If you're new to participating in capture the flag (CTF) competitions, it can seem overwhelming! You may even find yourself looking at a challenge and wondering; How do I even begin? What kind of file is it? Wait! Wait! something is broken. Let this page serve as a calm place to get started. Trust us when we say each challenge works. Once a challenge is developed, it is audited by an audit team, and then once more by a review team prior to going live. So each challenge is solvable.
Each challenge can be solved using free and open source tools on any of the big three platforms; Windows, macOS, and Linux. In fact when creating the challenges, the development team tests it on all three platofrms before it is turned over to the audit team.
Great, but that still doesn't answer the question about what a CTF is! A CTF can be tons of different things, most often it is a question or series of questions of one or more topics. This CTF in particular encompasses topics consistent with digital forensics and incident response or DFIR for short.
CTF challenges often require the same mentality needed to solve a riddle or a puzzle. In this CTF specifically, we ask questions which may require the repair of a file header, using something like Base-64 to decode a BLOB, solve a crossword puzzle, or figuring out the cryptographic scheme to recover a password. Challenges have been modified to impede using automated tools for analysis.
If you have never seen a CTF before, this is a great introduction; and we invite you to check out a favorite CTF of the NW3C High-Tech Crime Section, the Flare-On Challenge hosted annually by FireEye.
We recommend the following tools to start your capture the flag tool kit:
Termninal Emulator
Terminal (Preview)
cmder
macOS and Linux default terminal emulators are superb
Text Editor
Notepad++
Sublime
SQLite Datase Utility
DB Browser for SQLite
Archiving Utility
7-Zip
Recursive Search and Inspection Tool
ftree
Windows Subsystem for Linux
Cryptii
CyberChef, what toolkit is complete without a swiss army knife?