skip to content
HexPharoah Hexpharoah
Table of Contents

How I Got Into CTFs

My first CTF was a disaster. I stared at challenges for hours, solved maybe one, and felt completely lost. But something about it hooked me. The puzzle-solving, the adrenaline of capturing a flag, the feeling when something finally clicks. Now I play regularly with my team Binary Misfits, and I want to share what helped me get started.


What a CTF Actually Is

A Capture The Flag competition is basically a set of security puzzles. You solve them to find hidden strings (flags) that prove you cracked the challenge. The categories I have encountered:

  • Web exploitation
  • Reverse engineering
  • Cryptography
  • Forensics
  • Binary exploitation
  • OSINT (Open Source Intelligence)

Each solve earns points, and the team with the most points wins. Some CTFs run for 24-48 hours straight. Sleep becomes optional.


Why I Keep Playing

  • I learn faster here than anywhere else - real problems force me to figure things out under pressure
  • Teamwork - my team covers different areas, and I learned so much from watching them work
  • No legal risk - I get to break things legally, which is the whole point
  • It looks good - CTF experience on a resume gets noticed

Types I Have Played

  1. Jeopardy-style - Independent challenges, pick what you want to solve. This is what I started with.
  2. Attack-Defense - You defend your own server while attacking others. Much more intense.
  3. Mixed - Combination of both. My favorite format.

Commands That Saved Me

Linux Basics

I had to get comfortable with the terminal fast. These are the ones I use constantly:

Terminal window
# Search for a file
find / -name flag.txt 2>/dev/null
Terminal window
# Search for a keyword inside files
grep -R "flag" .
Terminal window
# Display running processes
ps aux

Networking & Recon

Terminal window
# Scan open ports - this is always my first move
nmap -sV 192.168.1.10
Terminal window
# Capture packets for analysis
tcpdump -i eth0 -w capture.pcap
Terminal window
# Pull URLs from a pcap
strings capture.pcap | grep "http"

File Analysis

Terminal window
# What kind of file is this?
file unknown.bin
Terminal window
# Extract readable strings
strings unknown.bin
Terminal window
# Check for hidden data in an image
binwalk image.png

Web Exploitation

Terminal window
# Send a request with custom headers
curl -H "User-Agent: admin" http://example.com
Terminal window
# Test for SQL injection
sqlmap -u "http://example.com/page?id=1" --batch

Resources That Helped Me

Where I Practice

  • PicoCTF - where I started. Beginner-friendly and well-structured.
  • CTFtime - I use this to find upcoming competitions.
  • HackTheBox - harder machines that pushed my skills.
  • TryHackMe - guided paths when I wanted to learn a specific topic.
  • OverTheWire - the Bandit wargame taught me Linux fundamentals.

Writeups I Learn From

Tools I Installed

  • CyberChef - my go-to for encoding, decoding, and data manipulation.
  • Burp Suite - essential for web challenges.
  • Binwalk - saved me in forensics challenges multiple times.
  • Kali Linux - has everything pre-installed.

Where I Started Learning


My Advice

Start with PicoCTF. Do not try to learn everything at once. Pick one category (I started with forensics), get decent at it, then expand. Read writeups after every competition even for challenges you solved - someone always has a cleaner approach.

And find a team. I would not be where I am without Binary Misfits pushing me.


Until Next -- Tata Bye Bye!!
jaswanth

Related Posts