Lesson 10: CTF Methodology — From challenge to flag
CTF (Capture the Flag) is a cybersecurity competition where you solve challenges in various categories to find a secret string — the 'flag'. CTFs are the most legitimate, popular, and fun way to learn offensive security.
CTF is like a digital escape room: you have a challenge, you have tools, and you're looking for the key (the flag). Each challenge is self-contained in a controlled environment.
- CTF — Capture the Flag
- A cybersecurity competition where you solve technical challenges in various categories to find secret strings called 'flags'. All environments are authorized and safe to use.
- Flag
- The secret string that the challenge goal is to find. Usually in the format CTF{...} with content describing the challenge. You submit it to the platform to receive points.
- Category
- The type of challenge in CTF: Web (web applications), Crypto (cryptography), Pwn/Binary (memory exploitation), Reverse Engineering, Forensics (digital forensics), MISC (miscellaneous)
- Writeup
- Detailed documentation of all steps in solving a CTF challenge — including failed attempts, tools used, and what ultimately led to finding the flag
- Burp Suite
- A professional proxy tool for testing web applications. Allows intercepting, viewing and modifying HTTP requests between the browser and server — a central tool in the CTF Web category