Start here

What CTFs are about

In the context of cybersecurity, a CTF, short for "Capture the flag", is a type of challenge, where the goal is to find a hidden string of characters, the flag.

In order to get the flag, the player usually has to break or hack into systems and do things a usual user is not supposed to be able to do.

Common examples of CTF challenges are

• getting into admin-panels of websites you are not supposed to access (cf. WEB SECURITY)
• decrypting secret messages you are not supposed to be able to read. (cf. CRYPTOGRAPHY)
• corrupting programs to do things they are not intended to do. (cf. BINARY EXPLOITATION)

CTFs can also be about finding out what exactly a program is doing or what has happened on a specific system. This includes:

• Examining and reverse engineering binary programs or mobile applications. (cf. REVERSE ENGINEERING)
• Solving a digital forensics case. (cf. DIGITAL FORENSICS)
• Analyzing network traffic to discover vulnerabilities in protocols (cf. NETWORK ANALYSIS)

Less common, but still present, are challenges like

• Getting secret information from a microcontroller using side-channel analysis (cf. HARDWARE SECURITY)
• gathering information about a fictional target using publicly available sources like social media (cf. OSINT)