A capture-the-flag (CTF) is a very popular format for cybersecurity competitions that will present individuals (or teams) with on-line challenges ( see link). In addition to fundamental IT skills, the following cybersecurity competition skill domains are recommended to prepare for a CTF. Each domain link below has some recommended steps, tools and reference information:

Cybersecurity Competition Skill Domains:

  1. General:
  2. Open Source Intelligence ( DNS lookup, meta data, )
  3. Cryptography  (Ceasar, Rot13, b64, vignere, stegnography, etc. )
  4. Log Analysis  (grep, sort, unque, compare, gawk)  
  5. Scanning  (open ports, hidden pages, vulnerabilities)   
  6. Web Exploitation  (source code, cookies,  robots.txt, hidden directories/Dirbuster) 
  7. Password Cracking (Hashcat,  brute-force, dictionary,  John, rockyou.txt,  etc.)
  8. Network Traffic Analysis  ( OSI Layers, protocols, IP Addresses, Encryption,  wireshark, )
  9. Enumeration & Exploitation ( executable files, source code, strings, reverse engineering,   hexeditors )
  10. Wireless Security (Wireshark, encryption, protocols, Physical & IP addresses ) 


  1. Cybersecurity Capture-the-flag (CTF) Competition Tips
  2. Recommended Tools for a CTF