The word “cybersecurity” often brings to mind the stereotypical image of a hacker sitting in their basement while running lines of complicated code in order to break into some top-secret database. While this situation may be real in some cases, the world of cybersecurity includes so much more, with the ultimate goal of actually stopping these “black hat” hackers.
Although cybersecurity is a more specialized field, a great way to begin learning about it in a hands on environment is through capture-the-flag style competitions (CTFs). In these virtual competitions, participants navigate through a wide variety of different security-related challenges, all of which involve problem solving and critical thinking. Challenges range in skill level, so even a beginner can get involved!
Common Challenge Types
Challenges provided during a CTF are generally broken up into several categories. Here are some of the common challenge types and how to approach each one!
Cryptography refers to the transformation of data in order to make it more secure. Some of the common forms of cryptography include:
- Encoding – a technique in which the algorithm used to transform the data can be reversed to reproduce the original data. Two common forms of encoding are caesar ciphers and substitution ciphers.
- Encryption – requires a “key” in order to return the encrypted data to its original form. There are many types of encryption, including XOR, DES, and AES.
- Hash – a one-way form of encrypting a piece of data. Common hash algorithms are SHA1, MD5, and CRC32.
- Base64 – data can be represented in binary, which is base2, our common numbering system, which is base10, and converted to the alphabet using ASCII. Other types of binary-to-text encoding include base16, base64, and more!
Converters for all of the encoding/encryption techniques above can be found with a simple search online!
Although you might not know it yet, there are quite a few developer tools that you can use with any website! Right click on the screen and select “Inspect” to see the source code for any web page, or use the shortcut CTRL + SHIFT + I. These tools can be really helpful when dealing with web-based challenges, especially the console, which often outprints status messages from the code.
Additionally, a “curl” request, which is used in the command line, is a great tool in order to bypass web post requests!
Steganography is a technique used to hide pieces of information in photos, videos, gifs, etc without disturbing the original file. Steganography challenges can range from easier challenges, where the text is visible in the image or gif, to more complex ones. A variety of steganography tools can be used to extract data, including Steghide and Stegsolve.
Forensics challenges can often include steganography but also touch on file format analysis (always be on the lookout for what type of file you have!), network packet captures, and more!
4. Binary Exploitation/PWN
Binary exploitation is a technique used to take advantage of a vulnerability in a program in order to exploit it. This technique often involves the “stack”, which is an area of RAM that stores function arguments and local variables. This generally involves using the program C to cause a “buffer overflow.”
Pwn challenges involve taking control of a server, often with netcat, shortened to “nc” when used in the command line. Netcat is a very helpful tool that is used to connect to servers before exploiting it and can be easily downloaded.
If you’re already really interested in cybersecurity and CTFs and want to get involved, here are some great places you can start!
- CTF Time is a CTF platform that hosts a variety of different events that you can look into!
- HSCTF is an annual CTF held in June. It is organized by high school students and also designed for high school students to participate.
- PicoCTF is a popular CTF that is also held annually.
- Designed to encourage girls to become more motivated in cybersecurity, girls go cyberstart is a great competition that spans a few months starting in January.
If all of this new information seems really overwhelming, don’t worry! There are lots of ways that you can simply learn more and practice before you jump into any kind of competing.
- Cyberstart Go is a series of free CTF-style challenges that you can try out right now! The session lasts for 60 minutes but can be retried over and over.
- This site has CTF challenges that are available year round! This is another great place to get a feel for what CTF challenges are like.
- Writeups are solutions to CTF challenges and are often posted after a CTF has ended. Writeups are also a great place to learn about challenges.
- PicoCTF also has challenges that you can try all year round!