Unleashing Cybersecurity Skills: The World of Capture The Flag (CTF)

In the realm of cybersecurity, there's a game that isn't just about fun, but also about learning, challenges, and honing your hacking skills. It's called Capture The Flag (CTF). 

In this article, we'll delve into what CTF is, how it works, and why it's a crucial training ground for aspiring cybersecurity professionals.

1. Understanding Capture The Flag (CTF)

Capture The Flag (CTF) is a cybersecurity competition that simulates real-world hacking scenarios. Participants solve puzzles, decode messages, exploit vulnerabilities, and ultimately retrieve hidden "flags" to earn points. Flags are unique strings that prove a challenge's completion.

Image: A visual representation of a CTF flag being captured

2. Categories of CTF Challenges

CTF challenges are divided into distinct categories, mirroring the diverse aspects of cybersecurity:

Image: 6 common categories of Cyber Battle: Capture The Flag

2.1 Cryptography:

Cryptography challenges involve deciphering encoded messages, cracking codes, and understanding encryption techniques. You'll encounter various types of cyphers, substitution methods, and algorithms. Participants often need to apply analytical and mathematical thinking to break the encryption.

2.2 Web Security:

Web security challenges are focused on identifying and exploiting vulnerabilities present in web applications. These challenges mimic real-world scenarios where hackers attempt to bypass security mechanisms, execute code injection, or manipulate URLs to gain unauthorized access. 

2.3 Forensics:

Forensics challenges involve analyzing digital artefacts, logs, and files to extract hidden information. Participants may recover deleted files, decipher hidden messages in images, or reverse-engineer malware to understand its behaviour. These challenges test your attention to detail and analytical skills.

2.4 Reverse Engineering:

Reverse engineering challenges require participants to dissect compiled programs or binaries to understand their functionality. You'll explore executable files, disassemble code, and identify vulnerabilities. This category is particularly useful for understanding how malware operates.

2.5 Binary Exploitation:

Binary exploitation challenges involve exploiting vulnerabilities in compiled programs. Participants find ways to manipulate input data to trigger buffer overflows, code execution, or privilege escalation. This category focuses on understanding software vulnerabilities and crafting exploits.

2.6 Network Analysis:

Network analysis challenges focus on analyzing network traffic to uncover vulnerabilities or hidden information. You might examine packet captures, identify potential security flaws, and reconstruct network activities to understand their implications.

3. How Does CTF Work?

CTF participants engage in a variety of challenges:

3.1 Challenge Discovery

Participants select and tackle challenges based on their expertise. (You can refer to heading 2 "Categories of CTF Challenges").

3.2 Problem-Solving 

Image: Cyber Battle participants Source: itpss.com

Once participants choose a challenge category, they dive into solving challenges within that domain.

These challenges simulate real-world scenarios and require participants to:

• Analyze Code: Examine source code, binaries, or other files for vulnerabilities and hidden information.
• Reverse Engineer: Disassemble and understand the inner workings of compiled programs.
• Decipher: Decode encrypted messages, cyphers, and codes using cryptography principles.
• Examine Artifacts: Analyze digital artefacts like images, logs, or packet captures to extract relevant information.

Challenges require diverse skills, from coding to cryptography.

3.3 Flag Retrieval 

Solving a challenge leads to the discovery of a "flag," a unique piece of text that confirms successful completion. 

Flags are often in the format of alphanumeric strings. They're usually embedded within challenge files, hidden in code, or even transmitted within network packets.

3.4 Scoring

Image: Scoreboard sample of Cyber Battle: Capture The Flag, Source: haxf4rall.com 

For every successfully retrieved flag, participants earn points. The difficulty of the challenge determines the number of points awarded. 

Complex challenges with intricate solutions yield higher points. The participant or team with the most points wins the competition.

4. Importance of CTF Competitions

Capture The Flag (CTF) competitions are more than just challenges; they provide a rich learning experience and numerous benefits that contribute to personal and professional growth. 

Here's an in-depth exploration of the importance of CTF competitions:

4.1 Skill Enhancement and Practical Application:

Image: Participants of the Cyber Battle: Capture The Flag. Source: BruCert instagram

CTF challenges mirror real-world cybersecurity scenarios. By actively participating in challenges across various domains, participants enhance their technical skills and apply theoretical knowledge to practical situations. These experiences equip individuals with the ability to identify vulnerabilities, develop exploits, and defend against attacks.

4.2 Problem-Solving and Critical Thinking:

Image: Brainstorming session. Source: wework.com

Each CTF challenge presents a unique puzzle that requires analytical thinking, creativity, and problem-solving skills. Participants learn to dissect complex problems, break them down into manageable components, and develop systematic approaches to find solutions. This cultivates a mindset that's essential for tackling intricate cybersecurity challenges.

4.3 Exposure to Diverse Domains:

Image: Representation of diverse into cybersecurity domains. Source: evelynlim.com

CTF competitions cover a broad spectrum of cybersecurity domains, including cryptography, web security, forensics, and more. This exposure allows participants to explore different areas of interest and expertise. It encourages them to become well-rounded cybersecurity professionals with versatile skill sets.

4.4 Hands-On Learning and Active Participation:

Image: photo of 2016’s Cyber Battle: Capture The Flag competition, Source: itpss.com

Traditional learning methods are valuable, but CTF competitions offer a hands-on and immersive learning experience. Participants actively engage with challenges, experiment with tools, and observe immediate outcomes. This hands-on learning approach accelerates skill development and knowledge retention.

4.5 Teamwork and Collaboration:

Image: representing teamwork and collaboration. Source: quietrev.com

Many CTF competitions emphasize teamwork, fostering collaboration and communication among participants. Joining or forming teams allows individuals to share insights, strategies, and solutions. Collaborative efforts mirror real-world cybersecurity operations, where a diverse skill set is essential for success.

4.6 Competitive Spirit and Motivation:

CTF competitions add an element of competition that fuels motivation. Participants strive to earn points, solve challenges, and achieve a high rank on leaderboards. This competitive spirit drives individuals to continuously improve their skills, explore new techniques, and push their boundaries.

5. Preparing for CTF Success

Successfully participating in CTF competitions requires a combination of knowledge, skills, and strategies. Here's a detailed breakdown of how to prepare effectively:

5.1 Learn Key Concepts

1. Cryptography: Familiarize yourself with encryption algorithms, decryption methods, and common cryptographic attacks.
2. Web Security: Understand web vulnerabilities like SQL injection, cross-site scripting (XSS), and request forgery.
3. Forensics: Learn techniques to analyze digital artefacts, recover deleted data, and reconstruct events.
4. Reverse Engineering: Study assembly language and understand how to reverse-engineer compiled programs.
5. Binary Exploitation: Learn about buffer overflows, format string vulnerabilities, and binary analysis.
6. Network Analysis: Gain insights into network protocols, packet capture analysis, and network attacks.

5.2 Practice Regularly

1. CTF Platforms: Explore CTF platforms like PicoCTF, Hack The Box, TryHackMe and PentesterLab Engage with challenges of varying difficulty levels to improve your skills.
2. Wargames: Participate in cybersecurity wargames that simulate real-world scenarios and test your problem-solving abilities.
3. Online Tutorials: Follow online tutorials that cover CTF-related topics and provide step-by-step guidance on solving challenges.

5.3 Joining Communities

1. CTF Forums: Participate in CTF forums and communities to connect with like-minded individuals, ask questions, and share insights.
2. Online Platforms: Join CTF-related Discord servers, Reddit communities, and social media groups to stay updated and interact with experts.

5.4 Team Collaboration

1. Team Formation: Consider forming or joining a CTF team. Diverse skills and expertise within a team can enhance problem-solving and strategy development.
2. Knowledge Sharing: Collaborate with team members to share insights, solutions, and tactics for tackling challenges effectively.

Stay Updated with Trends

1. Cybersecurity News: Follow cybersecurity news, blogs, and websites to stay informed about the latest vulnerabilities, techniques, and trends.
2. CTF Write-Ups: Read CTF write-ups and walkthroughs to understand different solution approaches and expand your toolkit.

Embrace the CTF Journey

Image: Top 3 teams of Cyber Battle: Capture The Flag 2016 Source: itpss.com

In the realm of cybersecurity, Capture The Flag (CTF) competitions emerge as a transformative journey that transcends traditional learning approaches. The path to becoming a proficient cybersecurity professional involves more than textbooks and theoretical knowledge—it's about immersing oneself in practical challenges, fostering problem-solving abilities, and embracing a community of like-minded enthusiasts.

CTF competitions provide a gateway to skill refinement, critical thinking, and continuous learning. As you navigate through various challenges—deciphering cryptographic puzzles, analyzing network traffic, dissecting binaries, and more—you embark on a journey of cybersecurity mastery. Every challenge solved, and every flag captured, contributes to your growth and expertise.

But it's not just about individual achievement. CTF thrives on collaboration and teamwork, reflecting the collaborative nature of cybersecurity operations in the real world. Forming teams, exchanging insights, and collectively unravelling complex challenges fosters camaraderie and mutual growth.

As you prepare, practice, and engage in CTF competitions, you're not just preparing for a challenge; you're preparing to contribute to a field that's critical to our digital landscape. Your efforts in understanding vulnerabilities, refining solutions, and fortifying defences are essential to safeguarding digital environments and information.

So, whether you're a newcomer intrigued by the world of cybersecurity or a seasoned professional seeking to expand your horizons, embrace CTF as a dynamic avenue of growth. With each challenge, you're not only capturing flags but also capturing opportunities to sharpen your skills, collaborate with peers, and contribute to the ever-evolving landscape of cybersecurity.

As you embark on this journey of mastering the art of CTF, remember that the thrill of solving challenges and capturing flags is matched only by the satisfaction of becoming a stronger and more adept cybersecurity practitioner. Let the flags you capture become badges of honour in your pursuit of excellence in the fascinating realm of cybersecurity.

Image: Reaching the summit. Source: zermatt.ch

May your journey through CTF competitions be exhilarating, enlightening, and transformative—a voyage that shapes not just your skills but also your perspective on the intricate dance between technology and security.

With flags in hand and knowledge at heart, venture forth on your path of cybersecurity discovery. The world of CTF awaits your exploration and contribution.

Machine Learning is What Makes SkyNet, SkyNet

You watched Terminator, right? At least one of the movies? If you havn't, go watch it.

What is Machine Learning?

To answer that, let's start with how we, the human beings, the mighty race, learn anything. If I teach you about how to make additions of any two numbers, you would know how to do after so many practices. So showing you "1 + 1 = 2", and "2 + 2 = 4", etc. You get the idea of how to do additions.

Then when I give you a random 2 numbers, I expect you to give me a sum of these two numbers in return. Let's say "144" and "956". You would give me "1100" as the correct answer. If you get anything else than 1100, please retake your addition tests here.

The above scenario is what we are trying to do with machines. Teach them how to make perfect additions or perfect subtractions or just help us create a formula that gives us the desired outcome.

Join Innovation Day 2014!

It is December, the perfect month to enjoy, take a vacation, kick-back and relax from our ever so busy lives. But guess what? Anak IT has been brewin' up an event that you might be interested in. In our efforts to introduce technology, programming and scripting to everyone, especially in Brunei, we are hosting Hour Of Code event, at iCentre. Check out our poster below:

Interested? Come and join us! Too busy? Ask your friends and family to take over for ya! Did I mention that you'll get some prizes to win if you attend? I think I didn't. Yes, there's prizes. Come down this weekend and expand your coding skills with creative games and apps and exploration in the world of programming, coding and audio mixmastering.

The event starts at 9am, this Saturday (13/12/2014) until 6pm. Help us spread the word!

Customising your folder in Windows

Assalam Anak IT Readers~

Today I will tell you miana kan "customise" folder biskita especially your favourite folder by putting any image that you like to be as its background image. The following picture illustrate the typical and "boring" folder...




The first thing that you need to do is, put your favourite picture inside your favourite folder. For this example, I will use a folder named "AnakIT" which I located in C drive and so the folder's full address is "C:\AnakIT".

Using any text editor (such as notepad or wordpad), type the following code:




Malas kan taip? Hahaha copy it from here then...

Replace your_image.jpg with the picture's name that you have selected earlier. In this case, I use "Img01.jpg" to be the background of the folder.

For the IconArea_Text, the "0x00FFFFFF" represents white colour. I use white colour for my text because my background picture is dark. Mun pakai itam kang langsung pajah inda lagi nampak apa-apa bwauhuwhuahwa but just in-case you want the text to be in black colour, use "0x00000000" instead. The last 6 characters are actually representing RGB colour code so if I use "0x0000FF00", the text will be in green colour.

After you are done, save the text document into your folder and name the file as "desktop.ini". Set the "Save as type:" to "All files" and click the "Save" button.




The next step will requires you to run a command. Go to Start>Run or simply press Windows+R keys on your keyboard



Type the following command:attrib +s "your folder's full address"

Since my folder is "C:\AnakIT", so I need to type:attrib +s "C:\AnakIT"



Press "OK" button and go to your customised folder and see whether if it does work or not.



Selamat mencuba~

Sekian, wassalam...

Using External StyleSheet

I'm assuming if you are reading this tutorial, you already know what Cascading Stylesheet (CSS) is. If you don't, you should head here first.

External stylesheet gives an advantage over inline stylesheet (that is having the stylesheet inside the HTML: it reduces the page load time since the CSS is all inside one file. Moreover, the changes made on that one file are simultaneously reflected on all pages that link to the stylesheet.

So, how do we go about using external stylesheet?

Step 1:

First of all, you will need to have all your CSS codes saved into a file. You can name the file anything you want but be sure to save it as .css extension. Meaning, if you name your stylesheet 'style', the full filename is 'style.css'.

Step 2: 

Upload this file to your server. Take note of the directory where you upload the stylesheet. Usually it is stored in the root directory.

Step 3:

Next, open up your HTML file and stick this line between your tags:

However, if you are storing the stylesheet in a specific folder (not in root directory), for example in a folder called styling, the code will look like this:

Now you may want to know what purpose does the code above serves. The code above is used to call or load up the stylesheet into your HTML.

Step 4:

Save your HTML file (and upload it to your server if you haven't) and you're done!

Customising Error Pages

No matter whether you are a geek or simply a normal internet user, there are times when you come across dead links within a website. And that pretty much annoys you. And half of the time you decide to move on and go to other websites.

To the webmaster/web owner, this is a downright frustration as well because you loses traffic. But maybe you do not realise that the reason why your visitor decides to leave your website not because they can't access the page (well, that's half of the reason of course) but because they're being rubbed in the face with the ugly ERROR page. Pokoknya, ilang minat bisdia.

So, to make sure the visitors will still stay on your website, you need to spiff up your error pages supaya inda boring, inda membari meluat. What do we do?

Obviously, we will need to customise the error pages. To do this, you will have to create a file called.htaccess. If you already have this file, you only need to add in a couple of lines.



Anyway, if you hadn't, follow the steps below.

Step 1:

Create two files that serve as your error pages. You can customise it in anyway you like. Add in CSS kah, Flash kah, up to you. Save them as 404.html and 403.html respectively. (You can choose to have them as .php files instead of .html if you like).

Step 2:

Open up your editor (Notepad kah, Wordpad kah) and type in these lines:

ErrorDocument 403 http://www.yourwebsite.com/403.html
ErrorDocument 404 http://www.yourwebsite.com/404.html


Save the file as htaccess.txt

* If you had chosen to name the files as 404.php and 403.php, make sure in the lines above you use the same extension as well.

Step 3:

Upload all the three files (404.html, 403.html, htaccess.txt) to the root folder of your website and rename htaccess.txt as .htaccess



Test the error pages by typing in your web address URL followed by garbled/random words, for example: yourwebsite.com/antamtiaeh. The error pages that you created just now should be popping up. If it doesn't, do give me a buzz.

Using PHP Includes

Are you tired of having to copy and paste long codes into every single page in your website? For pages that contain short contents, it is alright if you just use HTML. But imagine if you have all those extra codes (for sidebar, advertisements, credits, etc.) wouldn't that be troublesome to include on every single page? And if there is a line of code that you want to change, you will have to change the same code on the other pages too.

Now, wouldn't you want to know how to do it the short and simple way? If you do, here's a tutorial on how to do it. Mind you that this tutorial will only provide the basic of PHP includes usage.

First of all, take a look at this basic HTML coding. Let's say it is the coding for owner.html:

To use PHP includes, basically, you will need to split your HTML codes and put them in separate pages and then join them together with this code:

Step 1:

Open up your text editor and put in your html codes. Remember to paste only the codes that start from <HTML> until <body>. The rest that comes in between the <body></body> tags is the content.

Save this file as header.php

Step 2:
Create a new file and name it footer.php. Paste the bottom part of the HTML into this file:

Step 3:
Paste the contents of your page into a new file and name it owner.php.

Step 4:
Now, it is time to connect the 3 files together.
In the owner.php, paste this code at the very top of the file.

And at the very bottom of the file, paste this code:

Once you have coded that page. Upload the three files to your site and test it out. Go tohttp://yoursite.com/owner.php and see if it works.

Note: Make sure you place the header.php and footer.php in the same folder as the page that you want to connect them to otherwise it will not work.

Alert!!

In this article I will show you how to produce alert box in your site using javascript. Hehehe suspeng? So here are the codes:

Put the code into your site and see what will happen.

Kacang? or Kuaci? Huhuhu. Sekian.

How to check your PHP version

If you run a server or even "virtual" server and would like to check your PHP version, make a new php file (example: cekphp.php) and paste these codes into it.

Run the new php file through localhost (example: http://localhost/cekphp.php) and you will see a list of php configurations.

Thank you.

Hello World!

"Selamat Datang Ke Programming Laboratory. Tekan 1 untuk Bahasa C++, Tekan 2 untuk Bahasa Visual Basic, Tekan tekan untuk tekan tekan..."

Hello world! *hahaha tarus-tarus* Salam Anak IT.

For those who have done any basic programming, I believe the phrase "Hello World!" is not a new thing for you. But the question is... Why "Hello World!"? Inda dapat word lain kah?

Anyway, the sentence "hello world" was first introduced around 1970's and has been used up until now especially in Programming Language tutorial. The first and the most important part in programming is DISPLAYING TEXT. In real life, you need to speak out or even write on a piece of paper to COMMUNICATE with each other. In cyber world, the most used media for communication is using text.

Anyone using MSN right now? I am pretty sure you would type words using your keyboard in order to communicate with other MSN users unless you are not in a mood to type things and prefer to use your voice through microphone-speaker medium to communicate with them. But, in human-computer communication, can you really do it that way? *pasang microphone then mengeriak "START" basar-basar rah komputer* hahahaha who knows in the future, speech recognition will be applied to control our machine (I heard that it is now has been applied but only to type characters, not controlling the system).

So back to our topic, in order for human-computer to communicate, there must be TEXT just like how we communicate with people. All beginners in programming need to know how to display words in their programs depending on what Application and Operating System they are using.

Here, I will show you how to display "Anak I.T" on different examples of most-used application:

Java:

Javascript:

PHP:

VisualBasic6:

VisualBasic.net:

SQL:

P/S: The coding here is only for demonstration. When you write real coding, DO NOT FORGET to indentyour code. It is the best practice.

Until next time, sekian. Wabillahitaufiq Walhidayah.

Programming Error?

Realise anything?

"Back to the future"

P/S: How many of you are using BIBD's Internet Banking? Ever wonder why it only works on Microsoft's Internet Explorer browser? I think I need to prepare for an interview with officer in-charge regarding the matter.