Listen to this article

Capture the Flag, or CTF, refers to an information security competition in which contestants solve various tasks such as exploiting a webpage, reverse engineering some source code, or even hacking into a server to steal data. In these tasks the goal is to retrieve a piece of text hidden somewhere on the server or in the source code. This is called the ‘flag’, hence the name. CTF competitions may be played individually or in teams, and most of the challenges do not require prior programming knowledge. For some challenges, however, you may be required to look up some information on the net before solving them.

CTFs may be divided into two categories:

  1. Jeopardy-style CTF: It involves solving a series of challenges, and a certain number of points is awarded on completion of each challenge. The team with the most points wins.
  2. Attack/Defence style CTF: Participants try to “attack” opponents’ servers while “defending” their own.

One of the (jeopardy-style) CTFs I participated in recently was the picoCTF, which I will describe in the following lines.

So what is picoCTF?

PicoCTF is a free CTF competition for middle and high school students (including college students), created by experts at Carnegie Mellon University, Pennsylvania. It consists of a series of challenges testing various skills such as reverse engineering, web exploitation and cryptography, to name a few. Each challenge is allotted a certain number of points according to its difficulty, and teams compete to accumulate as many points as possible. The competition aims to deliver hands-on experience to those who are interested in cyber security.

The 2019 competition of picoCTF was held between September 27, 2019 and October 11, 2019. However, the problems of the competition can still be accessed by creating an account with picoCTF, making them useful for practice.

PicoCTF – My Experience

Before this competition, I had not participated in a “capture the flag” competition before – this was my first CTF. PicoCTF introduced me to the concepts of information security, and the principles involved in protecting as well as hacking computer systems. For example, I encountered codes which kept a password in an “encrypted” form, rather than directly mentioning the password in the source code. Some of the challenges had to be done on the Linux shell, and made me research about some of the commands used there. There were also some webpages which had a flag hidden somewhere in the HTML code in the form of a comment! These challenges were very interesting, and overall, even though I did not win any prize, it was a memorable experience.

Sources:

https://dev.to/atan/what-is-ctf-and-how-to-get-started-3f04

https://picoctf.com/about

(Visited 419 times, 1 visits today)

Related Posts

9 thoughts on “Capture the Flag (CTF) in Cyber Security

  1. Ohh! This is a completely new concept I read about. But it was quite knowledgeable, though a few words did do a trick on my mind. Great article though!

  2. I am completely a non tech person and have to idea about tech terms. with this post, I had learnt a lot about CTF and its different aspects. thanks for sharing.

Leave a Reply