Skip to content

63 - What is CTF

Capture the flag (CTF) contest is a special kind of cybersecurity competition designed to challenge its participants to solve computer security problems and/or capture and defend computer systems. Typically, these competitions are team-based and attract a diverse range of participants, including students, enthusiasts, and professionals. A CTF competition may take a few short hours, an entire day, or even multiple days.

There are several variations on the capture the flag format. The most popular styles are jeopardy, attack-defense, and a mix of the two.

  • In a jeopardy CTF format, teams must complete as many cybersecurity challenges as they can from a given selection, testing their skills and knowledge on a diverse range of computer security categories in novel and creative ways. Typical tasks are related to networking, programming, applications, mobile, forensics, reverse engineering, and cryptography. For each challenge a team completes, a specific number of points is rewarded.
  • In an attack-defense CTF competition, teams must capture and defend vulnerable computer systems, typically hosted on virtual machines in an isolated network. To gain points, a team can maintain ownership of as many systems as possible while denying access to the other competing teams.
  • Finally, a mixed CTF is arguably the most challenging for participants. Combining jeopardy and attack-defense styles, successful teams must strategically divide their efforts and play to each of their member’s strengths by completing security challenges while simultaneously hacking into target vulnerable systems, maintaining access to these machines and defending them against their competitors.

Source: Security Intelligence: Behind the Scenes at a Capture the Flag (CTF) Competition

Usually these CTF contest areas are:

  • Forensics
  • Cryptography
  • Web Exploitation
  • Reverse Engineering
  • Binary Exploitation

If you are interested in CTF tasks, I recommend that you check out the pages Vulnhub.com and HTB - Hack The Box. Hack the Box is interesting because you have to first hack the invitation.