What is a CTF?
Harrison: CTF (Capture The Flag), are global competitions in which teams attempt to “hack” into a variety of systems using intentionally placed bugs. For every system we are able to break into, the team earns points. The team with the highest number of points in the end wins. There are 2 different types of CTF’s. In a Jeopardy style CTF, we are given a list of systems to break into whereas in an attack- defense style CTF’s, we are given a server that we must protect and use to hack into other teams’ machines.
What is the difference between a CTF and a Hackathon?
Zilin: In a Hackathon, your task is to work in a team to create something from scratch and build it from the ground up whereas a CTF is a contest in which your team has to try and find vulnerabilities in programs or websites.
What is your favourite thing about CTF’s?
Z: My favourite thing about CTF’s is the ability to hack into things legally. We are able to gain experience on breaking websites and reversing programs, which are things that we usually wouldn’t be able to do.
How has competing CTF’s helped you in school or your extracurricular activities?
H: Since our the computing curriculum does not cover the security aspects of it, participating in CTF’s give us the techniques to protecting ourselves from cyber attacks. For example, when making our websites, after our most recent CTF- Internetwache, we found php had a very big door on regexp, and file uploads. This led to us revamping our sites to seal these doors
What was your favourite CTF this year and why?
H: The latest CTF we did Internetwache was my favourite because it wasn’t beyond our scope. We were able to solve many of the challenges and we ranked in the top 10% and this particular CTF also brought up many security vulnerabilities that still exist today.
What is one piece of advice you would give to someone who is interested in participating in CTF’s?
Z: One piece of advice for someone who is looking to get into CTF’s is to not feel overwhelmed by their first competition. The first one will be very difficult, but that’s the case for everyone. To get better you have to read lots of write-ups and learn the necessary tools that other CTF teams use. It’s definitely difficult but incredibly rewarding if you stick with it.
Where can I learn more about CTFs?
Z: ctftime.org is a good resource for information about upcoming CTF’s and trailofbits.com has a beginners guide for those who are just starting out. ctf-tools by Zardus is a comprehensive collection of tools that CTF teams use, but the quickest and most effective way to learn to successfully complete CTF’s is to participate in them and read write-ups as practice.