In light of the Holidays, Security Innovation has decided to open up their CTF platform for FREE until January 2nd!
CTF stands for Capture the Flag. A capture the flag contest is a special kind of cybersecurity competition designed to challenge its participants to solve computer security problems by hacking into or defending computer systems.
CMD+CTRL, which is the name of Security Innovation's CTF platform, is GREAT for beginners. They give you a vulnerable website and you have to figure out how to hack into it and find vulnerabilities. This can be intimidating, especially if you have never done one of these before. No need to stress though, CMD+CTRL has you covered! When you login for the first time this is what you will see on your dashboard.
Notice the "HINTS" and "GUIDES" options. If you are new, head to the Guides section.
Here you will find lots of awesome resources to help you get started! The Cheat Sheet is probably the best page to check out first. This section will walk you through some hacks that you might want to try in order to find vulnerabilities. At the bottom of the Cheat Sheet, there is also a list of other tools you can use when you are hacking.
The HINTS section can also be helpful, here you can trade points for hints that will tell you exactly where to find vulnerabilities on the site. Also, according to their website, they will be providing you with videos, tips and blog posts throughout the holidays to help you get ramped up quickly.
I obviously cannot share specifics with you otherwise that would defeat the purpose of the game. But, if you have some free time and want to try your hand at some hacking over the holidays I HIGHLY recommend trying this out! REGISTER HERE
Besides just being fun, I found that after I did this CTF I started approaching code a bit differently. Now when I look at a PR or write code, my first thought is, How could I hack this? What if I changed the form input here, would we reject it appropriately? Doing a CTF is a great way to get your feet wet when it comes to thinking and learning about application security.
I do not work for Security Innovation and I have not been encouraged in ANY way by them to write this post. I wrote this simply because of how awesome I think this CTF is for those who have never done one before. I learned a TON from it and I hope others can as well.