Capture The Flag for Beginners: You dream of being a cyber maven who is fluent in Python and always ready with the latest Kali distro. Yet your current reality is full of projects, papers, labs and sleepless nights with certification prep guides. How do you level up in these digitized Hunger Games? Even the promise of a college degree and certification badges added to your LinkedIn profile doesn’t erase the anxiety. You hate this feeling. No gamer likes being a noob. At best you feel like “imposter imperceptible” – apparently, only truly aware of enough acronyms to make it sound like you know what you’re doing.
Guess what you do know what you’re doing, and you are not alone. Everyone in cybersecurity starts out this way, and imposter syndrome can still sneak up on even the most experienced pros. If you want to get as good as the pros, then you should do what we’ve all done – and no, it’s not crying. Stop that. Getting “real world” practice Nobody learns to play the piano by watching someone else. You have to put your hands on the keys. It’s the same in cyber. Fortunately there are many free tools that you can download to set up your own virtual lab. Oracle Virtual Box and VMware Workstation Player cost nothing, but you need a computer with at least a quad-core CPU and 16 GB of RAM to run it well.
The software allows you to create virtual machines from different operating systems so you can practice. Most Linux distributions are free and many Microsoft Windows operating systems have 180-day trial versions. For cyber practice learning Linux is mandatory. Oh, there’s one more thing. Don’t waste your time with the GUI. Focus on the command line in Linux and PowerShell in Windows. From now on your “clicks” should be the sound of rapid keystrokes as you type commands. Cyber Competitions Imagine a game where you actually win by losing. Competitions introduce even the most dedicated cyber students to the “f-word” – Frustration. Competitions cover a lot of different situations. Problems progress from easy to hard and the clock is ticking. What you don’t know becomes very obvious and that’s the point.
Cyber competitions are tests of skill. The goal is to help everyone figure out what they know and what they don’t. Many cyber competitions also release write ups of each activity after it ends. These write ups step you through the problem and its solution, including identifying the tools that were used. Now you can go back into your virtual lab and learn how to use the tools. What the Heck are CTFs? Capture The Flag (CTF) is a cyber exercise where participants look for a hidden clue or file, a.k.a. the flag, by using cybersecurity tools. They are very common and no experience is necessary to play. The game gives you a taste of real world cybersecurity with activities often designed by cyber pros.
You can find individual and team games in a variety of formats. In Red versus Blue contests teams square off and either attack or defend a network. Jeopardy-style challenges use the popular game show’s answer-question format. Other CTFs focus on one or more skills such as cryptography, steganography, open source intelligence, digital forensics, protocol analysis, penetration testing, vulnerability testing, threat hunting, website exploitation and programming.
CTFs may be timed per task or timed per event. Some last a few hours and others last until you solve all of the puzzles or decide to walk away. How to get started? Cyber challenges require special tools and there are two Linux distributions which are packed with them: Kali and Parrot Linux. Unfortunately, Windows is more often a target machine in CTFs. What about Mac? Forget it. Choose one or both distributions and create virtual machines. You will run these machines during the competition. CTF activities are designed to be safe, but why put your computer at risk? Plus your system’s anti-virus and anti-malware programs will quickly eradicate many of the files you may need to work on during the event. Your virtualization software can be configured to reach the Internet. One word of warning – only do this for the competition. For all of your other practices make sure your virtual machines run in a host-only network. Having an internal network allows the virtual machines connected to it to communicate ONLY within that network, and no other – meaning malicious files can’t communicate with your host machine or your home network.
Turn on your virtual machine and log into your competition’s website. Then you can use your Kali or Parrot tools to work through the problems. You will quickly discover that you need more practice with the tools to really be effective. Don’t let that bother you now. Knowing what you don’t know is the best outcome if you’re new. You’re in for it now – what next? “Wait a minute – am I sure I know how to do any of this?” You’ll say those words to yourself a lot at first. Unfortunately the word “competition” makes us want to win the game. Forget about that for now. Just like the comedy show “Whose Line Is It Anyway?” the points don’t matter. What does matter is learning about the different types of problems and the tools used to solve them. Some CTFs offer practice gyms with guided instructions. Running through these a couple of times will improve your skill and your confidence.
A Few CTFs To Get You Started
Here are a few CTFs that you can try. These vary in difficulty, from beginner to experienced. Review each to determine which to start with.
- PicoCTF
- Cyber Skyline
- Hacker101 CTF
- TryHackMe
- GoogleCTF
- Mitre Cyber Academy
- National Cyber League
- Major League Cyber
- CyberStart
- DEF CON CTF
- SANS NetWars
- HackTheBox
A list of cybersecurity competitions within which anyone with a .EDU email address may participate
| Reference Materials |
|---|
| NSA open Source |
| CIA Hacking Tools |
| Google Search Operators: The Complete List |
| Director of National Intelligence Open Source Center |
| PacketLife Cheat Sheet Library |
| Red Team / Blue Team |
|---|
| Clint Bodungen’s ThreatGen Red vs Blue |
| SANS Blue Team Wiki |
| Red Team Cheat Sheets |
ITEN Wired Cybersecurity Competition (NWFL Only)
ITEN Wired in collaboration with University of West Florida’s Center for Cybersecurity host the ITEN Wired Cybersecurity Competition every October during the ITEN Wired Summit. The first cybersecurity competition was held in 2016. Each year The UWF Center for Cybersecurity host’s the competition in it’s own Cyber Center. In previous competitions each team was dropped into a poorly secured network where they act as incident responders. Teams would experience, document, and respond to various network attacks, testing their ability to detect, defend, and prevent various threats without prior preparations.
Attack-Defend CTF
An Attack-Defend Capture the Flag, also known as a Combative Capture the Flag (CCTF) or Red Team/Blue Team event is a cybersecurity competition where each team attacks the other team’s network resources while simultaneously defending their own. There are flags hidden throughout various network resources which attacking teams attempt to obtain while compromising various systems such as routers, servers, and host machines. Attacking teams are able to utilize various resources in order to compromise defending machines within the rules of the competition.
Jeopardy-Style CTF
A Jeopardy-Style Capture the Flag event is a knowledge based cybersecurity competition in which teams compete against one another in a question-answer format. Teams are given various categories to choose from containing cybersecurity related questions. Each question is assigned a point value according to the relative difficulty. Some categories include: cryptography, steganography, physical security, and network scanning.
National Cyber League (NCL)
The National Cyber League is a defensive and offensive puzzle-based, capture-the-flag style cybersecurity competition. Its virtual training ground helps high school and college students prepare and test themselves against cybersecurity challenges that they will likely face in the workforce. All participants play the games simultaneously during Preseason, Individual, and Team Games. NCL challenges are based on the CompTIA Security+ and EC-Council Certified Ethical Hacker (CEH) performance-based exam objectives and include the following content: Open Source Intelligence, Scanning, Enumeration and Exploitation, Password Cracking, Traffic Analysis, Log Analysis, Wireless Security, Cryptography, and Web Application Security.
NCL Games
| Game | Description |
|---|---|
| Preseason | Individual competition that allows the NCL to evaluate participants to determine their current skill level. After the preseason, players are awarded a digital medal. This allows students to compete in Regular Season with other similarly skilled participants. |
| Individual | Another individual competition that pits players against each other in their assigned medal groups. This is where player’s scores matter. Participants will be ranked overall and within their group. |
| Team | Where Regular Season players form teams with 2 to 5 members to compete (no flag sharing with other teams). Various levels of experience and expertise are brought to the table in this situation. Many consider the Postseason game the highlight of their NCL experience. Each team’s group is determined by the average Regular Season score of the team’s members. |
Scoring
Players/teams participate in a type of computer security game called a Capture-the-Flag (CTF). In CTF games, players/teams race to answer security-related challenges, often searching for digital “flags” hidden on servers, in encrypted text, or in applications. Challenges within the CTF are open-ended and require expertise and skills in a wide range of security-related topics. When a player/teams submits a flag, they receive points for solving the challenge. The player/team with the highest cumulative score at the end of the game wins. Players/teams are scored on their ability to successfully complete the challenges and obtain the flags therein. Most challenges in the Spring Season contain more than one flag. To accumulate points, players/teams receive a pre-assigned point value for successfully submitting a flag. The point value for some flags is determined by the NCL difficulty rating system. The total score for a player/team is the sum of points for all successfully submitted flags.
While game challenges are available to all players/teams, there are increasingly difficult challenges included to test players/teams with more advanced skills.
Bracketing
The existing NCL bracketing is removed as of Fall 2021 and there will no longer be bracket-specific leaderboards.
NCL made this change because they do not believe bracketing is currently serving its intended purpose. Bracketing was supposed to make NCL more approachable to beginners by creating a fairer comparison so that beginners could be compared to beginners while advanced players would be compared to other advanced players. However, getting into a bracket no longer seems to be a matter of simple classification, but a goal in itself. We have seen players disappointed that they did not get placed into the Gold bracket, particularly for the Team Game. Gold bracket currently carries a level of prestige which it should not because getting into Gold bracket is a classification that occurs before the actual competition even starts.
Medals
Digital medals are being added and will highlight performance during the Individual and Team Games. Even though NCL removed bracketing, the terms “Gold”, “Silver”, and “Bronze” will not go away. Instead, they will be used to describe new medals.
5 divisions of digital medals will exist, and within each of these divisions will be 4 numeric tiers with tier 4 being the lowest and tier 1 being the highest.
| Digital Medals |
|---|
| Bronze |
| Silver |
| Gold |
| Platinum |
| Diamond |
Each division will represent a range of 20 percentile scores with each tier representing a specific range of 5 percentile scores within their corresponding tier. More details about medals will be published soon.
Gymnasium
The NCL Gymnasium provides practice challenges to help prepare players for the Individual and Team Games. While practicing in the NCL Gym, players can access a solutions guide that includes step-by-step instructions to help them understand the more difficult challenges.
Preseason Game
A goal of the NCL is to provide beginners with an entry point into cybersecurity games through preparatory exercises, while also challenging and engaging players who have already mastered similar content. As part of the Preseason, participant knowledge and skills will be assessed through a mandatory Preseason game.
Individual Game
The Individual Game is the portion of the NCL where individuals compete on their own, without the assistance of others, to solve game challenges. The game challenges are aligned with preparatory exercises and allow participants to validate the knowledge and skills they are developing in the NCL Gymnasium. Flag-sharing is not allowed.
Team Game
Real-world cybersecurity work is often done in teams. The NCL Team Game provides a safe and challenging environment for players from the Individual Game to apply their knowledge and skills in a team setting. The team game requires players to work together to solve real problems, with real deadlines, under time (and in some cases) technical and resource constraints. No flag-sharing with other teams allowed.
Resources
