How to Participate in a CTF

Summary:

In this episode of Exploring Information Security, host Timothy De Block sits down with James Pope, Vince Stoffer, and Blake Cahen from Corelight to discuss Capture The Flag (CTF) competitions and how they can be an invaluable learning tool for security professionals. Whether you're new to CTFs or a seasoned competitor, this episode covers everything from getting started to advanced strategies. The conversation dives into network-based CTFs, the skills required, and how Corelight’s own CTF events offer hands-on experience in network forensics.

Topics Discussed:

  • What is a CTF? Understanding how security CTF competitions work and what skills they test.

  • Getting Started with CTFs: Tips for beginners, from choosing the right event to practicing with the right tools.

  • Network Forensics and Security Analysis: How network-based CTFs differ from other styles and what data sources are most valuable.

  • Common Pitfalls and Mistakes: Strategies to avoid overthinking problems and making costly errors during competitions.

  • AI and the Evolution of CTFs: How AI is impacting CTF challenges and whether it’s changing how competitions are designed.

Guest Info:

  • James Pope – Director of Technical Marketing & Enablement at Corelight and experienced CTF organizer.

  • Vince Stoffer – Field CTO at Corelight, with a background in network security and incident response.

  • Blake Cahen – Security expert with experience in offensive cyber operations and threat hunting.

Links and Resources:

Support the Podcast:

Enjoyed this episode? Leave us a review and share it with your network! Subscribe for more insightful discussions on information security and privacy.

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn][YouTube]

How to Participate in a CTF
Corelight


[RERELEASE] What is the SANS Holiday Hack Challenge

In this holiday edition of the Exploring Information Security podcast, Ed Skoudis joins me to discuss the SANS Holiday Hack Challenge.

Around this time each year the SANS Holiday Hack Challenge releases under the direction of Ed (@edskoudis) and instructor with the SANS institute. This year Santa has been kidnapped and it’s up to use to figure out who did it and save Christmas. The challenge is for new people in infosec, and for those who have been in the industry for many years. As Ed notes in the episode it is even for children. The challenge itself has been around for years and several past years are still available for people to go through.

In this episode we discuss:

  • What is the SANS Holiday Hack Challenge

  • How it got started

  • What preparation goes into making the challenge each year

  • Who can participate

What is the SANS Holiday Hack Challenge
With Ed Skoudis
Download

What is the SANS Holiday Hack Challenge

In this holiday edition of the Exploring Information Security podcast, Ed Skoudis joins me to discuss the SANS Holiday Hack Challenge.

Around this time each year the SANS Holiday Hack Challenge releases under the direction of Ed (@edskoudis) and instructor with the SANS institute. This year Santa has been kidnapped and it’s up to use to figure out who did it and save Christmas. The challenge is for new people in infosec, and for those who have been in the industry for many years. As Ed notes in the episode it is even for children. The challenge itself has been around for years and several past years are still available for people to go through.

In this episode we discuss:

  • What is the SANS Holiday Hack Challenge
  • How it got started
  • What preparation goes into making the challenge each year
  • Who can participate
What is the SANS Holiday Hack Challenge
With Ed Skoudis
Download

What is red vs. blue? - Part 2

In this competitive episode of the Exploring Information Security podcast, I discuss red team vs. blue team with Mubix AKA Rob Fuller.

Rob (@Mubix), recently had a post titled "Friendly Fire." In the post he talks about the red vs. blue dynamic and some of the pitfalls of that attitude. I knew of the red vs. blue dyanmic, but I never thought it would be hurting the security industry. I decided to have Mubix on to discuss the topic a little bit more. 

In this episode we discuss:

  • Maximizing the pentest window
  • CTFs and how they contribute to the problem

More Resources

What is red vs. blue? - Part 2
With Mubix

What is Red vs. Blue - Part 1

In this competitive episode of the Exploring Information Security podcast, I discuss red team vs. blue team with Mubix AKA Rob Fuller.

Rob (@Mubix), recently had a post titled "Friendly Fire." In the post he talks about the red vs. blue dynamic and some of the pitfalls of that attitude. I knew of the red vs. blue dyanmic, but I never thought it would be hurting the security industry. I decided to have Mubix on to discuss the topic a little bit more. 

In this episode we discuss:

  • Define red team vs. blue team
  • Working together

More Resources

What is Red vs. Blue? - Part 1
With Mubix

How to play a CTF

In this thrilling edition of the Exploring Information Security Podcast, I talk with David Coursey about how to play capture the flag (infosec-style).

David (@dacoursey) is one of the organizers of the Charleston ISSA chapter. At DerbyCon 2014 he experienced his first CTF. He had such a good time that he decided to put together the CTF for BSides Charleston two months later. Through those experiences he has learned a lot and has participated in many more CTFs this past year.

In this episode we discuss:

  • What is a CTF event?
  • What is needed to get starter?
  • How to play a CTF?
  • How to win a CTF?
  • What makes for an excellent CTF
How to play capture the flag (CTF)
With David Coursey