CTF - How and Why to start?
Cyber Security, a domain which involves lots of learning and practicing. Whether you are an expert or a beginner in cyber security. Basically, The platform where every individual practice and improve their skills and learn new strategies in Cyber Security. The platform is CTF (Capture The Flag).
As it is mentioned in the image. Capture the Flag is a game. Where you will be given some challenges. These challenges are based on Real Time vulnerabilities that are actually present in the real world web applications. After Solving these challenges, we'll be given some points for each challenge. These challenges difficulty levels are based on Player's experience and knowledge about vulnerabilities.
Concept of Vulnerability:
Vulnerability is a weakness or flaw in the code or we can say a weak point in the code where attacker can take advantage to get the unauthorized access to the system or credentials which is a sensitive data. So, This term vulnerability is more often used by the security professionals to point out a weak code. So, CTF platforms are the best resource to learn about finding the weak points in the code.
Now, we've understood about CTF. Let's talk about why we need to play CTF. Well, If you are an expert ,probably you'll know why to play CTF. But, If you are a beginner, then, you should know why you need to play the CTF.
When i came into Cyber Security, I was illiterate. After sometime i came across some CTF platform named Hackthissite. Then i started completing challenges by reading write-ups and watching walkthrough videos in youtube. But today i can solve the challenges on my own and even i published my own write-ups on another platform challenges named CTFlearn. Well, why i'm telling this is just to understand how a CTF will help for beginners.
If you are a beginner who is reading this blog ,have to understand what a CTF can do in your career.
So, let's talk about some points here:
- Vulnerability: We already Know what a vulnerability is. But we need to learn how to find a vulnerability or we can say weak code in the application .Without knowing what kind of vulnerability. We can't hack into the system. For example, In web Application, we have OWASP TOP 10 vulnerabilities. First we need to know what they are and How they will present in the web Application.
- Way of approach: After we know what kind of vulnerability it might be. Then we need to find a way to Exploit the vulnerability. This is the most important part. By solving as CTF challenges you can, the more knowledge you get How to exploit a vulnerability. By Playing CTF's, You can experience different Vulnerabilities with different ways to exploit.
- New Strategies: Once you get started with the CTF and get familiar with it. You can observe the way your strategies will get improved. The way you look for vulnerabilities, the way you observe the working and behaviour of the application. These strategies will be improved only by practicing. So, CTF is the best platform to give such valuable things. Even these strategies can be used in real time penetration testing.
- Improves Practical Knowledge: When we study about some theoretical stuff, maybe we can't understand it in a detailed manner. But in CTF, While we are solving a challenge actually we'll go through the entire working and behaviour of each and every component. Starting from the code, networking, protocols, firewalls, etc. By playing these CTF, an individual can gain Practical Knowledge which we'll be helpful in career growth.
- Improves Confidence in CyberSecurity: When we solve a challenge. we'll get confidence that we can solve any challenge related to a particular concept. Exactly what we can gain here. When we solve some challenges in CTF, we'll get confident that we can conduct penetration testing in real time environments and can perform even better. So such confidence can be built by Playing CTF's.
- Simulated Realistic Environment for Hacking: Basically, as we discussed above. CTF includes real time vulnerabilities which are actually present in the live websites. So, This can also help in BUG Bounty. If you practice your skills and polish them, You can actually participate in Bug Bounty programs to get paid by reporting vulnerabilities. HackerOne provides invitations for private Bug Bounty programs if you solve their CTF challenges and submit the flags.
- Can help to clear interviews: Even CTF's can help you to get your interviews cleared.After getting familiar with CTF's you'll know how to find a vulnerability, how to exploit it, your own strategy and practical knowledge that you've gained while solving the CTF challenges can help to clear technical interviews in Cyber Security domain.
Career in Cyber Security by playing CTF:
Many companies like Google, TCS, etc.conduct CTF as their Recruitment process. By Solving those CTF's can get you a job in a company which can pay a decent wage. So, without any delay start your Cyber Security career by solving some CTF challenges
Some CTF Platforms For Beginners:
That's it. If you got familiar once. Don't forget to try HackTheBox, root0x0 Sql Injection challenges and XSS challenges.
Thank you....Keep Learning And Keep Growing...