So what CTF stuff did I see at @HackingEsports today that I can pass on to other young hackers in training?

1) There is a *fabulous* and global next generation of hackers out there growing up, and we should be really proud of their hard work and sportsmanship. I definitely am!!
2) No matter what, don't give up, and don't quit the CTF.
Nobody knows everything about hacking or cybersecurity. Even if you're struggling with a CTF, just relax and learn what you can. The point isn't to be first place.
3) Learn when to move on. Today's Windows-based challenge stalled all the participants up for a bit. The difference between the people who finally got flags first and those who got them later was a decision to move to a new host or tool when one wasn't working or going anywhere.
4) Use the effective tool for the job, even if it isn't the trendiest. A Windows-based challenge meant that simply using native RDP and SMB was sometimes faster and more reliable than Linux tools. The more complex the solution, the more potential points of failure.
5) Enumerate and understand the environment, first. I saw a lot of people jumping through exploitation methods, scripts, and attacks, before even identifying what hosts, protocols, ports, and specific operating systems were in use.
6) Take good notes. Have a good method for note taking and keep track of where you've been on the network and what you're doing, even if you have limited time. Otherwise you can miss something obvious or redo work, later.
7) Don't judge every CTF simply in relation to the OSCP. Sure, there are CTF-like elements in the exam, but it also includes mental challenges and constraints that are very unique. Use CTFs to learn tools, tactics, and techniques, and don't poo poo them if they're simpler.
8) CTFs are for learning skills, networking, building your confidence, and trying new tactics. Winning the gold medal shouldn't be the point. Most offensive CTFs aren't particularly representative of modern red teaming or adversaries, anymore. They're educational.
9) I don't really believe in 'purple teaming', but blue-teaming skills are really important for red-teamers, and vice versa. Everyone should cross-train. Delving through pcaps and network miner tripped a few of the participants up. I have to do that daily. Adversaries do. too.
You can follow @hacks4pancakes.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
Those who think consciousness raising & movement building are disconnected, or even a distraction from electoral politics have not paid attention to the history of social change.In this thread, we
Read more
The 2020s will be known as the Remote Work decadeA few predictions of what is likely to emerge[ a thread ] Third Space: Office and Working from Home will
Read more
1/29: Have you ever had a concept explained to you that helps frame complex issues you’ve been wrestling with and opens your eyes to new possibilities? A concept that I
Read more
By continuing to use the site, you are consenting to the use of cookies as explained in our Cookie Policy to improve your experience.