Recently my friend and colleague Ray Doyle and I gave a talk at CarolinaCon 13 about getting into Capture the Flag (CTF) security competitions. We both see them as a great way to hone your skills and learn new ones.

The response we got was very positive and many people were asking about the resources we mentioned in our talk, so I thought I’d go ahead and post them here.

How to do CTFs

• Checkout ctftime.org for upcoming CTFs, write-ups on past challenges
• The subreddit /r/OpenToAllCTFteam is an open CTF team that you can join
• Read write-ups of older challenges, as well as challenges that you attempted (whether you completed them or not) – https://github.com/ctfs/

Resources

• github.com/zardus/ctf-tools – long list of tools separated by challenge category
• Practice CTFs
  • picoCTF
  • Pwn Adventure – an MMO client and server you can run and hack to beat
  • SANS Holiday Hack Challenge
    • 2016 challenge 
• OpenCTF’s how-to page 

Upcoming CTFs

• DEFCON
  • DEFCON CTF – https://legitbs.net/
  • OpenCTF
  • IoT Village – SOHOpelessly Broken
• Derbycon CTF
• CSAW CTF (good for beginners)
• PoliCTF – http://www.polictf.it/
• Google CTF – http://g.co/ctf