[+] Getting Started with CTFs
/ 3 min read
Table of Contents
How I Got Into CTFs
My first CTF was a disaster. I stared at challenges for hours, solved maybe one, and felt completely lost. But something about it hooked me. The puzzle-solving, the adrenaline of capturing a flag, the feeling when something finally clicks. Now I play regularly with my team Binary Misfits, and I want to share what helped me get started.
What a CTF Actually Is
A Capture The Flag competition is basically a set of security puzzles. You solve them to find hidden strings (flags) that prove you cracked the challenge. The categories I have encountered:
- Web exploitation
- Reverse engineering
- Cryptography
- Forensics
- Binary exploitation
- OSINT (Open Source Intelligence)
Each solve earns points, and the team with the most points wins. Some CTFs run for 24-48 hours straight. Sleep becomes optional.
Why I Keep Playing
- I learn faster here than anywhere else - real problems force me to figure things out under pressure
- Teamwork - my team covers different areas, and I learned so much from watching them work
- No legal risk - I get to break things legally, which is the whole point
- It looks good - CTF experience on a resume gets noticed
Types I Have Played
- Jeopardy-style - Independent challenges, pick what you want to solve. This is what I started with.
- Attack-Defense - You defend your own server while attacking others. Much more intense.
- Mixed - Combination of both. My favorite format.
Commands That Saved Me
Linux Basics
I had to get comfortable with the terminal fast. These are the ones I use constantly:
# Search for a filefind / -name flag.txt 2>/dev/null# Search for a keyword inside filesgrep -R "flag" .# Display running processesps auxNetworking & Recon
# Scan open ports - this is always my first movenmap -sV 192.168.1.10# Capture packets for analysistcpdump -i eth0 -w capture.pcap# Pull URLs from a pcapstrings capture.pcap | grep "http"File Analysis
# What kind of file is this?file unknown.bin# Extract readable stringsstrings unknown.bin# Check for hidden data in an imagebinwalk image.pngWeb Exploitation
# Send a request with custom headerscurl -H "User-Agent: admin" http://example.com# Test for SQL injectionsqlmap -u "http://example.com/page?id=1" --batchResources That Helped Me
Where I Practice
- PicoCTF - where I started. Beginner-friendly and well-structured.
- CTFtime - I use this to find upcoming competitions.
- HackTheBox - harder machines that pushed my skills.
- TryHackMe - guided paths when I wanted to learn a specific topic.
- OverTheWire - the Bandit wargame taught me Linux fundamentals.
Writeups I Learn From
- CTF Writeups Archive - after every CTF I read how others solved what I could not.
- ippsec’s YouTube - his HackTheBox walkthroughs are incredibly detailed.
- LiveOverflow - great for binary exploitation concepts.
Tools I Installed
- CyberChef - my go-to for encoding, decoding, and data manipulation.
- Burp Suite - essential for web challenges.
- Binwalk - saved me in forensics challenges multiple times.
- Kali Linux - has everything pre-installed.
Where I Started Learning
- PicoGym - permanent practice problems I can revisit anytime.
- Cryptohack - this is how I learned crypto challenges.
- Reverse Engineering for Beginners - free book that gave me my RE foundation.
My Advice
Start with PicoCTF. Do not try to learn everything at once. Pick one category (I started with forensics), get decent at it, then expand. Read writeups after every competition even for challenges you solved - someone always has a cleaner approach.
And find a team. I would not be where I am without Binary Misfits pushing me.