakness they find on the spot. This work is required timely so that other team could not attack or exploit their weakened server. Also they cannot exclude their attacks by using firewall because that goes against the rules they will have to manually find or scan for the vulnerabilities and work on the solution to prevent any attack.

Red team has the offensive role to attack the other team and grab their flags, they can get into the systems of other teams and their only purpose is to violate or exploit the servers.

Purple Teams are designed to enhance information sharing between the Red and Blue teams to maximize their respective and combined effectiveness.

These are more popular CTF with more complexity than jeopardy.

3. King Of the Hill :-

This category is the most interesting one — as there are multiple teams participating at the same time on multiple vulnerable servers. The first team to conquer the central hill server rewarded with points and their task is to ensure no one gets the server from them so they first attack and defend the same server. Time is given for the competition and the team maintaining the access of the central server till the time ends is rewarded more points.

A special coded mechanism checks every server in intervals for rewarding points to the teams.

King of the Hill competitions usually have “blackbox” challenges where participants have no knowledge or information about the system that they are trying to break and then defend.

4. Linear CTF :-

This type of CTF focuses on a specific category and presents a series of questions with puzzles and hints. In Linear CTF the questions are to be solved in an order which is mandatory.

It is just a like a puzzle game and a perfect example of treasure map where sequence matters, one question will lead to another question where it can be story based

5) Mixed :-

This category includes both attack/defense and jeopardy style that consists of set of question to solve and at the same time to attack on other team and defend their own machines.

As a beginner i solely recommend to go through these sites to get started as a learner or enthusiast who wants to know more about Cybersecurity or infosec :-

To get the basic and far most skills you need to join

i) portswigger.net

ii) bug crowd research community.

iii) hackerone.com

Then to get more familiar with CTF challenges you can try :-

tryhackme and hackthebox.eu

— — these two platforms are the best for one to get the most knowledge, also you can solve offline challenges on Vulnhub.

“The more you learn the more you grow, the more you grow the more you make country prosper. “

Happy Hacking!!

— Shreyansh Sancheti

VIEH group|www.viehgroup.com

Reference used -

ctftime.org

ctf.zone

Cybersecurity
Ctf Writeup
Ctf
Hacking For Defense

--

--

Shreyansh Sancheti

Written by Shreyansh Sancheti

2 Followers

A Cybersecurity Researcher and Enthusiast | B.Tech student | Intern at VIEH Group

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams