Breaking Into Capture-the-Flags


Don't be afraid, everyone was new once.


Just like doing anything you do the first time, your first capture the flag - or CTF - can seem pretty daunting. But a CTF is one of the best ways to get a feel for what cybersecurity is all about, and you get to meet the people in the community who are making it all happen!

Like puzzles? You’ll love CTFs.

Rubiks Cube

Even though we hear people talking about “winning” a CTF event at some conference or other doesn’t mean that’s the right way to think about it. Or perhaps it is - as long as you don’t buy into the “losing” part. Every time you get stuck, it’s an opportunity to learn something you don’t know, and that’s what information security is really all about! Instead of thinking about CTFs like competitions where someone wins and everyone else loses, think of them as a great way to see how the community comes together to learn and play. In this case, you really do win just by showing up!

Find your friends.

Still, it can be scary going into something you’ve never done before, especially when you walk in the room and all you see are people huddled over computers, maybe whispering to each other, but also, maybe not. Before you go to your first CTF, try to find out if anyone you know will be participating, and ask if you can join them. Often CTFs are hosted by local organizations, Meetups, or BSides conferences whose goals are to build the cyber community and make it accessible. They’re great opportunities to jump into the game. Don’t see anyone you know? Then sign up with some friends from your community!

Do some prep!

ESCALATE has designed its CTFs and challenges to mirror what you’ll see as an infosec professional. This might not always be the most beginner friendly, but there are plenty of resources to get you started. Hands down some of the best things to get yourself familiar with CTFs is to read write-ups that are provided after the fact. Square (yes, the startup that makes little credit card scanning devices that plug into phones and tablets) runs CTFs put together by their engineers; they leave up past years’ challenges and the write-ups so that you can play around in the puzzles yourself and then read how the pros approached it if you get stuck. CTFTime.org also has multiple write-ups for the same CTFs, so you can see how different people approach the same problem. Some people, like Alice, actually stream themselves doing CTFs on Twitch, with the specific intent of helping walk newcomers through the process.

Everyone did their first CTF at one point or another. They can be a bit scary, but the more you do them, the more you’ll see: they’re really just another great way to have fun and be part of the growing InfoSec Family!