www.csnp.org Open in urlscan Pro
34.149.87.45  Public Scan

Form analysis
0 forms found in the DOM

Text Content

top of page
Skip to Main Content

Donate
Donate
Donate


 * About
   
   * Mission
   * Team
   * Board
   * Gallery

 * Programs
   
   * Events
   * Cyber Safety
   * Africa
   * DEI

 * Career
   
   * Break into Cybersecurity

 * Online Safety
   
   * Privacy
   * Parents
   * Seniors
   * Women
   * LGBTQ+
   * Protesters
   * Small Businesses

 * Resources
   
   * Join CSNP
   * Join Discord
   * Contact Us
   * Code of Conduct
   * Terms and Conditions

 * Blog

 * Support Us
   
   * Donate
   * Sponsor/Partner
   * Volunteer
   * Speak

 * More


Use tab to navigate through the menu items.

Donate
Join

 * CSNP
 * 
 * * May 23, 2022
   * 
   * 4 min read




CAPTURE THE FLAG FOR BEGINNERS

Updated: Jul 28, 2023







Author: Cate Garrett






You dream of being a cyber maven who is fluent in Python and always ready with
the latest Kali distro. Yet your current reality is full of projects, papers,
labs and sleepless nights with certification prep guides. How do you level up in
these digitized Hunger Games? Even the promise of a college degree and
certification badges added to your LinkedIn profile doesn't erase the anxiety.
You hate this feeling. No gamer likes being a noob. At best you feel like
"imposter imperceptible" - apparently, only truly aware of enough acronyms to
make it sound like you know what you're doing.



Guess what you do know what you're doing, and you are not alone. Everyone in
cybersecurity starts out this way, and imposter syndrome can still sneak up on
even the most experienced pros. If you want to get as good as the pros, then you
should do what we've all done - and no, it's not crying. Stop that. Getting
“real world” practice Nobody learns to play the piano by watching someone else.
You have to put your hands on the keys. It’s the same in cyber. Fortunately
there are many free tools that you can download to set up your own virtual lab.
Oracle Virtual Box and VMware Workstation Player cost nothing, but you need a
computer with at least a quad-core CPU and 16 GB of RAM to run it well.



The software allows you to create virtual machines from different operating
systems so you can practice. Most Linux distributions are free and many
Microsoft Windows operating systems have 180-day trial versions. For cyber
practice learning Linux is mandatory. Oh, there’s one more thing. Don’t waste
your time with the GUI. Focus on the command line in Linux and PowerShell in
Windows. From now on your “clicks” should be the sound of rapid keystrokes as
you type commands. Cyber Competitions Imagine a game where you actually win by
losing. Competitions introduce even the most dedicated cyber students to the
“f-word” - Frustration. Competitions cover a lot of different situations.
Problems progress from easy to hard and the clock is ticking. What you don’t
know becomes very obvious and that’s the point.



Cyber competitions are tests of skill. The goal is to help everyone figure out
what they know and what they don’t. Many cyber competitions also release write
ups of each activity after it ends. These write ups step you through the problem
and its solution, including identifying the tools that were used. Now you can go
back into your virtual lab and learn how to use the tools. What the Heck are
CTFs? Capture The Flag (CTF) is a cyber exercise where participants look for a
hidden clue or file, a.k.a. the flag, by using cybersecurity tools. They are
very common and no experience is necessary to play. The game gives you a taste
of real world cybersecurity with activities often designed by cyber pros.



You can find individual and team games in a variety of formats. In Red versus
Blue contests teams square off and either attack or defend a network.
Jeopardy-style challenges use the popular game show’s answer-question format.
Other CTFs focus on one or more skills such as cryptography, steganography, open
source intelligence, digital forensics, protocol analysis, penetration testing,
vulnerability testing, threat hunting, website exploitation and programming.



CTFs may be timed per task or timed per event. Some last a few hours and others
last until you solve all of the puzzles or decide to walk away. How to get
started? Cyber challenges require special tools and there are two Linux
distributions which are packed with them: Kali and Parrot Linux. Unfortunately,
Windows is more often a target machine in CTFs. What about Mac? Forget it.
Choose one or both distributions and create virtual machines. You will run these
machines during the competition. CTF activities are designed to be safe, but why
put your computer at risk? Plus your system’s anti-virus and anti-malware
programs will quickly eradicate many of the files you may need to work on during
the event. Your virtualization software can be configured to reach the Internet.
One word of warning - only do this for the competition. For all of your other
practices make sure your virtual machines run in a host-only network. Having an
internal network allows the virtual machines connected to it to communicate ONLY
within that network, and no other - meaning malicious files can’t communicate
with your host machine or your home network.



Turn on your virtual machine and log into your competition’s website. Then you
can use your Kali or Parrot tools to work through the problems. You will quickly
discover that you need more practice with the tools to really be effective.
Don’t let that bother you now. Knowing what you don’t know is the best outcome
if you’re new. You're in for it now - what next? "Wait a minute - am I sure I
know how to do any of this?" You’ll say those words to yourself a lot at first.
Unfortunately the word “competition” makes us want to win the game. Forget about
that for now. Just like the comedy show “Whose Line Is It Anyway?” the points
don’t matter. What does matter is learning about the different types of problems
and the tools used to solve them. Some CTFs offer practice gyms with guided
instructions. Running through these a couple of times will improve your skill
and your confidence.



A Few CTFs To Get You Started






Here are a few CTFs that you can try. These vary in difficulty, from beginner to
experienced. Review each to determine which to start with.



 * PicoCTF

 * Cyber Skyline

 * Hacker101 CTF

 * TryHackMe

 * GoogleCTF

 * Mitre Cyber Academy

 * National Cyber League

 * Major League Cyber

 * CyberStart

 * DEF CON CTF

 * SANS NetWars

 * HackTheBox



If you prefer a bit more detail, have a look at my GitHub.







Resources



 * Oracle Virtual Box

 * VMware Workstation Player

 * Kali Linux

 * Parrot Security

 * Linux Foundation

 * National Cyber League

 * Pentester Lab (website hacking)



























 * Diversity
 * •
 * Beginner

28,780 views4 comments
1 like. Post not marked as liked1



RECENT POSTS

See All

How to Become a Penetration Tester with Zero Experience In Five Steps

1531
Post not marked as liked

Empowering Narratives: A Young Black Woman pivots from TV Producer to
Cybersecurity Marketer

481
2 likes. Post not marked as liked2

Security-First Compliance for Small Businesses

591
Post not marked as liked



 * 
 * 
 * 
 * 
 * 
 * 
 * 
 * 

Copyright CSNP - CyberSecurity NonProfit

info@csnp.org

bottom of page