Code Like A Girl
13 min read Jun 16, 2018W hile beginning my collegiate career I was looking for opportunities to expand my personal life and learn more about digital security.
Digital security branches onto forensics analyst, penetration tester, network security, incident responder and so on. At first it was a little intimidating as the security field is so vast and I couldn’t easily narrow down my interest and figure out a good starting point. CTFing or “Capture The Flag” was an area of interest I decided to explore and used that as my guide in figuring out what my end goal was in terms of security.
Other than the fun that comes from CTFing and breaking into things (legally), you should have an understanding of the importance of security and why all of this stuff seriously matters. As we all know the world heavily depends on technology as we use it for numerous reasons: entertainment, emailing, transferring data, and so on. Along with this presents potential risks in digital security and any private information stored is vulnerable to digital threats which is why it’s important to be alert, know when to take course of action and protect yourself.
One good way to learn how to protect yourself is by doing CTFs which is a tool for people to learn and obtain skills similar to what hackers use in real-life situations and obtain a greater depth of understanding on vulnerabilities. There are two different types of CTF’s, Jeopardy style and Attack-Defense. Jeopardy style is just how the jeopardy game is played out with a board of categories that includes reverse engineering and pwn to forensics and web exploitation. I haven’t participated in any attack-defense challenges so the guide will be focused around jeopardy style CTFs.
I have been incessantly playing in CTFs for the past couple of weeks and during the process I have learned many security tools and vulnerabilities that I will be sharing from a perspective of an absolute beginner and share knowledge that I have found necessary to understand that has helped me succeed thus far. I believe one of the benefits of reading a guide from the viewpoint of a beginner is that I avoid overestimating what the audience actually knows and no process is overlooked (provided with resources) and will try my best to well-equip the reader with the required skills to start CTFing.
When I just started doing CTFs and researched ways to improve, many guides out there cover far too much information that was beyond my comprehension and assumed the beginners level of understanding. This article is not written for a cyber-security mastermind or a leet hacker. The intention of this article is to help you get somewhat more familiar with doing simple CTFs, navigating through the terminal, and so on. This will be done mainly by explaining some of this material based on experience combined with providing links and resources that I’ve found personally helpful.
Disclaimer!! Since there are many categories of CTF challenges out there I will be mainly focusing on reverse engineering primarily because 90% of the CTFs I did and the tools I used are geared towards solving RE challenges and is what I am currently interested in.
Focusing on one category and sticking with it is good practice for improving the special skill set required to attempt those challenges and encourages you to continuously challenge yourself. Something important that I learned during this experience is that you don’t need to become a jack of all trades and feel pressured to know how to solve challenges of every single category. Find one CTF category that you enjoy and stick with it. Branching out happens later as you’re becoming more comfortable with this kind of stuff. With this article I hope that the reader will be prepared to start and do CTFs. This is something that can be intimidating at first for beginners but once you’ve gotten past some of the basics it will get easier from that point.
Seriously, keep at it and you’ll get better.
The “trick” is you have to actually do it yourself.
When testing/learning how to use offensive security tools it’s important to set up a safe zone when exploiting vulnerabilities and take certain security precautions into consideration. When building your lab environment it’s recommended you accommodate enough space and resources depending on your goal. Some people use Virtual Machines to develop software for other platforms, test malware or maybe they prefer a certain OS over their host machine’s OS. If you have a virtualizer you can skip this step.
I will be guiding you on installing a VM and provide links for the OS (reason mentioned below). Linux is by far the best Operating System for CTFing, programming and testing software. It provides the user with a lot of flexibility and freedom to do what they please. The Linux platform also has many useful tools available for the user that can be installed through the terminal. Honestly, I just feel better when I program on Linux and programming feels easier — Just my opinion though.
You can choose any lab, (Oracle VirtualBox, VMware Workstation, VMware Fusion..), personally use VirtualBox. Follow this link to begin the installation process. https://www.virtualbox.org/wiki/Downloads
Once you’re at a page that looks like this, download the package based on the OS running on your host machine. Once the installation wizard pops up, leave the default options checked (unless you want to update your file path) and continue to hit next. After you completed the process and exit the installation wizard, you should now have the VirtualBox Manager up and running.
If not, locate which path the files have been stored and open the application. (Note: on the left panel I have multiple workstations, if you just installed this it should be empty.). Now that you have your virtualizer installed, leave the manager open as you are going to have to install the Linux OS to attach to your new VM. Navigate to this website —
You can install the latest version, 18.04 LTS ISO, I am currently running an outdated version, 16.04, but either will be fine. An ISO disk is what you will attach to your VM (image below) by replacing the “empty” drive and what holds the OS.
Considering that I’m striving for brevity and efficiency with this guide and shortening areas that are not directly related to CTFs, I just demonstrated the processes of instructing and installing a virtualizer as it’s a fast operation, setting up the OS requires a few more steps in which I HIGHLY recommend you check out this link and completing the required steps before moving on —