Hi everyone !
Many people asked me to write a little post on how to get started into CTF’s, so here it is !
1°) The equipment
We don’t make omelettes without breaking eggs, but to do so, we need some eggs!
Yup! the equipment is pretty important. In fact for Capture The Flags, there’s no need of a performance beast. For example, when I started, I remember this old Nec m320 dating back to 2003 and weighing at least 5 kg and even it wasn’t a luxury, I still have great memories with.
In short, it’s not necessary at all to invest into gamers PC at € 2,000 each, only for CTF’s’s. We can recycle an old computer to begin with.
On the other hand what is AB-SO-LU-TE-LY needed is an adequate operating system. No more Windows 10 or even Mac OS X! What you need is a Linux one 🐧
There is indeed a good panel of Linux distributions specialized in computer security but my little personal top list remains the following:
- Kali Linux (formerly Backtrack, user friendly)
- Archstrike (not for beginners ⚠️)
- Back Box (based on Ubuntu)
- Parrot OS (a fork of Kali Linux)
It is quite important that you forge your own opinion later. But to begin with, the overwhelming majority will chose Kali Linux. It’s pretty stable distribution, based on Debian and in addition the community is consequent. Which means that most compatibility issues concerning, as instance drivers, may have already an online workaround, that’s pretty cool especially when you are a beginner 🤠.
2°) Where to find CTF’s images?
A CTF is primarily a disk image file… but not that only. Indeed, in my previous article, I dealed with a site ( Vulnhub ) which provides a large choice of image files to be download. These images can easily be mounted locally on a virtual machine (Virtual Box or KVM).
But it may be a real headache for a beginner. That’s why other sites exist:
We can mention Root-Me , which is a French multilingual association aiming to promote knowledge about piracy and information security. The platform provides all well done challenges in various categories (Network, programming, Web, steganography, foresics, etc …) in addition to a CTF section where several slots are available to the community with a wide choice of images. To be an active member and supporting the association I must admit, this is a nice project.
For those who prefer a EU-wide community, Hack The Box is also a good address. The plateform is specialized in CTF’s. The images are handmade exclusively by comunity members. Just as Root-Me there is zero configuration to deal with, everything is online. Only a VPN must be configured but everything is well explained on the site.
I think I went around for the best sites where you can enjoy tasty CTF’s, if you know other sites, I would be more than happy to add them to the list !
3°) Go, go, Power Rangers !
Now: we have everything we need, it’s time to have fun until the Defcon or any other local cybersecurity event. For example, for me it’s La Nuit Du Hack ! (or newly “Le hack”) in France.
Voilà ! I hope you enjoyed this post, don’t hesitate to make your own idea and comment. We don’t change good habits, if you found this post useful, spread it ! I’ll see you soon for a new article!
Until then, stay a cool hacker and eat some watermelon because watermelon are so cool !!