CTF (Capture The Flag)

Beklenmeyen Misafir

International Team Moderator
12 Ara 2021
131
120
Derya'ya Yakın Dünya'dan Uzak
What is CTF?



CTF (Capture the flag) is a competition in the field of cyber security that requires hands-on experience. The main purpose of these competitions is to ensure that people with knowledge about hacking put this knowledge into practice and to test themselves, and to prove how knowledgeable and intelligent they are. Ctf competitions are usually held online with cloud-based systems, and the finalists usually win in a venue. Generally, participation in these competitions is in groups of 8 or 4, and those who want to participate can attend alone. CTF competitions usually have money prizes, these prizes may be too many or standard. In some CTFs, 80,000 TL is given to the 1st team, while in another CTF half, 5,000 prizes can be given, which varies according to the quality and possibilities of the CTF. Ctftime usually organizes ctf competitions every week, but since these competitions are generally in the style of jeopardy, newcomers may be helpless in the face of questions. My advice to newbies is tryhackme, hackerone, etc. In ctfs with ctf levels, they will have to practice themselves, starting from the easy level. CTF competitions are usually held within the framework of Hacking conferences, they compete as a team, either Locally or remotely, it is an advantage to have people who are experts in different subjects in your team, because you will have a more professional talent-oriented team, and this will increase the work sharing within the team, because everyone tends to the category they are good at.While preparing for the CTF competitions, you can solve the ctf questions in the past and search for them. For example, if there is a competition made by company x and company x organized a competition last night, these questions can be looked at. You must be an expert.


2 farklı CTF müsabakası türü vardır:



1)Jeopardy

2) Attack /Defense


1-) JEOPARDY CTF
This type tries to catch the flags step by step by answering the security questions posed correctly. The difficulty levels and scores of the questions are different from each other. You cannot move on to another question without answering a question.

2-) ATTACK / DEFENSE
In this type, one team defends while the other team attacks. While trying to close the vulnerabilities in the system presented to the groups, the competitors try to find the vulnerabilities. So there is a mutual struggle.
CTF Question types are usually;
- Web
- Mobile
- Crypto (Kriptografi)
- Forensics
- Network
- Exploiting
- Reversing
- Steganography(Information Hiding)
- Binary analysis
- Mobile
comes up with categories.


What is usually covered in Information Gathering


- Port scanning and IPS bypass
- Network analysis and network attacks
- Infiltrating wireless networks, WPA/WPA-2 cracking
- Package analysis
- TCP/IP level attacks
- Brute force, Password attacks, wordlists
- DNS attacks
- Exploit development and use
- Vulnerability Discovery
- Bypass systems such as firewall, IDS, IPS, WAF
- It is the development of toolkits needed in the process.

CTF PLATFORMS

Hackthebox https://www.hackthebox.com/

Tryhackme https://tryhackme.com/paths

vulnhub https://www.vulnhub.com/

ctf101 https://ctf101.org/

pwnlab https://pwnable.xyz/challenges/

ctftime https://ctftime.org/

backdoor https://backdoor.sdslabs.co/challenges/2013-BIN-50

Crackmes https://crackmes.one/

hackthissite https://www.hackthissite.org/

hacking lab https://hacking-lab.com/

io http://io.netgarage.org/

microcorruption https://microcorruption.com/login

Over The Wire https://overthewire.org/wargames/

xss game https://xss-game.appspot.com/

hacker101 https://ctf.hacker101.com/

google ctf https://capturetheflag.withgoogle.com/

ctf viblo https://ctf.viblo.asia/landing

reversing http://reversing.kr/

pwn challenge http://pwn.eonew.cn/

MysteryTwister! https://mysterytwister.org/home/welcome/

defend the web https://defendtheweb.net/

ctfd https://ctfd.io/

cyber talents https://cybertalents.com/

cyberskyline https://cyberskyline.com/

priviahub https://priviahub.com/

kontra https://application.security/

rootme https://www.root-me.org/?lang=en

webhacking https://webhacking.kr/chall.php

root the box https://root-the-box.com/

attack defense Attack-Defense Online Lab

pentesterlab PentesterLab: Learn Web Penetration Testing: The Right Way




Original Subject::
 

who.rdl

Katılımcı Üye
17 Nis 2022
391
227
@MuammerCan Kader ortağım.
What is CTF?



CTF (Capture the flag) is a competition in the field of cyber security that requires hands-on experience. The main purpose of these competitions is to ensure that people with knowledge about hacking put this knowledge into practice and to test themselves, and to prove how knowledgeable and intelligent they are. Ctf competitions are usually held online with cloud-based systems, and the finalists usually win in a venue. Generally, participation in these competitions is in groups of 8 or 4, and those who want to participate can attend alone. CTF competitions usually have money prizes, these prizes may be too many or standard. In some CTFs, 80,000 TL is given to the 1st team, while in another CTF half, 5,000 prizes can be given, which varies according to the quality and possibilities of the CTF. Ctftime usually organizes ctf competitions every week, but since these competitions are generally in the style of jeopardy, newcomers may be helpless in the face of questions. My advice to newbies is tryhackme, hackerone, etc. In ctfs with ctf levels, they will have to practice themselves, starting from the easy level. CTF competitions are usually held within the framework of Hacking conferences, they compete as a team, either Locally or remotely, it is an advantage to have people who are experts in different subjects in your team, because you will have a more professional talent-oriented team, and this will increase the work sharing within the team, because everyone tends to the category they are good at.While preparing for the CTF competitions, you can solve the ctf questions in the past and search for them. For example, if there is a competition made by company x and company x organized a competition last night, these questions can be looked at. You must be an expert.


2 farklı CTF müsabakası türü vardır:


1)Jeopardy

2) Attack /Defense


1-) JEOPARDY CTF
This type tries to catch the flags step by step by answering the security questions posed correctly. The difficulty levels and scores of the questions are different from each other. You cannot move on to another question without answering a question.

2-) ATTACK / DEFENSE
In this type, one team defends while the other team attacks. While trying to close the vulnerabilities in the system presented to the groups, the competitors try to find the vulnerabilities. So there is a mutual struggle.
CTF Question types are usually;
- Web
- Mobile
- Crypto (Kriptografi)
- Forensics
- Network
- Exploiting
- Reversing
- Steganography(Information Hiding)
- Binary analysis
- Mobile
comes up with categories.


What is usually covered in Information Gathering


- Port scanning and IPS bypass
- Network analysis and network attacks
- Infiltrating wireless networks, WPA/WPA-2 cracking
- Package analysis
- TCP/IP level attacks
- Brute force, Password attacks, wordlists
- DNS attacks
- Exploit development and use
- Vulnerability Discovery
- Bypass systems such as firewall, IDS, IPS, WAF
- It is the development of toolkits needed in the process.

CTF PLATFORMS

Hackthebox https://www.hackthebox.com/

Tryhackme https://tryhackme.com/paths

vulnhub https://www.vulnhub.com/

ctf101 https://ctf101.org/

pwnlab https://pwnable.xyz/challenges/

ctftime https://ctftime.org/

backdoor https://backdoor.sdslabs.co/challenges/2013-BIN-50

Crackmes https://crackmes.one/

hackthissite https://www.hackthissite.org/

hacking lab https://hacking-lab.com/

io http://io.netgarage.org/

microcorruption https://microcorruption.com/login

Over The Wire https://overthewire.org/wargames/

xss game https://xss-game.appspot.com/

hacker101 https://ctf.hacker101.com/

google ctf https://capturetheflag.withgoogle.com/

ctf viblo https://ctf.viblo.asia/landing

reversing http://reversing.kr/

pwn challenge http://pwn.eonew.cn/

MysteryTwister! https://mysterytwister.org/home/welcome/

defend the web https://defendtheweb.net/

ctfd https://ctfd.io/

cyber talents https://cybertalents.com/

cyberskyline https://cyberskyline.com/

priviahub https://priviahub.com/

kontra https://application.security/

rootme https://www.root-me.org/?lang=en

webhacking https://webhacking.kr/chall.php

root the box https://root-the-box.com/

attack defense Attack-Defense Online Lab

pentesterlab PentesterLab: Learn Web Penetration Testing: The Right Way




Original Subject::
nice topic
 
Üst

Turkhackteam.org internet sitesi 5651 sayılı kanun’un 2. maddesinin 1. fıkrasının m) bendi ile aynı kanunun 5. maddesi kapsamında "Yer Sağlayıcı" konumundadır. İçerikler ön onay olmaksızın tamamen kullanıcılar tarafından oluşturulmaktadır. Turkhackteam.org; Yer sağlayıcı olarak, kullanıcılar tarafından oluşturulan içeriği ya da hukuka aykırı paylaşımı kontrol etmekle ya da araştırmakla yükümlü değildir. Türkhackteam saldırı timleri Türk sitelerine hiçbir zararlı faaliyette bulunmaz. Türkhackteam üyelerinin yaptığı bireysel hack faaliyetlerinden Türkhackteam sorumlu değildir. Sitelerinize Türkhackteam ismi kullanılarak hack faaliyetinde bulunulursa, site-sunucu erişim loglarından bu faaliyeti gerçekleştiren ip adresini tespit edip diğer kanıtlarla birlikte savcılığa suç duyurusunda bulununuz.