Beginner's Guide

A CTF is a cybersecurity competition, where the goal is to score as many points as possible through challenges. Each challenge is in a certain category, which shows what skills will be tested for the challenge. Additionally, each challenge features a title and description, which you should read carefully: they often contain hints towards how the challenge can be solved.

Most challenges will contain some files, some connection information, or both. The connection info can be a website link, or some system command. You may find that these system commands aren't available for your system, in which case we recommend looking them up online to see how you can use them. For example, on Windows or macOS you can use ncat instead nc, which can be downloaded from nmap's website.

Here's a quick rundown of the various categories that you might see in a CTF:

• web: often involves hacking into a website or webserver, or any challenge related to websites in general
• crypto: a more mathematical category, involving cryptography and cryptanalysis
• rev: reverse engineering, the art of understanding programs by observing their behaviour or non-source code forms
• pwn: often referred to as binary exploitation, requires you to break binary executables
• forensics: exploring and understanding arbitrary files that are given to you, such as disk images or network packet captures
• ai: a more recent category about artificial intelligence, often involving large language models
• osint: open source intelligence, solved by using public sources of information to get closer to your goal, e.g. geolocating a picture

Typically, any challenge not fitting into these categories will be placed under the misc category, or miscellaneous. You can find a list of tools which can be used to approach these categories here.

If you are unsure what to begin with, try picking a category that you feel more comfortable with. If you have a more theoretical background, this could be crypto, or if you have done some website programming before you could try web. If you're still unsure, look for challenges that have less solves (and are worth less points), as this often means they're easier to solve.