Author: Anna Acosta

Capture the Flag is an information systems competition where teams search for flags throughout the web. This competition is held in different sizes and in different locations. Some of the variations of CTF include local, corporate-sponsored, and online CTF events. Although many professionals in the cybersecurity industry participate, many of these competitions are open to the public and entry-level. CTF is often used as a fun learning tool for students and professionals to gain technical training. If you are thinking about attending your first CTF, find a team that is experienced and willing to show you the ropes!

Many CTF competitions are hosted by cyber companies, which makes them a great opportunity to network! And of course, the winning team typically earns prizes such as money, swag, etc. Some of these competitions are in person at cybersecurity events, while others are completely virtual.

To kick off the competition, the teams are given different puzzle folders, which are organized by level of difficulty. Ultimately, the goal is to capture as many “flags”, or clues such as text files or folders, as possible within a specific amount of time. All flags are assigned a different point value depending on the difficulty, and at the end of the period the team with the most “points” wins the competition.

The first type of CTF in cybersecurity is an attack-defend approach known as Red Team/Blue Team, where each team holds an offensive position for one half, and switches to a defensive position for the other half. The second type of CTF style, known as Red Team, is similar to the game of Jeopardy, where you are assigned different point values, depending on the category you choose. Both of these games are timed, where the team with the most points at the end of the game wins.

Some of the challenges that you will encounter throughout the competition are programming, “crypto”, exploitation, or reverse engineering challenges. One of the decisions a team must make when competing is whether they should start with higher level or lower level puzzles first. It is important to build a team with diverse backgrounds in order to have each person focus on their areas of expertise. Teams range from three to four people but can be up to eight people. Many times, there is also an option to sign up as an individual and be paired up with other people.