Capture the Flag (CTF) is a special kind of information security competitions. There are three common types of CTFs: Jeopardy, Attack-Defence and mixed.
Jeopardy-style CTFs has a couple of questions (tasks) in the range of categories. For example, Web, Forensic, Crypto, Binary or something else. A team can gain some points for every solved task. More points for more complicated tasks usually. The next task in a chain can be opened only after some team solves previous task. Then the game time is over the sum of points shows you a CTF winner. A famous example of such CTF is Defcon CTF quals.
Well, attack-defence is another interesting kind of competitions. Here every team has their own network(or only one host) with vulnerable services. Your team has time for patching your services and developing exploits usually. So, then organizers connect participants of competition and the wargame starts! You should protect own services for defense points and hack opponents for attack points. Historically this is the first type of CTFs, everybody knows about DEF CON CTF – something like a World Cup of all other competitions.
Mixed competitions may vary possible formats. It may be something like wargame with special time for task-based elements (like UCSB iCTF).
CTF games often touch on many other aspects of information security: cryptography, stego, binary analysis, reverse engineering, mobile security and others. Good teams generally have strong skills and experience in all these issues.
Now in this blog, I will be focusing only on the Jeopardy-style CTFs and will provide write-ups for them. I will start from the very beginner stage and then slowly increase the level of the problems I am providing write-ups for.
So, if you are a beginner it’s highly recommended that you start reading this blog from the very beginning.