Announcing Google Capture the Flag 2017
security.googleblog.comThis really makes me miss the Stripe CTFs. I'm guessing Google's are aimed more at top security people working together as a team, not to teach ordinary programmers how a buffer overflow acts. I usually got about 80% of the way to a T-shirt in Stripe's.
Check out https://microcorruption.com/.
Hey all, I see a lot of comments asking about getting into CTFs. Trail of Bits has an awesome field guide [1] that I learned a ton from - check it out!
I've never heard of Capture the Flag. Can someone a bit more familiar describe what the format is exactly, or what type of questions / challenges there are? Any examples from last year's competition?
In general CTFs are a list of problems you're trying to solve in a set amount of time, ranging from a few hours to a week or so (and some open CTFs are not time bound, just for learning). They will tell you something (normally very, very minimal info or a hint) and you try to find or figure out a string to 'capture the flag' and get the points for that problem. The harder the problem, the more points you get. The person or team with the most points win.
The types of questions range depending on the CTF and the goal of the CTF. Some of things from the OWASP top 10 (1), while others might have logic problems, math problems, or reference problems where you figure out the answer instead of finding it.
1)https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Proje...
See https://en.m.wikipedia.org/wiki/Capture_the_flag under 'software and gaming' for security CTFs
I used to participate to a few as a hobby back in my university days. The online ones are generally jeopardy-styled, where you get a bunch of challenges across a variety of categories. Web, Crypto, Stego, Binary Analysis, Reverse Engineering, network packet analysis, etc. There's a bit of everything really, and they also try to have a range of difficulty with an appropriate point system.
CTFTime [0] is a great central hub for finding, tracking and reading about CTFs. After each CTF event, many people publish "writeups" which is basically their "walkthrough" of how they solved each challenge. You can try looking at those to get a rough idea of the various skill sets required for these events. The ctfs github group [1] is filled with them.
This seems quite interesting, but as a college student I have no doubt this will be outside my skill level. Any suggestions on similar, but easier CTF and similar events?
Check out ctftime.org or wargames on wechall.net
Out of curiosity, why would something like this be closed off to people < 18 y/o?