Capture the Flag (CTF) Basics for Freshers

An Introduction to Cybersecurity Competitions

Presented By

Devashish Chourey

EY(Govt & Public Sector) | Ex-CID (Cyber Cell) | MBA (Cybersecurity Management) |

MTech (Cybersecurity Engineering) BE (CSE) | CC | CEH | DISA (IT Audit) | Army School Alumnus

Aditya Banyal

Grant Thornton Indus | Ex-CID (Cyber Cell) | MBA (Cybersecurity Management) |

BSc (Forensic Science) | CC | CEH

 What is Capture the Flag (CTF)?
An interactive and engaging way to learn and practice cybersecurity skills.

A Cybersecurity Competition Solving Challenges for "Flags"

CTF is a type of cybersecurity competition or game, Participants solve various cybersecurity puzzles and
designed to test and improve technical skills. challenges to discover hidden pieces of information,
referred to as "flags."

Point-Based System Individual or Team Play

Each "flag" successfully captured awards a certain CTF events can be played solo or, more commonly, as part
number of points, contributing to a team's or individual's of a team, fostering collaboration and diverse skill
overall score. application.
 Why Participate in CTFs?
Unlocking Your Cybersecurity Potential

Hands-On Learning Real-World Experience Skill Development

Gain practical experience in Simulate real-world attack and Enhance critical thinking,
various cybersecurity domains, defense scenarios, building analytical skills, and
from web exploitation to crucial skills in a safe collaboration by tackling
forensics. environment. complex challenges.

Career Advancement Community &

Networking
Make your resume stand out and
open doors to internships and job Connect with fellow enthusiasts,
opportunities in cybersecurity. mentors, and professionals in the
vibrant cybersecurity community.
 Common CTF Challenge Categories
Explore the diverse challenges you'll encounter in Capture the Flag competitions.

Cryptography Steganography Web Exploitation

Deciphering encoded messages, cracking Uncovering hidden data or messages Identifying and exploiting vulnerabilities in
encryption, and understanding concealed within other media, like images web applications to gain unauthorized
cryptographic protocols. or audio files. access or data.

Reverse Engineering Forensics Pwn/Exploitation

Analyzing compiled programs or binaries Investigating digital evidence to Developing and executing exploits against
to understand their functionality, logic, or reconstruct events, recover deleted files, vulnerable systems or software to
discover hidden secrets. or identify malicious activity. achieve control.

OSINT
Using publicly available information to gather intelligence and solve challenges.
 Essential CTF Tools
Equip yourself with the right instruments for success.

Linux Basics Wireshark File Utilities

Master command-line navigation and Analyze network traffic to uncover Tools like `strings`, `binwalk`, and
file permissions, fundamental for CTF hidden data in network and forensic `exiftool` are key for extracting
environments. challenges. embedded data.

Scripting Web Proxies Disassemblers

Python and Bash are invaluable for Utilize Burp Suite or OWASP ZAP for IDA Free or Ghidra are essential for
automating tasks and crafting finding and exploiting web application analyzing and understanding
custom exploits. vulnerabilities. compiled binaries.
 Specialized CTF Forensic Tools
Dive deeper into digital evidence with these essential forensic utilities.

Autopsy & Sleuth Kit (TSK) FTK Imager

Comprehensive open-source tools for in-depth disk analysis, file system examination, and data Create forensic images of disks and partitions, collect volatile memory, and preview data for
recovery. Autopsy provides a GUI for TSK. rapid assessment without altering evidence.

EnCase & Magnet AXIOM Volatility Framework

Industry-leading commercial suites offering robust capabilities for data acquisition, analysis, An advanced open-source tool for memory forensics, extracting artifacts from RAM dumps like
and reporting across various devices. processes, network connections, and hidden malware.

X-Ways Forensics Wireshark

A powerful, high-performance forensic analysis tool known for its efficiency in handling large A free and open-source packet analyzer used for network troubleshooting, analysis, software
datasets and complex investigations. and communications protocol development, and education.

Bulk Extractor ExifTool

Scans raw disk images, files, and directories to extract specific features like email addresses, A command-line tool for reading, writing, and editing metadata in a wide variety of files,
credit card numbers, and URLs without parsing the file system. especially useful for images, audio, and video.
 Tips for Freshers
Your Roadmap to CTF Success

Start Small, Build Strong Master the Search Document Everything

Begin with accessible categories like Google (or your preferred search engine) Keep detailed notes of your steps, tools
Cryptography, OSINT, or Web Exploitation. is your best friend. Learn advanced search used, and thought process. Writing a
These often have lower entry barriers and operators, common error messages, and 'writeup' helps solidify your understanding
provide quick wins to boost confidence. how to find relevant documentation or and serves as a valuable future reference.
past CTF writeups.

Collaborate and Learn Embrace the Learning Journey

Join a team or seek guidance from experienced players. Your primary goal should be skill development, not just capturing
Collaboration accelerates learning, exposes you to diverse flags. Every challenge, whether solved or not, offers valuable
perspectives, and makes the experience more enjoyable. lessons. Persistence is key.
 Conclusion: Your Cybersecurity Journey
CTFs are more than just games; they are a powerful launchpad into the world of cybersecurity.

• CTFs are a unique blend of fun, hands-on learning, and a significant boost to your career growth.
• They serve as an excellent entry point for anyone looking to step into the dynamic field of cybersecurity.
• Consistent practice and active participation are crucial for mastering skills and staying ahead in this evolving domain.

“The more you play, the more you learn.”

Any Questions?
Let's discuss and explore further.