CTF Tips for Success
I was just relaxing on a Friday afternoon when I saw a flutter come across my LinkedIn dashboard. John Hammond was teasing some challenges he made for NahamCon CTF 2024. I figured, hell... why not, and started looking at the challenges. I started knocking a few out, and each one I tried was so well-made that I couldn't help but be impressed and more curious. I took a relaxed approach to it until Saturday with one hour to go. Then I tuned out all distractions and made sure my answers were good to go. I'm not upset at my placing: 331st out of 3822 teams. Top 10% as a solo player isn't bad.
If I could do it all over again (which I will for next year), I would probably take the time beforehand to do these things before I sit down for a CTF:
Set Up Your Workspace:
- Virtual Machines: Ensure your VMs are ready. Don't just rely on your daily driver to do everything, as you'll start loading tools, challenge content, and some garbage onto it and slow it down. Start with a Windows and Kali VM.
- Physical Environment: Make sure you have your physical environment set up. One monitor is a must, but with two, you're living the dream. Keep your desk clear (except for a notepad and pen). Have your coffee ready to go and ensure everything that needs batteries has batteries.
Have a Goal for the Day(s):
- Time Management: Plan out how much time you're going to spend on challenges and implement breaks for eating, physical exercise, or touching grass.
- Preparation: Make sure everything you need to do before the day is out is done before you start (work, chores, or whatever will keep you from sleeping on the couch or the floor).
Get Friends (Optional):
- Collaboration: Talk to your current friends to see if anyone has any interest in doing a CTF. It's a good way to hang out and work through problems together.
- Networking: If you want more friends, talk to other people signed up for the CTF. Check the Discord if there is one or hit up your local DefCon group to see if anyone wants to participate.
Be Ready to Document:
- Documentation Medium: A big part of doing these challenges is remembering what you did and elevating the industry by sharing with others. Have a medium (GitHub, blog, or Medium page), and have a format ready to document general steps and snapshots so you can go back after the competition and clean it up.
Have Fun:
- Enjoy the Process: Don't forget that you're doing this to sharpen your skills and collaborate with people in the industry. Engage with others, make jokes, and relax. The person who gets 1st place and the one who gets 600th are both getting the same thing out of this: a neat resume bullet point and new skills to bring to the table.
For me, participating in CTFs is an excellent way to enjoy a weekend while keeping my skills sharp and making new friends. I'll be sharing some of my write-ups here for everyone to read. Stay tuned!