How CTFs make you a better infosec specialist

ctf better cybersecurity specialist

Hi there!

Can you believe it’s already summer?

That means we’re a few short months away from some of the most exciting hacking competitions in Europe (and the world!).
Just a few weeks ago, DefCamp founder Andrei Avadanei, along with a couple of other infosec pros, selected the Romanian team for this year’s ECSC (European Cyber Security Challenge).

A team of 36 was chosen to undergo training and receive guidance for the next few months. Only 12 will go on to participate in the ECSC finals this October, which will be held right here, in Bucharest.

This is why we wanted to dedicate today’s newsletter to the awesome experience of participating in CTFs.

ECSC participants mention things such as overcoming challenges as a team, testing personal limits (and breaking them), and working with passionate and skilled hackers.

As D-CTF organizers, we can add many more benefits to this list which we hope you’ll read and act on. You have a lot to gain from a CTF experience, this we can promise!

9 ways CTFs make your a better infosec specialist

If you’re motivated to solve cybersecurity puzzles and gain awesome experience (and prizes!), CTFs may be one of the most fun and engaging things you can do.

From reverse engineering to cryptography, from web vulnerabilities to binary exercises, networking, and forensics, you can work with diverse challenges suited for almost every level.

Solve individual challenges to earn points, tackle increasingly complex ones, and watch yourself progressing through the CTF while learning and having fun.

The brain-teasers in capture the flag competitions are especially designed to help you become a stronger, wiser infosec specialist. They’re also a great way to get to know the community and build relationships that can advance both your career and your personal development.

Here are a couple of other ways in which you can make CTFs work for you:

1. Participate no matter your skill level.

It’s normal to feel intimidated by cybersecurity competitions, especially if you’ve never been part of one. CTFs like the DefCamp one give you the chance to gradually work your way through the challenges.

The more tasks you solve, the more your self-confidence  will improve. These small successes will give you energy and keep you motivated to choose increasingly complex challenges which leads us to our next point.
Take it from someone who’s done it more than a few times:
It’s always good to practice your applied security skills in a fun and competitive environment”, says Calle “Zeta Two” Svensson, Team captain for HackingForSoju that won D-CTF in 2018.

2. Understand vulnerabilities in-depth.

As you most likely know, reading about new (and not-so-new-but-frequently-exploited) vulnerabilities is one thing but working with them is an entirely different ballgame.

A CTF provides the perfect opportunity to play around with vulnerabilities and better understand the context they operate in. The more you learn about the ramifications that exploiting vulnerabilities generate, the more context you have to make decisions about securing systems in real-life.

Andrei Avadanei, DefCamp founder and D-CTF organizer, highlights how participating in this type of hacking competitions benefits everyone involved.

“D-CTF and CTFs in general are very useful for infosec specialists to use their offensive and defensive skills in scenarios very close to real life ones.

These kind of competitions provide the proper environment to test, explore, and learn how to exploit vulnerabilities in order to get the flags.

After each edition of D-CTF we receive a lot of feedback from teams who say that the challenges were great, they even take some time to make and publish write-ups on their blogs after the competition for others who always need more time to get to the bottom of everything.

When we refer to the motivation of joining D-CTF, I must say teams usually enrol in competitions where they attended before because there are several well known international rankings websites that reward most active teams with best results on different world-wide recognised CTFs, including ours.

For us, it’s amazing to see teams who register every year curious to see what new and exciting challenges we’ve prepared for them.

We made lots of friends and learned a lot from them about building and organising the ideal environment for cyber security contests and do it at scale, but also neat tricks to make us better security specialists and improve at identifying threats in companies and complex infrastructures.”

3. Explore new territories and expand your skill set.

The cool thing about CTFs is that they’re always different and surprising. These competitions push you to delve into areas you wouldn’t normally interact with.

When you respond to these challenges, you instantly broaden your horizon and gain a deeper understanding of all things infosec, one task at a time.
Try to choose problems that lie beyond your comfort zone and you might just find the thing that takes your infosec experience to the next level.

Organizers for popular and appreciated CTFs strive to always create new challenges that cater to the curious and eager to explore. This includes Andrei Avadanei:

“D-CTF is the first CTF we’ve organized (and most probably the first one ever organised in Romania) and I must say that hosting this kind of competition is pretty amazing.

I’ve been participating and getting involved in numerous competitions since high school but it’s always much more satisfying and challenging to be on the other side of the table.

We started D-CTF at the first edition of DefCamp, in 2011, but back then it was mainly happening offline, during the event and it was held only locally.

In the following years we managed to expand everything and learn about the good, the bad, and the ugly. Since 3 years now, we have around 1,000 international teams that enrol online in the Qualification phase and the top 15 come to Bucharest every fall at the Final that takes place during the DefCamp conference.

The most rewarding aspect of organizing the D-CTF is the fact that we always need to innovate, to develop different scenarios in order to challenge attendees to explore and find all the flags.

At the end of each edition, we receive a lot of feedback from all the teams that played their way to the top.

I still enjoy creating challenges for this event, even after so many years. Here’s an example I’m really fond of.

There was one time, a few years ago, when I created several blockchain challenges and many attendees were very excited about this new addition, mainly because we were pioneering CTF-like challenges for blockchain applications, never before considered by other well-known international contests.”

4. Test and enrich your know-how.

Things change so fast in infosec that practice is the only way to keep up. To become a skilled professional, you must combine theoretical knowledge with as much practical experience as possible.

Joining CTFs is an excellent opportunity to test your know-how and discover what you need to put more effort towards studying.

Your job’s not on the line and failure is not punished in any way, so why not take advantage of this chance to take you knowledge for a spin?

5. Cultivate critical thinking.

When you watch more experienced hackers work, one thing becomes clear: they’re not only infosec pros, they’re also excellent decision-makers.

Building the ability to think clearly and make great decisions is invaluable for a cybersecurity specialist, no matter the role. With data pouring in from all sources, you’re the one who has to make the call in difficult situations (say, a data breach, since we have plenty of those around these days).

Make critical thinking your forte by completing challenges against the clock in a CTF (or more!) and you’ll reap the rewards instantly.

“Just go for it!”, says Calle “Zeta Two” Svensson. “Practice on a few other CTFs beforehand to get a feel for the format.”

6. Gain invaluable practical experience. Surprise yourself (and others).

Going through a CTF benefits you in more ways than one. The experience you gain from the competition helps you in the most practical sense and it always add points to your resume.

Joining a CTF proves to potential employers that you’re curious, committed to continuous improvement, and focused on proactively enhancing your skills.

Sometimes contestants get so creative that they even surprise CTF organizers. Andrei knows this full well:

D-CTF is the type of contest when you expect the unexpected. :))
Naturally, we have some rules all attendees must follow, but when hackers compete, sometimes they tend to bend the rules.

We experienced any kind of situation you can imagine, from challenges that were previously verified but failed in the contest to challenges that were solved in unexpected ways, to challenges solved and subsequently locked to other teams (or for us) and up to having teams that qualified but forgot to mention they want to join us in Bucharest. :)”

7. Break stuff in an environment that allows it.

Hackers will hack because that’s how they learn. This is also what makes CTFs so fun and thrilling: you can spend your time breaking into things and win points (and cool prizes) for it!

Calle “Zeta Two” Svensson, Team captain for HackingForSoju recalls the most rewarding aspect of participating in the D-CTF was “to go abroad to an on-site competition to meet and compete against other teams that you previously only have played against online.”

Knowing the rules of the game gives you the freedom to focus on the task at hand. Plus, knowing what it takes to break into things gives you a competitive edge over attackers when it’s up to you to secure systems and networks against attacks.

8. Form a team with other infosec people.

It’s really, really awesome to experience the type of camaraderie that forms between people who share the same intense passion for cybersecurity.
We see this each time we run the DefCamp CTF: contestants learn from each other, they complement one another, amplifying their passion and excitement. With multiple points of view and backgrounds involved, they advance faster. Some even end up building friendships in the process.
CTFs are a great way to make your way around the community and explore your potential. Don’t miss out!

For example, Calle “Zeta Two” Svensson, Team captain for HackingForSoju, the winners of D-CTF 2018, recall the most unexpected thing that happened during last year’s competition:

“We recruited a new member to our team who has been playing with us since then.”

9. Win prizes

Most CTFs have quite nice prizes that make the experience even more appealing.

For example, each year at DefCamp we partner with companies that hook you up with the latest gadgets, games, and software.

The next time you host game night, you’ll have a nice throwback to add to it.
Here are two more things to read about CTFs before you jump at the next opportunity to join one:

If you’re excited about the idea of joining this year’s D-CTF, here’s what you need to know, straight from Andrei Avadanei:

“Get ready for another amazing learning experience. We will not let you down!”

Keep an eye on the dedicated D-CTF website for news!
See you soon!
The DefCamp team

    Related articles​

    Keeping up with cybersecurity: DefCamp is back ..

    BY Adina Harabagiu
    On May 16-17, we had an amazing time in Cluj-Napoca, hosting the very first spin-off edition of DefCamp. Q: ..

    Securing the cloud: insights on threats, ..

    BY Adina Harabagiu
    There is no mystery that everything nowadays has a digital component. A growing number of companies are ..

    Striking a balance between security updates, ..

    BY Adina Harabagiu
    The world of cybersecurity is fast paced, there’s no denying it. Innovation is constant and threats are ..