[eemax]

I've never heard of Capture the Flag. Can someone a bit more familiar describe what the format is exactly, or what type of questions / challenges there are? Any examples from last year's competition?

[lowpro]

In general CTFs are a list of problems you're trying to solve in a set amount of time, ranging from a few hours to a week or so (and some open CTFs are not time bound, just for learning). They will tell you something (normally very, very minimal info or a hint) and you try to find or figure out a string to 'capture the flag' and get the points for that problem. The harder the problem, the more points you get. The person or team with the most points win.

The types of questions range depending on the CTF and the goal of the CTF. Some of things from the OWASP top 10 (1), while others might have logic problems, math problems, or reference problems where you figure out the answer instead of finding it.

1)https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Proje...

See https://en.m.wikipedia.org/wiki/Capture_the_flag under 'software and gaming' for security CTFs

[ehsankia]

I used to participate to a few as a hobby back in my university days. The online ones are generally jeopardy-styled, where you get a bunch of challenges across a variety of categories. Web, Crypto, Stego, Binary Analysis, Reverse Engineering, network packet analysis, etc. There's a bit of everything really, and they also try to have a range of difficulty with an appropriate point system.

CTFTime [0] is a great central hub for finding, tracking and reading about CTFs. After each CTF event, many people publish "writeups" which is basically their "walkthrough" of how they solved each challenge. You can try looking at those to get a rough idea of the various skill sets required for these events. The ctfs github group [1] is filled with them.

[0] https://ctftime.org/

[1] https://github.com/ctfs