What is a ctf ?
A CTF, short for "Capture The Flag", is a competition that tests your computer/cybersecurity skills by team.
There are several categories such as :
-
Web Security
The Web Security category often features custom developed web applications which include some web security flaw which must be identified and exploited.
-
Cryptography
The Cryptography category often features ciphertexts, cryptographic algorithms, or cryptographic systems which involve several
encryption and decryption protocols used to uncover hidden messages or vulnerabilities. -
Networking
The Networking category often features packet captures (PCAPs) which must be analyzed for information about an underlying surface.
-
Forensics
The Forensics category often features memory dumps, hidden files, or encrypted data which must be analyzed for information about underlying information.
-
Reverse Engineering
The Reverse Engineering category often features programs from all operating systems which must be reverse engineered to determine how the program operates.
-
OSINT
The OSINT category often features information which must be gathered from public sources to uncover hidden information.
-
Steganography
The Steganography category often features images or files which have hidden information which must be uncovered.
With the high school we participated in two CTF.
The "Nobrackets CTF" (organized by ENSIBS) and the "Passe Ton Hack
d'Abord" co-organized by the Cyber Defense Command.
If you're new to CTFs, here are some steps to get you started:
- Learn the Basics: Start with basic cybersecurity concepts and tools.
- Join a Community: Join online forums and communities to learn from others.
- Practice: Participate in beginner-friendly CTFs and practice challenges.
- Study Write-ups: Read write-ups from past CTFs to understand different approaches.
- Build a Team: Collaborate with others to tackle more complex challenges.
Popular CTF Platforms
- CTFtime - A platform that tracks CTF events and rankings.
- Hack The Box - A platform to practice penetration testing skills.
- Root Me - A platform with various cybersecurity challenges.
- TryHackMe - A platform to learn cybersecurity.
For example, we have a little challenge on our website. To find the flag follow the steps below and have fun:
- 1 : In normal times it would be best to go first look in the source code, although we have hidden it here so that it is not too simple,
-
2 :Go in a preemier time on the page "/robots.txt" .
A "/robots.txt" file tells search engine robots which pages
or files they can or cannot request from your site - 3 : You see here a page "/secret". We conclude that it must be used. And time to give that we are looking for a flag, let’s try: "/secret/flag/"
- 4 : Bingo, a page asks us to decode a string! This string strangely resembles "base 64". What if we decode it?
-
5 :
Now that the string is decoded with this
base64decode.org, let’s
go back to get the flag.
Good play, you found the flag! Now more than to continue... -
