Capture The Flag (CTF) Resources For Beginners
Beginner-Friendly Resources To Help With Your CTF Journey
Are you new to Capture The Flag (CTF) competitions and looking for resources to help you get started? Whether you’re interested in learning about cybersecurity, cryptography, web exploitation, or reverse engineering, there are plenty of resources available to help you sharpen your skills and excel in CTF challenges.
In this article, we’ll explore various categories of CTF resources, where to start practising solving challenges and where to find helpful resources you need before and during CTF games.
General CTF Resources
The resources below are aimed at building up your essential CTF knowledge.
👉 What is CTF in hacking? Tips & CTFs for beginners by HTB
Introduction to what CTF events are, why you should play CTFs, types of CTF challenges, how to get started and where to find additional educational resources. This is a great place to start reading.
👉 Introduction to CTFs (HTB)
A quick and practical introduction to getting started with HackTheBox (HTB) CTF events. This guide covers everything you need before you participate in a HTB CTF event.
👉 The CTF Primer
This is an amazing guide from the folks at picoCTF, one of the largest and most well-known CTF providers for CTF beginners. The CTF Primer is a succinct but complete guide (or textbook) on the essential categories of cybersecurity CTF challenges and how to solve them.
👉 CTF Field Guide
The CTF Field Guide is a comprehensive resource that covers a wide range of topics relevant to CTF competitions, including cryptography, forensics, web exploitation, and more. It contains walkthroughs of past CTF challenges, guides to help you design and create your own toolkits and case studies of attacker behavior, both in the real world and in past CTF competitions.
👉 CTF 101
CTF 101, known as the “CTF Handbook”, is a helpful guide for those new to Capture the Flag (CTF) competitions. It covers the basics, introduces key techniques, and provides strategies to get you started. With this resource, you’ll gain a solid understanding of CTFs and feel more prepared to tackle your first challenges.
👉 CTFTime
CTFTime is a platform that lists upcoming CTF competitions worldwide. It’s a great way to discover new competitions and stay updated on upcoming events. The website is a central hub for all CTF players and teams where they can see their rankings, information about an event (location, difficulty, number of participants etc.) and write-ups of previous CTF challenges.
Cybersecurity Challenges
Ready to experiment and try out some of your CTF skills? Here are a few places where you can get started, learn and practice fundamental cybersecurity techniques to solve cybersecurity problems.
💻 General
⭐️ ️ PicoCTF
PicoCTF is a beginner-friendly CTF competition aimed not only at students, where it traditionally began but suitable for anyone interested in learning cybersecurity skills. It covers a wide range of topics and provides challenges of varying difficulty levels.
⭐️ ️️️ picoGym
picoGym is a playground for practising CTF skills, offering a collection of past PicoCTF challenges. It’s designed for continuous learning, allowing participants to work through various problems at their own pace, refine their cybersecurity skills, and prepare for upcoming competitions.
⭐️ ️ Hack The Box
Hack The Box is a platform that hosts virtual machines with cybersecurity challenges. It offers a hands-on learning experience for penetration testing and ethical hacking. It offers a gamified, hands-on upskilling in cybersecurity fundamentals all the way up to advanced scenarios.
⭐️ ️ Hack The Box CTF
Hack The Box’s CTF platform is a dedicated environment designed for capture the flag competitions, offering a variety of cybersecurity challenges that test participants’ skills in exploiting vulnerabilities, solving puzzles, and gaining unauthorized access in a controlled, competitive setting.
⭐️ ️ TryHackMe
TryHackMe is an online platform that provides virtual environments for cybersecurity training. It offers guided pathways and rooms covering various topics, from basic to advanced.
⭐️ ️ OverTheWire
OverTheWire hosts a variety of war games that are perfect for beginners to practice their cybersecurity skills. These games cover topics such as basic Linux usage, cryptography, and network security. OverTheWire’s Bandit is the most popular and beginner-friendly path for those seeking to learn and improve their Linux-fu.
⭐️ ️ UnderTheWire
UnderTheWire is a PowerShell wargames site with hands-on challenges that help beginner CTF players learn key PowerShell concepts and Windows security skills. It’s a great way to build your scripting know-how and prepare for PowerShell-based tasks in CTFs. If you’re new to PowerShell, this site offers a practical learning path to strengthen your expertise.
⭐️ ️ Codebashing
CodeBashing is a platform for learning secure coding through interactive exercises that focus on recognizing and avoiding common security vulnerabilities. It uses real-world examples to help developers improve their security skills and write more secure code. This makes it a valuable resource for CTF challenges involving programming tasks, as it provides the skills to understand application logic, spot vulnerabilities, and create secure scripts to solve challenges.
㊙️ Cryptography
💠 Cryptopals
Cryptopals is a set of cryptography challenges designed to help beginners learn about cryptographic vulnerabilities and attacks. It covers topics such as encryption, decryption, and cryptographic protocols.
💠 CryptoHack
CryptoHack is a platform that offers interactive cryptography challenges for beginners and advanced users alike. It covers topics such as classical ciphers, modern cryptography, and cryptanalysis.
🌎 Web Exploitation
✴️ OWASP Juice Shop
OWASP Juice Shop is an intentionally vulnerable web application designed by the folks at OWASP to teach web security in a realistic setting. It covers topics such as SQL injection, XSS, and CSRF.
✴️ PortSwigger’s Web Security Academy
PortSwigger’s Web Security Academy provides free online training resources for learning web security testing techniques. It offers labs and tutorials on topics such as XSS, SQL injection, and more. This is THE best resource for learning web application penetration testing from the folks who wrote the bible on the subject: “The Web Application Hacker’s Handbook”.
🔨 Reverse Engineering
💠 Crackmes.one
Crackmes.one is a platform that hosts reverse engineering challenges. It offers challenges of varying difficulty levels, for beginners to advanced users.
💠 Challenges.re
Challenges.re is a platform that offers reverse engineering challenges designed to test and improve your skills in analyzing compiled code and uncovering hidden logic. It provides a range of tasks with varying difficulty levels, from basic to advanced, making it a great resource for learning and honing your reverse engineering skills.
👷 Binary Exploitation
🔺 Pwnable.tw
Pwnable is a website that hosts binary exploitation challenges, including reverse engineering and exploit development tasks. It’s a great platform for practising low-level exploitation techniques.
🔎 Forensics
💠 Root Me — Forensics
Root Me’s Forensics challenges train you in digital investigation skills by analyzing memory dumps, log files, network captures etc. These forensics challenges are aimed at teaching you the methodologies, techniques and tools associated with digital investigation.
💠 Root Me — Network Forensics
Root Me’s Network Forensics challenges provide you with network packet captures you need to analyse to solve these challenges. These challenges deal with network traffic including different protocols.
💠 picoGym — Forensics
PicoCTF’s picoGym features forensics challenges that test your skills in analyzing digital artifacts and uncovering hidden information. You can practice at your own pace, solving tasks that range from simple file analysis to extracting hidden data. It’s a great way to build your forensics skills in a Capture The Flag setting.
❓ Steganography
💠 Root Me — Steganography
Root Me’s steganography challenges let you test your skills in hiding and extracting information from images, audio, and text. They vary in difficulty, providing a good mix of tasks to build your steganography skills. If you’re interested in Capture The Flag, these challenges are a solid way to practice different techniques and explore the world of steganography.
Many CTF platforms host challenges that involve steganography, where participants are required to uncover hidden information within images, audio files, or other media. Platforms such as Hack The Box, TryHackMe, picoGym’s Forensics, and OverTheWire frequently include steganography challenges in their CTF events.
Useful Tools During CTF Play
The following tools are my go-to during the CTF competition. Having them at the ready will save you valuable time and you will no doubt end up using some of them frequently.
🌟 CyberChef
CyberChef is a web application for analyzing and decoding data. It provides a wide range of tools and functions for data manipulation, conversion, and decryption. CyberChef is particularly useful for quickly performing various operations during CTF challenges, such as encoding/decoding, hashing, and text manipulation.
🌟 RapidTables
RapidTables is a comprehensive online toolset for various calculations and conversions. It includes tools for arithmetic operations, unit conversions, binary/hexadecimal conversions, and more. RapidTables is helpful for performing quick calculations or conversions needed during CTF challenges.
🌟 dCode.fr
dCode is a website offering numerous tools and algorithms for cryptography, mathematics, and puzzles. It provides tools for decrypting ciphers, solving mathematical problems, and generating passwords, among others. dCode is a valuable resource for tackling cryptographic challenges encountered in CTF competitions.
🌟 Factordb
Factordb is an online database containing factorizations of large integers. It allows users to quickly lookup known factorizations of numbers, which can be useful for solving cryptographic challenges involving prime factorization or RSA encryption. Factordb is an invaluable resource for CTF participants working on challenges related to number theory or cryptography.
🌟 PayloadAllTheThings
PayloadAllTheThings is a comprehensive GitHub repository containing a vast collection of payloads, attack techniques, and security testing strategies across various topics, such as SQL injection, XSS, and command injection. It’s an invaluable resource during CTFs because it provides ready-to-use payloads and examples that can help you understand and solve CTF challenges, making it an essential tool for both beginners and experienced players.
Annual CTF Competitions
Playing big annual CTFs is a fantastic way to put all your practice to the test. What better way to challenge yourself than by diving into an annual CTF competition? These events are fun, attract large numbers of players, and usually have a Discord channel, giving you a chance to network, share tips, and even find teammates for your CTF journey. Below are some of my favourite ones.
👉 HTB Cyber Apocalypse CTF
Hack The Box’s Cyber Apocalypse CTF is a huge annual Capture The Flag competition that’s all about fun, drawing around 13,000 players from across the globe. It has a great mix of challenges — web exploitation, reverse engineering, cryptography, forensics, and binary exploitation. After the event ends, you get access to video walkthroughs, write-ups for each challenge, and there’s usually an after-party event where you can revisit challenges, try new solutions, and take screenshots for your own write-ups. Plus, there’s a custom Spotify playlist 🎵 to set the mood! What more could you ask for in a CTF?
👉 picoCTF Competition
PicoCTF Competition is a popular annual event, drawing around 7,000 players globally. It’s known for being beginner-friendly, offering multiple hints for most challenges, making it perfect for newcomers. Once the CTF is over, all challenges are added to the picoGym or the Practice area of picoCTF, allowing you to revisit them anytime and solve them at your own pace, providing an excellent opportunity for continuous learning and skill-building.
Conclusion
As we wrap up this article, I’d like to thank you for reading through to the end. Let’s summarise what we covered in this blog post.
We’ve discussed beginner articles that demystify CTFs and explain why they’re valuable for your cybersecurity journey, regardless of your current skill level. We explored resources to build foundational knowledge for tackling your first CTF challenges, platforms to practice before entering a competition, and tools to help you work efficiently during a CTF game.
If you’re new to CTFs, don’t worry — it can seem overwhelming at first, but start with the guides and articles from places like Hack The Box to get a feel for what’s involved. Once you’ve got the basics down, try structured resources like “The CTF Primer”, “CTF 101” and “The CTF Field Guide” to deepen your understanding and level up your skills. TryHackMe’s CTF Collection Vol. 1 and Vol. 2 rooms are also good entry points.
If you need to brush up on Linux fundamentals, start with TryHackMe’s “Linux Fundamentals” rooms, then move to OverTheWire’s “Bandit” for more practice.
If you’re looking for a gentler introduction to CTFs, start with picoGym. It’s perfect for beginners and offers multiple hints for most challenges.
Annual CTF events can be a good way to track your progress and meet other players but don’t overlook the many smaller CTFs happening every weekend. You can find them on CTFtime.
Before diving into any CTF, though, get comfortable with the tools and resources covered in the “Useful Tools During CTF Play” section. Knowing how to use these tools will give you an edge during competitions.
❗️ One more tip: Read write-ups or watch video walkthroughs from past CTF challenges. Even if you’ve solved them, it’s a great way to see different approaches and pick up new techniques.
Ultimately, CTFs are about having fun and learning, so dive in, experiment, and improve your skills.
If you want to see how I solved previous CTF challenges, check out the detailed walkthroughs I’ve shared below.
👉 HTB Cyber Apocalypse CTF 2024 Write-ups
👉 picoCTF 2024 — Write-up — Web
👉 picoCTF 2024 — Write-up — Forensics
👉 TryHackMe CTF Collection Vol. 1
👉 TryHackme CTF Collection Vol. 2
So jump in, play for fun, and hone your skills and I wish you good luck with your fun and educational journey :)
