Competetitions
Cybersecurity competitions are a great way to learn and practice your skills in a safe and legal environment. These competitions are normally organized by universities, companies, and CTF teams and have a range of challenges suiting different skill levels and interests. Named CTFs (Capture the Flag), each of the challenges in the competition has a mock realistic scenario and a flag that you need to find. The flag is usually a string of characters that you need to submit to the competition's website to get points. The team with the most points at the end of the competition wins.
CTFs (Jeopardy)
The most common category of CTFs is Jeopardy as these have the most variety of challenges and are the easiest to get started with. Jeopardy CTFs are usually split into categories and each category has a range of challenges. The challenges are usually worth different amounts of points and the team with the most points at the end of the competition wins. The categories are usually:
- Pwnable
- Reverse Engineering
- Web
- Crypto
- Misc
- Forensics
Good CTFs
- Aotearoa CTF - Aotearoa CTF is a New Zealand based CTF competition with a focus secondary and tertiary students. It is organised by us (Tūhura Tech) and is designed to be beginner friendly.
- NZCSC - The New Zealand Cyber Security Challenge is organised by the University of Waikato and is designed to be beginner friendly. It has a online Round 0 qualification round and a two in person rounds along with some talks at the University of Waikato.
- DUCTF - DownUnderCTF is a world-wide Capture The Flag (CTF) competition targeted at Australian secondary and tertiary students.
- PicoCTF - This is an international CTF competition for high school students. It is a great way to get started in CTFs and learn the basics of cybersecurity. The challenges are very beginner friendly and they have a range of resources on their website.
CTFs (Attack/Defense)
Attack/Defense CTFs are a bit more advanced and are usually only for teams with some experience in CTFs. In these CTFs, the teams are split into two groups, the attackers and the defenders. The attackers try to break into the defenders' servers and steal their flags while the defenders try to stop them. The team with the most flags at the end of the competition wins. These CTFs are normally in person however there are some online ones.
CTF Resources
This is a set of resources and tools that are often useful in CTFs and can help you get started. A lot of these tools are not CTF specific and can be used for other things as well.
Pwnable
Reverse Engineering
- Ghidra - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency (NSA).
- Binary Ninja - Binary Ninja is a multi-platform binary analysis tool. It has a nicer UI than Ghidra however is ot Open Source or free.
Web
- Burp Suite - Burp Suite is a web application security testing tool that allows you to intercept and manipulate HTTP and HTTPS requests.
- SQLMap - SQLMap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.
- OWASP Zap - OWASP ZAP is an open source web application security scanner that can be used to find vulnerabilities in web applications.
Crypto
- CyberChef - CyberChef is a web application that allows you to perform a range of different operations on data.
- dcode - dcode is a web application with a focus on cryptography. It has a range of different tools for different types of crypto challenges.
Misc
Forensics
- Ghidra - Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency (NSA).
- Binary Ninja - Binary Ninja is a multi-platform binary analysis tool.
- Binwalk - Binwalk is a tool for searching a given binary image for embedded files and executable code.