Capture The Flag Challenges — Infosec Training

My experience with playing Capture The Flag challenges and making it an everyday hobby

Capture The Flags Challenges— I started doing CTF recently after seeing many videos about them online. After finishing the first cyber defenders’ challenge, I thought of doing more of these every day. I started looking for other available sites and discovered many sites. I spent a couple of hours every day for the last few months. Below are some of the sites I am on every day. Spending time on these sites helped me to learn new things and to refresh the skills I have learned so far. There is a lot of free content available. The CTF’s I have done are free, and I also had paid subscriptions.

Below are some of my go-to sites every day. Start with the free content available and then look into purchasing the premium subscriptions. All of the reviews are based on my personal experience.

CyberDefenders — Free and Premium

TryHackMe — Free and Premium

RangeForce — Community edition and Premium

Pentester Labs — Free and Premium

HackTheBox — Free and Premium

CyberDefenders

First, I started with CyberDefenders. I finished a contract last year and missed working with Splunk and doing the SOC work. I started with the Splunk Boss of The SOC v1 challenge; you can download challenges and spin the VM on the local machine. I also did some malware traffic analysis using Wireshark and other tools. I love this so far and going to do more soon. They currently do not offer badges or anything, but the time is worth a LOT of free content. They also have paid content. I was learning content available — Case Investigation, Email Forensics, Image Forensics, Log Analysis, MAC Image Forensics, Malicious Document, Memory Image Forensics, Mobile Forensics, OpenSource Intelligence, Operational, Packet Analysis, Reversing, SIEM Case Investigation, Windows Image Forensics.

CD CTF Challenges: https://cyberdefenders.org/labs/
Training Courses: https://learn.cyberdefenders.org/

TryHackMe

Great site with tons of free content, and if you can afford a little bit of money out of your pocket, getting a year subscription is worth it. This site had various paths to choose from and offered badges to showcase the time spent and work you did. New and aspiring cybersecurity professionals can start with Learning the Basics and then select the learning path. Learning paths available via TryHackMe are — Cyber Defense, Web Fundamentals Pentest+, and Offensive security. Some of the content between the learning paths is overlapping. It does not hurt to revisit what you learned in the past. When you reach a 7 Day streak, users can unlock access to other networks. New boxes are released constantly, and you can practice the skills learned via learning paths.

THM CTF Challenges: https://tryhackme.com/dashboard

RangeForce

Anyone can access the Community edition, and there is a good amount of free content to learn. Once the community edition challenges are finished, you can reach out to the support for getting further access to their Battle Paths or Battle Skills. Both of these offer various training options that one can learn, but these are premium subscriptions. Battle Skills is RangeForce’s whole platform that offers ~450+ hands-on learning modules, including skill assessments, digital certificates, and badges. Battle Paths are segments taken from the complete platform and offered as topic-based learning pathways.

RF CTF Challenges: https://www.rangeforce.com/

Pentester Labs

This site has various paths to choose from with great content. An excellent site if you can afford to spend a few dollars a month or get access for few months at once. One can start with learning Unix, Essentials, Traffic analysis, exploiting various vulnerabilities like shellshock, JSON Web Tokens, SQL injection to shell, and many more.

Bootcamp to get started in Infosec: https://www.pentesterlab.com/bootcamp

HackTheBox

One more great site that has a lot of learning paths to choose from. I took TCM Ethical Hacking course a while ago, did some of the boxes here, rooted some of the boxes, and did some memory analysis challenges. I haven’t gotten the chance to spend more time here, but I plan to put in some work and learn new things moving forward. one more great site is learning new content and to brush your old skills.

HTB CTF Challenges: https://www.hackthebox.eu/

Since I started doing these challenges, I wish I have more time. I hope this blog post will be helpful for people trying to get started a career in the infosec world.

References:

https://cyberdefenders.org/
https://tryhackme.com/hacktivities
https://www.hackthebox.eu/
https://www.pentesterlab.com/
https://www.hackthebox.eu/