Today I’m officially opening a new category on my site: Capture The Flag – or CTF for short.
If you’re into security, you probably know what a CTF is. If not, you may have heard of them from paintball and other similar competitions, or from team-based computer games. In those cases, the goal is typically to win or score points by reaching (“capturing”) a flag; possibly by stealing it from an opposing team.
In the context of cyber security, a “flag” will typically be a token in the form of a text string. The goal then is to find a way to circumvent some security system in order to find and gain access to one or more such tokens. For each new level in a CTF game, there will be new security barriers to overcome and new tokens to find.
A typical token in a security CTF game may look like this:
This particular flag is taken from the CTF game at hacker101.com, which is affiliated with the bug bounty program at hackerone.com. Once you’ve found a token, you copy it into a form and submit it in exchange for points
There are countless free CTF-games available, some of them permanent, others limited to a specific time. Until now, I’ve not partaken in more than a handful of beginner-level games, but I’m hoping to do more of this going forward, and that’s what this category will be about. Nothing advanced; just a simple log of my games, including some hints about solutions I’ve found, and perhaps a few thoughts around them.
For the moment, I’m keeping the posts under this category private, until I see how it works out, and how much I end up using it. If and when I decide my posts have enough quality and value to be worth sharing, you’ll find them here.