A Capture-the-Flag (CTF) is a very popular format for cybersecurity competitions that will present individuals (or teams) with on-line challenges. CTFs typically use a ‘Jeopardy’ style format that has categorized questions with different point values (refer to Basic Cyber Competition Skill Domains for potential categories). Below are some ‘Cyber Competition Tips’ :

Cyber CTF Competition Tips:

  1. Build a Personal Cyber Lab
    1. Create a personal cyber lab with required software pre-installed (Kali Linux), wifi enabled and key websites bookmarked.
    2. Review the Basic Cyber Competition Skill Domains for suggested tools to pre-install and websites to bookmark.
  2. Practice
    1. Practice entry-level challenges using CTF portals (e.g., picoCTF, overthewire/bandit, etc.)
    2. Use web search engine (i.e., Google) to find articles and videos walking through how the challenges are solved (e.g., picoCTF write-up beginner challenges, overthewire bandit wakthrough , etc)
  3. Stay Organized
    1. Keep a notepad (or document) open to copy key data (e.g., file names, commands, passwords, flags, etc,) for quick reference.
    2. Create folders to keep copies of files for quick reference
  4. Prioritize and Watch the Clock !
    1. Look at the categories and point values – indication of difficulty level.
    2. Focus on categories that you have expertise in first.
  5. Read Carefully and Look for Hints :
    1. The challenge name is almost always a hint – google category name
    2. Read the challenge carefully – google category and keywords
  6. Determine the Challenge Type:
    1. Refer to Basic Cyber Competition Skill Domains for examples of general categories and links to reference information.
  7. Is There a File ?
    • filename or extension may be a hint.
    • Run ‘file [filename]‘ to determine file type and next steps (e.g., text, executable, image, zip, etc.)
    • Understand how to use Basic Linux Commands like ‘file‘, ‘cat‘, ‘strings’, ‘gzip’, ‘chmod’, ‘grep’, ‘cmp’, ‘sort’, and ‘mount’.
  8. Watch for Case Sensitivity
    • Most of the cyber tools and challenge responses are case sensitive
  9. Keep it Moving and have Fun!
    • Don’t get stuck or frustrated.
  10. Reflect after you are done
    1. What were your lessons learned ?
    2. What did you enjoy ?
    3. What do you want to work on ?

Additional References