I recently got into the world of CTFs and wanted to help others with this short write-up. Consider this a starting point guide for you to begin with.
What are CTFs?
Let’s start with what CTFs even are. Capture The Flags (CTFs) are challenges/competitions designed to simulate diverse cybersecurity scenarios with the goal of capturing flags. These flags usually consist of strings of text or files that are concealed within systems, applications, or network services.
CTF challenges span a broad spectrum of domains, including cryptography, reverse engineering, web exploitation, binary exploitation, forensics, and beyond.
What do I need to know before starting?
Before you start you need to have basic understanding of networks, some programming skills and know cybersecurity concepts like encryption, hashing, and common vulnerabilities like XSS and SQL injections.
I highly recommend starting with Professor Messer Network+ videos on YouTube if you need a refresher on how networks work and follow it up with the Ethical Hacking course videos provided by The Cyber Mentor to give you a good idea about the fundamentals.
Recommended CTF Platforms and Websites
Now, let’s go over the places that I recommend for new people to start with CTFs, which are fun and more importantly beginner-friendly!
RootMe from TryHackMe
Next up we have RootMe from TryHackMe which is an easy room where you answer questions which also can be used as a guide for you on how to move forward.
It is more than okay to look things up online or on YouTube if you get stuck in any challenge and need a bit of help!
I recommend TryHackMe in general if you are new in the world of cybersecurity since they got a lot of free materials and they always add new materials to their site.
CTF > 101
On this site you can learn about methodologies and techniques that you might need in a CTF from cryptography to different types of exploitation's.
And it is always good to have a handbook to go back to if you have not done a certain technique in a while!
Link: https://ctf101.org/
Root Me
Hundreds of different challenges await you on this site with solutions in chase you get stuck. Have not done it myself but a lot of people told me good things about it and I am going to do them myself in the future.
Link: https://www.root-me.org/
picoCTF
A well know place for beginner friendly CTFs is picoCTF. They teach the skills you need and they also have cool challenges!
They not only provide a platform for learning but they also have CTF events of their own!
Link: https://picoctf.org/
CTF TIME
And if you now wonder where everyone finds and signs up for CTF events: CTF Time is the place for that.
Link: https://ctftime.org/
Join a Team
Everything is more fun when there are more people involved so why not join a team?
I was lucky enough to get invited into an awesome team with some big names in the cybersec world but you should not have a problem finding like-minded people yourself in discord servers or online communities.
You could join the TCM discord server for example and find people there.
Link: https://discord.gg/tcm
Introduce yourself by sharing a few words about who you are and maybe list your skills or certifications rather than just a simple “hi”.
Not only is it cool share knowledge and tackle challenges together but you learn to work in a team which is important if you want to work in cybersecurity or IT in general.
Final Words
Hope this is going to help some of you who where interested in CTFs but had no idea where to start.
Now you should be ready to go out there and make a name for yourself!
