What is Capture The Flag?

Capture The Flags, or CTFs, are a kind of computer security competition.

There's very little running in this kind of CTF

Teams of competitors (or just individuals) are pitted against each other in a test of computer security skill.
There are two kinds of CTF competitions. Jeopardy CTFs and Attack & Defense CTFs.

Jeopardy CTFs

CSAW CTF, a Jeopardy CTF, has some of the best collegiate hackers in the nation
Jeopardy CTFs are the most common kind of CTF.
They revolve around a set of challenges which are provided by competition organizers to competitors.
Competitors form teams and then work on the challenges together.
Each challenge is designed so that when the competitor solves it, a small piece of text or "flag" is revealed. The flag is then submitted to a website or scoring engine in exchange for points. The amount of points rewarded is typically relative to the perceived difficulty of the challenge.
Competitors usually receive about 72 hours (typically the course of a weekend) to solve as many challenges as possible.

Attack & Defense CTFs

DEFCON CTF Finals, an Attack & Defense CTF, is widely considered the world cup of hacking
Attack & Defense CTFs are a less common kind of CTF with more moving parts. They're rarely done for the general public because of their complexity.
In an A&D CTF, teams are each given the same set of vulnerable server software. Teams are to setup & audit this software before the competition. At the start of the competition, teams will connect their servers to an isolated network to join the CTF.
Within this network, teams will launch attacks against each others servers hoping to exploit the vulnerabilities they've found. Likewise, teams will need to properly patch their software so that it is protected against these exploits and functions normally.
Teams receive points for extracting flags, properly defending their flags, and keeping their servers operating normally.

Hundreds of CTFs happen every year and that number is only growing.

CTFs have been used since at least 1996 by hackers looking to test each others skill.

It's almost like hacker practice...but for the good guys

CTFs have excellent properties like promoting problem solving and team building. Not only that but CTFs can expose participants to completely foreign topics and technologies that they might never encounter in their day to day activities.
Most CTFs only run once a year. But there are also a lot of less competition focused CTFs (often called wargames) that run year-round. These sites are often used as practice for those looking to learn more about offensive security.
Some companies even use CTFs to recruit new employees!
* HackerFire is run by CTFd LLC
Capture The Flags are one of, if not THE best way to get started in security.

They can be a little hard.

You definitely won't be spoonfed.

You'll probably get stuck at some point.

But if you stick with it, you'll learn more about computers than you ever thought possible. There's no better way to learn something than to experience it for yourself.
And in the computer security world, Capture The Flag is the best way to learn by doing.

© Copyright CTFd LLC 2017 - 2024

Built with ❤️  in New York City