At the beginning of September I took part in my first CTF (Capture The Flag). I've always been a bit hesitant about tackling a CTF due in some part to a lack of time, but a larger part of having an Impostor Syndrome. I was always worried about not finding any flags and as a result feeling like I have failed. How wrong could I have been!
Into the Unknown
One of the things that I found that the CTF does very well, is get you out of your comfort zone. I have essentially been doing the same role for just over 5.5 years now (boy do I feel old), and as a result I have become very accustomed to my current role. Don't get me wrong, I love my current job. But I have become so used to the systems which I am responsible for, that I'm often not actively trying to learn new skills or really push the bounds of my current skills. This helped me realize that there are a few areas which I could spend a bit more time learning new skills as well as completely new areas which I never paid any attention to.
Depending on the format, most CTF's are a team based effort. This provides a fantastic means to build on team work and collaboration. It is also a great opportunity to share ideas and new skills with one another. It's a fantastic way for those who are just getting into the security field to see what is out there, and test the waters so to speak.
CTF's are another fantastic tool to help create security awareness in an organization. Let's face it, would you rather actively try hack a system, getting points (and possibly even a prize), or would you rather sit in front of a computer having to read pages and pages of documents and/or slides? I know for certain which one I would prefer.
I've become a huge fan of CTF's on both a personal level (to better my current skills) as well as a tool which I can use to help train others. I would highly recommend having a look at some of the existing CTF's out there, take part in them, and even host your own.
Here are a list of resources which should hopefully help you on your way to your CTF journey:
- https://www.hackthebox.eu/ - Platform which hosts several CTF challenges.
- https://www.vulnhub.com/ - A platform which hosts vulnerable systems some of which have flags to capture.
- https://www.hackthis.co.uk/ - Another platform which systems to hack.
- https://github.com/facebook/fbctf - Platform developed by Facebook which allows you to host your own CTF.