CTF: What are and what are they for?

CTF or Capture The Flag are hacking exercises where the participants have to hack systems in order to get the “flags” that are usually a string of characters. This is meant to train and test their hard skills in hacking as well as their thought process.

CTF platforms are plentyfull nowadays, Hack the Box (HTB), TryHackme (THM) even Hacker One and BugCrowd have their CTFs nowadays. But why?

So, let’s get the quick answer: It is a good way to show people how good you are. If you are a top CTF player, odds are that you know a lot about hacking.

The long answer is a bit more complex. CTF platforms revolves around a lot of money. Not just from the participants but from the advertisers, partners and whatnot. For instance, companies pay to anounce jobs at such platforms and to use them as a testing ground for candidates. So as always, money is in the center of the world.

Now the question of how they help you. You can join a lot of CTF platforms, do a lot of challenges, get a lot of points. This will show your tech skill. But to achieve the best possible result, you should write things down, or make videos, or produce content based on it.

Let me explain, as said in a previous article, the report is the main part of any pentest. If you want to be a Pentester you need to know how to write them properly. You need to know how to communicate properly. That said, let’s say you solved a challenge on THM. If you just put in the flags, save it, share the badge on LinkedIn that will give you some attention. If you type a writeup, with the evidence of every step, that will give you more attention. If you produce a report, with the PoCs as well as an executive part explaining the vulnerabilities and bugs and provide options on how to fix them? That is gold.

There are plenty of people who can hack, despite the lack of professionals. If you want to be on an ordinary level position, you have very little to worry about. But if you want a top tier job? then you should actually start to go the extra mile. As my mentor at the Global Hub Student Ambassadors said to me, on highly competitive programs, be it professional or academic, you need that thing that sets you apart from the rest of the applicants. If you are applying for a pentester job at Meta for example, they will have dozens, if not hundreds, of equally skilled applicants on the technical level. What set you apart from them? Why should Meta hire you instead of them?

So, despite CTFs being an amazing resourcec for practicing technical skills, you actually need to think a little bit about what you want for yourself and from that use it in the proper way.