๐Ÿ› ๏ธHands-On

First Flag

Christopher · 10:54 · 2024

careertechnical

Christopher delivers a beginner-friendly walkthrough of Capture The Flag competitions, covering different CTF styles, useful tools, and practical tips for getting started. He shares approachable advice on note-taking, using AI assistants, and finding CTF events that match your level.

Open on YouTube โ†—

What This Talk Covers

Christopher delivers a short, encouraging talk aimed at cybersecurity newcomers who want to validate their skills through Capture The Flag competitions. He breaks down the two main CTF styles - Jeopardy (question-and-answer based) and Attack/Defend (environment-based) - and shares his personal experiences from events like BSides San Antonio and the National Cyber League.

Key Insights

The most practical advice comes in the middle of the talk. Christopher emphasizes that taking notes during CTFs is something most people skip but is incredibly valuable. When you hit a challenge you cannot solve during the event, your notes let you learn from it afterward. Even better, similar challenges often reappear in future events, so your notes become a personal playbook.

He also covers essential tools: hashcat and John the Ripper for password cracking, Kaggle for data sets (useful when a challenge requires a list of Pokemon names or TV show titles), CyberChef for decoding base64 and encrypted payloads, and dcode.fr for identifying unknown cipher types. He makes the practical point that these are not just CTF tools - they transfer directly to real-world security work like analyzing phishing emails.

Who Should Watch

This talk is squarely aimed at beginners. If you have never done a CTF and feel intimidated by the idea, Christopher does a good job of lowering the barrier to entry. His advice to "just try and fail" and even to guess when running low on time is refreshingly practical.

Notable Moments

The bit about using ChatGPT as an assistant during CTFs is timely - he recommends it for remembering command syntax or identifying programming languages, but warns against using it for calculations like MD5 hashes. He also highlights the tangible rewards: challenge coins from SANS, cash prizes, job interviews, and resume-worthy achievements.

Where to Find CTFs

Christopher recommends the National Cyber League ($30 fee, twice a year, great range of difficulty), picoCTF, TryHackMe, CTF Time for event calendars, and the SANS Holiday Hack.