0x03: CTF 101 Part II – February 2019
Founder of Shad0w Synd1cate
Welcome to Part II of II for the CTF 101 blog series! In part I we discussed what a cyber CTF is, why you should get involved, and ended with discussing some of the different categories that you can expect to see in a Cyber CTF. Let’s pick up where we left off, outlining the remaining categories that you can expect to see.
Note: You can download the PowerPoint slide deck as well as the lab worksheet we made for this topic from the links to the left including the VM that you will need to complete the lab.
Offensive involves the proactive attempts to hack a system via a vulnerability that can be exploited. This tends to be the more “sexier” or sought out after part of cybersecurity. This is the cool stuff you see in movies and TV shows. In some CTFs, you will have a set of systems that are connected to a LAN (which you must either VPN into or be physically there) that you must actively attempt to exploit and gain full administrative access on. There are also other events that actually require you to attack other CTF participants’ systems! The offensive side of the house can be extremely fun, but it is something that can become very difficult or require a lot of
– Metasploit: Metasploit is by far the most popular and most used offensive/penetration testing platform available. Metasploit provides a wide variety of community developed modules that can be used to exploit vulnerable systems. This is going to be one of your best friends when partaking in offensive challenges. Metasploit is ever growing, containing thousands of modules that can be used. To include, they recently released version 5.0 including new features such as evasion capabilities! More information regarding Metasploit can be found here: https://github.com/rapid7/metasploit-framework/wiki/Metasploit-5.0-Release-Notes
-SQLMap: This tool allows you to automate the process of detecting and exploiting SQL injection vulnerabilities. It really makes this super simple requiring you to have little to no experience with SQL or other database syntax. It currently supports MySQL, Oracle, PostgreSQL, Microsoft SQL Server, Microsoft Access, IBM DB2, SQLite, Firebird, Sybase, SAP MaxDB, Informix, HSQLDB and H2 database management systems. More information regarding SQLMap can be found here: http://sqlmap.org/
-Wfuzz: Wfuzz is an amazing tool that can be used to
What is an offensive category without a defensive one? You probably already guessed it, but defensive is the exact opposite of what the offensive category is (duh captain obvious!). When partaking in a defensive CTF, this usually entails of people attempting to attack your system and your duty is to keep the system patched, secured, and operational to prevent it from getting compromised or taken offline. This involves
-Linux Administration: When it comes to Linux defense, you really need to have a general understanding of the Linux OS including how it can be properly administered. You will want to be familiar with the different variants of Linux, whether it is Debian based,
-Windows Administration: The same concept goes for Windows systems. You will want a general understanding of a Windows system and how to properly manage them. Ensuring the system is up to date using the built-in Windows update tool. You will want to make sure you are disabling all unused ports and remove unnecessary applications.
-Communication/Leadership: Depending on the event, you may be placed on a team in which you will all need to work together to protect and defend your systems/network. It is vital to make sure you have great communication and it is also helpful to pick a team leader that you can use to help delegate tasks and keep people accountable!
Believe it or not, scripting can be another type of category when partaking in a Cyber CTF. There have been many times that I have run into challenges that were just not feasible for
-Bash: Bash is the native default login shell for Linux and macOS systems! Getting some experience with bash can drastically help out with speed and efficiency when dealing with a Unix based system.
-Python: Python is one of the more popular high-level programming languages. A majority of the Kali Linux tools are actually developed using Python. There
-PHP: PHP is a general-purpose scripting language suited for web development. This may come in handy when dealing with an offensive CTF that entails of web application exploitation.
Reverse Engineering is the art of deconstructing software in order to reveal its underlying design to better understand how it functions as well as search and
-OllyDBG: OllyDBG is an extremely popular x86 debugger for Windows. It has a GUI that you can use to easily parse through binaries and their assembly code. The best part is, it’s free! More information regarding OllyDBG can be found here: http://www.ollydbg.de/
-IDA: IDA stands for Interactive DisAssembler, and it is the creme de la creme of reverse engineering tools. It has a very beautiful looking GUI that you can use to easily review the assembly of a binary. IDA allows you to interactively change the displayed data and has support for tons of file formats. The only downside to IDA is that it costs over $1100 for a professional license which allows for the support of more processors as well as
This concludes the outline of the different types of categories you can expect to see while partaking in CTFs. Just note, this is not a full list since every event varies and you may see completely different categories in play!
Now that we went over all this information regarding CTFs, let’s list some useful resources that you can use to learn more and practice your cyber skills!
-OverTheWire: This is a great website that you can use to practice your Linux skills and learn while doing it. It gives you a little taste of what to expect in a CTF, and has different levels that progressively get more difficult. You can learn more about this site by going
-Hack The Box: This is the current hotness right now when it comes to offensive practicing. Hack the Box is an awesome site that allows you to connect to a network via VPN which holds vulnerable systems that you need to exploit and gain access to. In order to register to be a part of hack the box, you have to hack the registration page! (How cool?!) For more information regarding Hack The Box, go to https://www.hackthebox.eu/
Note: When you are connected to their network via VPN, you are on a LAN with other real-world people that can also attack your system. It is highly recommended that you use an isolated virtual machine when doing this.
-CTF Time: This is a great site that contains a listing of hundreds of upcoming CTF events. You can use this to stay up to date on the latest events and find ones that interest you. Depending on the events you actually play in, if you rank high enough you will receive CTF Time points in which you get placed on a leader board! For more information regarding CTF Time, go to https://ctftime.org
-CTF101: This is an awesome site that complements the information provided in these two blog posts. It goes over CTF101 concepts making it another great resource to add to the bag! For more information regarding CTF Time, go to https://ctf101.org
That concludes our CTF 101 blog series! We hoped you enjoyed it and learned something new along the way. If you have any questions feel free to reach out to us. You can also reach out to me directly via twitter @_Unkn0wn1 or on