Placement Name Date Team Weight Writeups CTFtime
01 of 435 🥇 🐱 BYUCTF 2022 05/29/2022 Project Sekai 42.74 click here! click here!
02 of 436 🥈 🦅 PatriotCTF 04/29/2022 View Source 34.71 n/a click here!
03 of 758 🥉 👥 CrewCTF 2022 04/15/2022 Project Sekai 25.13 n/a click here!
06 of 3273 🏴 NahamCon 2022 04/28/2022 Project Sekai 25.38 n/a click here!
07 of ~55 💾 TSA CTF 2021 06/01/2021 VHTPA n/a n/a n/a
36 of 778 🌌 Space Heroes 04/01/2022 WhileSEC n/a click here! click here!
86 of 1329 * 🚩 picoCTF 2022 03/15/2022 NLE CHAKRA n/a click here! click here!

What is a CTF?

In cybersecurity, capture-the-flag competitions (CTFs) are a typically team-based activity in which players will partake in various challenges to accrue points and secure positions on a leaderboard. There are two signature types of CTFs:

  • Jeopardy: Competition organizers design challenges in several distinct categories: web exploitation, forensics, reverse engineering, binary exploitation, cryptography, etc. Challenges - typically in the format of a file or website - are solved by discovering a text-based “flag” planted within them, in the format flag{th15_i5_a_f1ag}. (This is the type I participate in!)
  • Attack-Defense: Teams are given a remote service, device, or host to protect whilst an enemy team attempts to exploit its processes to gain access.

What do these categories entail?

🔨 pwn (Binary exploitation):
These challenges involve exploiting Linux executables hosted on servers to obtain flags, often through deprecated/vulnerable C-language functions that the program uses. Requires an understanding of assembly code, the stack data structure, and exploit-writing (via Python and pwntools).

👩‍💻 crypto (Cryptography):
These challenges consist of identifying and decoding provided ciphertexts, often in both old/obscure encryption methods (i.e. Vigenere, Pigpen, Caesar) and more contemporary ones (RSA), Diffie-Hellman, and XOR cryptosystems).

🔍 forensics:
These challenges involve analysis of files — often packet captures, images (steganography), operating system captures, audio snippets. Files can occasionally be partially/fully corrupt, or obfuscated in an seemingly unrecoverable manner.

🔃 rev (Reverse engineering):
These challenges involve attempting to reverse engineer a compiled program to identify and exploit its vulnerabilities. Similar to "pwn", this category requires knowledge of the C programming language, assembly code, and various open-source software to analyze/decompile the provided executables (i.e. Ghidra, Binary Ninja, IDA)

🌐 web (Web exploitation):
These challenges involve finding secrets and/or exploiting vulnerabilities in a website/web application. This can range from basic SQL/command injection to crazy Chrome 0-days.

🧠 osint (Open-source intelligence):
These challenges often utilizing the internet's resources against small snippets of information (i.e. pictures, social media, screenshots, email) to gain sensitive information about the topic. There is a small subset of this category dubbed "GEOSINT", where geographic coordinates must be acquired from metadata-stripped images.

What team do play with?

I mainly play with Project Sekai, but I (think) I’m free to join teams in competitions they’re not playing in. Feel free to DM to confirm!

I want to start, but I don’t know where?

Although the field may seem extremely overwhelming and difficult to get into, there are a seemingly endless amount of resources available on the internet to get you up to spec with prerequisite knowledge:

  • picoCTF: A CTF run by Carnegie Mellon University, providing handy learning guides for each CTF category, “Primer” documentation, and the picoGym, which contains every challenge from its previous annual competitions.
  • CTF101: Extremely handy documentation/wiki for common CTF practices and challenges per-category.
  • OverTheWire: A “wargame” year-round CTF with hundreds of level-based challenges to help practice security concepts.
  • CTFTime: Serves as a “hub” for the global CTF community, with information regarding upcoming competitions, leaderboards, writeups (how-to-solve walkthroughs), and more!

*split division

Free counters!