DEV Community

Cover image for Learn How to Hack, Capture the Flag for Beginners!
Molly Struve (she/her)
Molly Struve (she/her)

Posted on • Edited on

Learn How to Hack, Capture the Flag for Beginners!

In light of the Holidays, Security Innovation has decided to open up their CTF platform for FREE until January 2nd!

What is a CTF?

CTF stands for Capture the Flag. A capture the flag contest is a special kind of cybersecurity competition designed to challenge its participants to solve computer security problems by hacking into or defending computer systems.

What is so cool about Security Innovation's CTF?

CMD+CTRL, which is the name of Security Innovation's CTF platform, is GREAT for beginners. They give you a vulnerable website and you have to figure out how to hack into it and find vulnerabilities. This can be intimidating, especially if you have never done one of these before. No need to stress though, CMD+CTRL has you covered! When you login for the first time this is what you will see on your dashboard.

Notice the "HINTS" and "GUIDES" options. If you are new, head to the Guides section.

Here you will find lots of awesome resources to help you get started! The Cheat Sheet is probably the best page to check out first. This section will walk you through some hacks that you might want to try in order to find vulnerabilities. At the bottom of the Cheat Sheet, there is also a list of other tools you can use when you are hacking.

The HINTS section can also be helpful, here you can trade points for hints that will tell you exactly where to find vulnerabilities on the site. Also, according to their website, they will be providing you with videos, tips and blog posts throughout the holidays to help you get ramped up quickly.

I obviously cannot share specifics with you otherwise that would defeat the purpose of the game. But, if you have some free time and want to try your hand at some hacking over the holidays I HIGHLY recommend trying this out! REGISTER HERE

Benefits

Besides just being fun, I found that after I did this CTF I started approaching code a bit differently. Now when I look at a PR or write code, my first thought is, How could I hack this? What if I changed the form input here, would we reject it appropriately? Doing a CTF is a great way to get your feet wet when it comes to thinking and learning about application security.

I do not work for Security Innovation and I have not been encouraged in ANY way by them to write this post. I wrote this simply because of how awesome I think this CTF is for those who have never done one before. I learned a TON from it and I hope others can as well.

Top comments (3)

Collapse
 
phlash profile image
Phil Ashby

Thanks Molly! you have just reminded me of the excellent Over The Wire free hacking/security games: overthewire.org/wargames/

For something seasonal, and significantly more challenging, the annual SANS Holiday Hack is also very good: holidayhackchallenge.com/2018/

Collapse
 
ondrejs profile image
Ondrej • Edited

I would highly recommend hackthebox.eu. Lot of free VMs and other stuff suitable for both beginners and advanced infosec-oriented people.

Collapse
 
simonhaisz profile image
simonhaisz

+1 to all of this. CTFs are great in general and our security team used cmd+ctrl to setup a 2 day security training session where I work earlier this year.

DOMINATING