# Hands-on Practice ## **Capture The Flag (CTF)** In **cybersecurity**, a **Capture The Flag (CTF)** is a **hands-on competition** designed to simulate real-world hacking scenarios. Participant, who are often **security professionals, ethical hackers, students, or red teams**, attempt to solve technical challenges that test their **offensive and/or defensive skills**. ### **Types of CTF Competitions** CTFs can vary in format but typically fall into three main categories: 1. **Jeopardy-Style** – Players solve challenges in categories like **cryptography, reverse engineering, web exploitation, and forensics** to earn points. 2. **Attack-Defense** – Teams defend their own systems while attacking others, simulating **real-world red vs. blue team scenarios**. 3. **Boot2Root / Puzzle-Based** – Participants must gain root access to a vulnerable machine or solve multi-step hacking challenges. ### **CTFs for Cyber Training** For cybersecurity professionals, CTFs provide an opportunity to: * **Practice offensive security** techniques like **privilege escalation, exploit development, and lateral movement**. * **Learn real-world tactics** used by adversaries in penetration tests. * **Improve technical agility** in areas like **reverse engineering malware, bypassing security controls, and social engineering**. * **Enhance teamwork** in scenarios that mimic **cybercriminals** and **advanced persistent threats (APT)**. CTFs are also widely used for **cybersecurity education**, **hiring assessments**, and **upskilling professionals**. Many competitions, such as **DEFCON CTF, Hack The Box, and PicoCTF**, provide an immersive experience to sharpen security expertise. Here is a list of some of the more popular platforms for hands-on CTF training: | **Site** | **Description** | **CTF Type** | | -------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------- | | [247CTF](https://247ctf.com/) | Provides unique challenge instances for each player, eliminating the need for VPNs or shared environments. Players can start, stop, and restart challenges at any time. | **Jeopardy-Style** | | [CTFtime](https://ctftime.org/) | A comprehensive archive of past and upcoming **Capture The Flag (CTF)** competitions, including team rankings, statistics, and event details. | **CTF Aggregator** (Tracks multiple formats) | | [OverTheWire Wargames](http://overthewire.org/wargames/) | Offers a variety of **security wargames** to help players learn and practice cybersecurity concepts in a structured, gamified environment. | **Puzzle-Based / Boot2Root** | | [OverTheWire Warzone](https://overthewire.org/warzone/) | A simulated **IPv4 Internet environment** where all connected devices are targets for hacking. Players can connect their own vulnerable systems for testing. | **Attack-Defense** | | [UnderTheWire](https://www.underthewire.tech/) | Focuses on **Windows PowerShell** training through interactive wargames, helping users develop scripting and automation skills. | **Jeopardy-Style** | | [Challenges.re](https://challenges.re/) | Created by Dennis Yurichev, this site focuses on **reverse engineering challenges**, complementing his book *Reverse Engineering for Beginners*. | **Jeopardy-Style (Reverse Engineering)** | | [ROP Emporium](https://ropemporium.com/) | Teaches **Return-Oriented Programming (ROP)** through structured challenges designed to improve exploit development skills. | **Puzzle-Based / Exploit Development** | | [PicoCTF](https://picoctf.com/) | A beginner-friendly **CTF competition** designed for students, featuring challenges in **reverse engineering, cryptography, and web security**. | **Jeopardy-Style** | | [CTF365](https://ctf365.com/) | A **cyber range** where users build and defend their own servers while attacking others, simulating real-world cybersecurity scenarios. | **Attack-Defense** | | [Hack The Box](https://www.hackthebox.eu/) | An **interactive penetration testing lab** with constantly updated challenges, including **real-world scenarios and CTF-style puzzles**. | **Boot2Root / Puzzle-Based** | | [VulnHub](https://www.vulnhub.com/) | Provides **vulnerable virtual machines** for hands-on security training, allowing users to practice penetration testing techniques. | **Boot2Root / Puzzle-Based** | | [Root Me](https://www.root-me.org/en/Challenges) | Offers a wide variety of **security challenges**, including **web exploitation, cryptanalysis, forensic analysis, and reverse engineering**. | **Jeopardy-Style** | | [Exploit Education](https://exploit.education/) | Formerly *Exploit Exercises*, this site provides **virtual machines and challenges** focused on **privilege escalation, exploit development, and debugging**. | **Boot2Root / Exploit Development** | | [Hack This](https://www.hackthis.co.uk/) | A platform for learning **hacking and network security**, featuring challenges that simulate real-world vulnerabilities. | **Jeopardy-Style** | | [W3Challs](https://w3challs.com/) | A **real-world hacking challenge** platform with no guessing or simulation, covering multiple offensive security topics. | **Jeopardy-Style** | | [Pwnable.kr](http://pwnable.kr/) | A **pwn-focused wargame** site offering challenges related to **binary exploitation, reverse engineering, and system hacking**. | **Boot2Root / Exploit Development** | | [Pwnable.tw](https://pwnable.tw/) | Similar to Pwnable.kr, this site provides **binary exploitation challenges** with a scoring system based on difficulty. | **Boot2Root / Exploit Development** | ## TryHackMe Study List TODO: expand this list with specific relevant rooms to study and practice: TryHackMe offers structured learning paths for CTF and red team preparation: | **Module** | **Description** | **Focus Area** | | --------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------- | ------------------------- | | [Pre Security](https://tryhackme.com/path/presecurity) | Foundational cybersecurity concepts, networking basics, and security principles. | **Fundamentals** | | [Introduction to Cybersecurity](https://tryhackme.com/room/introductorytocybersecurity) | Overview of security careers, defensive/offensive roles, and core concepts. | **Fundamentals** | | [Complete Beginner](https://tryhackme.com/path/beginner) | Covers Linux, hacking methodology, web exploitation, and basic CTF techniques. | **CTF Basics** | | [Web Fundamentals](https://tryhackme.com/path/webfundamentals) | HTTP protocol, web vulnerabilities, and exploitation techniques. | **Web Security** | | [Offensive Pentesting](https://tryhackme.com/path/pentesting) | Active Directory, privilege escalation, lateral movement, and red team tactics. | **Red Team / Pentesting** | | [Linux Privilege Escalation](https://tryhackme.com/room/linuxprivesc) | Methods for escalating privileges on Linux systems. | **Exploitation** | | [Windows Privilege Escalation](https://tryhackme.com/room/windowsprivesc) | Techniques for escalating privileges on Windows systems and Active Directory. | **Exploitation** | | [Reverse Engineering](https://tryhackme.com/path/reversing) | Binary analysis, assembly language, and malware analysis fundamentals. | **Reverse Engineering** | | [Cryptography](https://tryhackme.com/room/cryptofundamentals) | Encryption algorithms and cryptographic attacks relevant to CTFs. | **Cryptography** | ## Certifications for Offensive Security Professionals Certifications are also available from many vendors to validate penetration testing, ethical hacking, and exploit development skills. These certifications help professionals demonstrate their expertise in network security, red teaming, and vulnerability assessment, making them valuable challenges to pursue. These can often help "get you in the door" when applying for jobs. Below is a table comparing some of the popular offensive security certifications: | **Vendor** | **Certification** | **Description** | **Price** | **Pros** | **Cons** | | ---------------------------------------------------------------- | ------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------- | ----------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------- | | **Offensive Security** | **OSCP (Offensive Security Certified Professional)** | A **hands-on pentesting certification** requiring a **24-hour practical exam** and report writing. Focused on **real-world attack scenarios** using Kali Linux. | \~$1,599 | Highly respected, strong industry recognition, hands-on exam | Extremely challenging, steep learning curve, only "entry level" | | **Offensive Security** | **OSCE3 (Offensive Security Certified Expert)** | Advanced certification covering **exploit development, red teaming, and advanced pentesting techniques**. | \~$5,499 | Deep focus on **exploit development**, highly respected | Extremely difficult, requires OSCP-level expertise | | **Offensive Security** | **OSWE (Offensive Security Web Expert)** | Focuses on **white-box web application security**, requiring candidates to analyze source code and exploit vulnerabilities. The exam is **48 hours long**. | \~$1,499 | Highly specialized in **web app security**, strong industry recognition | Requires deep knowledge of **web application security and coding** | | **TCM Security** | **PNPT (Practical Network Penetration Tester)** | A **real-world pentesting exam** covering **Active Directory exploitation, lateral movement, and report writing**. | \~$399 | Affordable, realistic pentesting scenarios, includes reporting | Less recognized than OSCP, limited advanced exploitation | | **Pentester Academy** | **CRTP (Certified Red Team Professional)** | Specializes in **Active Directory attacks, privilege escalation, and lateral movement techniques**. | \~$249 | Strong Windows AD exploitation focus, affordable | Limited coverage of web and network pentesting | | **Hack The Box** | **CPTS (Certified Penetration Testing Specialist)** | A **hands-on pentesting certification** covering **network security, Active Directory exploitation, and web application attacks**. | \~$299 | Affordable, practical exam, good for beginners | Less recognized than OSCP, newer certification | | **GIAC (Global Information Assurance Certification)** | **GXPN (GIAC Exploit Researcher and Advanced Penetration Tester)** | Covers **exploit development, buffer overflows, and reverse engineering**. | \~$8,000 | Deep focus on **exploit development**, highly technical | Extremely expensive | | **eLearnSecurity (INE Security)** | **CPTS (Certified Penetration Testing Specialist)** | Covers **network security, web exploitation, and privilege escalation** with a **practical exam**. | \~$350 | Well-rounded pentesting coverage, hands-on exam | Less industry recognition compared to OSCP | | **eLearnSecurity (INE Security)** | **eJPT (eLearnSecurity Junior Penetration Tester)** | Entry-level pentesting certification covering **network security, web exploitation, and basic enumeration**. | \~$200 | Beginner-friendly, practical exam | Not recognized for senior pentesting roles | | **Mile2** | **CPTC (Certified Penetration Testing Consultant)** | Focuses on **enterprise-level pentesting**, including **report writing and compliance**. | \~$1,500 | Strong emphasis on **consulting and reporting**, good for senior roles | Less technical than OSCP, geared toward **business-oriented pentesting** | | **International Council of E-Commerce Consultants (EC-Council)** | **CEH (Certified Ethical Hacker)** | Covers **ethical hacking fundamentals**, tools, and methodologies via a **multiple-choice exam**. | \~$1,199 | Well-known globally, only for beginners | Not a practical exam, focuses more on theory than hands-on skills, terrible course material, not worth the price | ## Thanks If you like this content and would like to see more, please consider [buying me a coffee](https://www.buymeacoffee.com/zweilosec)! --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://zweilosec.gitbook.io/hackers-rest/hands-on-practice.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.