| description |
|---|
Sites and resources for gaining the most important experience: hands-on practical application. |
In cybersecurity, a Capture The Flag (CTF) is a hands-on competition designed to simulate real-world hacking scenarios. Participant, who are often security professionals, ethical hackers, students, or red teams, attempt to solve technical challenges that test their offensive and/or defensive skills.
CTFs can vary in format but typically fall into three main categories:
- Jeopardy-Style – Players solve challenges in categories like cryptography, reverse engineering, web exploitation, and forensics to earn points.
- Attack-Defense – Teams defend their own systems while attacking others, simulating real-world red vs. blue team scenarios.
- Boot2Root / Puzzle-Based – Participants must gain root access to a vulnerable machine or solve multi-step hacking challenges.
For cybersecurity professionals, CTFs provide an opportunity to:
- Practice offensive security techniques like privilege escalation, exploit development, and lateral movement.
- Learn real-world tactics used by adversaries in penetration tests.
- Improve technical agility in areas like reverse engineering malware, bypassing security controls, and social engineering.
- Enhance teamwork in scenarios that mimic cybercriminals and advanced persistent threats (APT).
CTFs are also widely used for cybersecurity education, hiring assessments, and upskilling professionals. Many competitions, such as DEFCON CTF, Hack The Box, and PicoCTF, provide an immersive experience to sharpen security expertise.
Here is a list of some of the more popular platforms for hands-on CTF training:
| Site | Description | CTF Type |
|---|---|---|
| 247CTF | Provides unique challenge instances for each player, eliminating the need for VPNs or shared environments. Players can start, stop, and restart challenges at any time. | Jeopardy-Style |
| CTFtime | A comprehensive archive of past and upcoming Capture The Flag (CTF) competitions, including team rankings, statistics, and event details. | CTF Aggregator (Tracks multiple formats) |
| OverTheWire Wargames | Offers a variety of security wargames to help players learn and practice cybersecurity concepts in a structured, gamified environment. | Puzzle-Based / Boot2Root |
| OverTheWire Warzone | A simulated IPv4 Internet environment where all connected devices are targets for hacking. Players can connect their own vulnerable systems for testing. | Attack-Defense |
| UnderTheWire | Focuses on Windows PowerShell training through interactive wargames, helping users develop scripting and automation skills. | Jeopardy-Style |
| Challenges.re | Created by Dennis Yurichev, this site focuses on reverse engineering challenges, complementing his book Reverse Engineering for Beginners. | Jeopardy-Style (Reverse Engineering) |
| ROP Emporium | Teaches Return-Oriented Programming (ROP) through structured challenges designed to improve exploit development skills. | Puzzle-Based / Exploit Development |
| PicoCTF | A beginner-friendly CTF competition designed for students, featuring challenges in reverse engineering, cryptography, and web security. | Jeopardy-Style |
| CTF365 | A cyber range where users build and defend their own servers while attacking others, simulating real-world cybersecurity scenarios. | Attack-Defense |
| Hack The Box | An interactive penetration testing lab with constantly updated challenges, including real-world scenarios and CTF-style puzzles. | Boot2Root / Puzzle-Based |
| VulnHub | Provides vulnerable virtual machines for hands-on security training, allowing users to practice penetration testing techniques. | Boot2Root / Puzzle-Based |
| Root Me | Offers a wide variety of security challenges, including web exploitation, cryptanalysis, forensic analysis, and reverse engineering. | Jeopardy-Style |
| Exploit Education | Formerly Exploit Exercises, this site provides virtual machines and challenges focused on privilege escalation, exploit development, and debugging. | Boot2Root / Exploit Development |
| Hack This | A platform for learning hacking and network security, featuring challenges that simulate real-world vulnerabilities. | Jeopardy-Style |
| W3Challs | A real-world hacking challenge platform with no guessing or simulation, covering multiple offensive security topics. | Jeopardy-Style |
| Pwnable.kr | A pwn-focused wargame site offering challenges related to binary exploitation, reverse engineering, and system hacking. | Boot2Root / Exploit Development |
| Pwnable.tw | Similar to Pwnable.kr, this site provides binary exploitation challenges with a scoring system based on difficulty. | Boot2Root / Exploit Development |
Certifications are also available from many vendors to validate penetration testing, ethical hacking, and exploit development skills. These certifications help professionals demonstrate their expertise in network security, red teaming, and vulnerability assessment, making them valuable challenges to pursue. These can often help "get you in the door" when applying for jobs.
Below is a table comparing some of the popular offensive security certifications:
| Vendor | Certification | Description | Price | Pros | Cons |
|---|---|---|---|---|---|
| Offensive Security | OSCP (Offensive Security Certified Professional) | A hands-on pentesting certification requiring a 24-hour practical exam and report writing. Focused on real-world attack scenarios using Kali Linux. | ~$1,599 | Highly respected, strong industry recognition, hands-on exam | Extremely challenging, steep learning curve, only "entry level" |
| Offensive Security | OSCE3 (Offensive Security Certified Expert) | Advanced certification covering exploit development, red teaming, and advanced pentesting techniques. | ~$5,499 | Deep focus on exploit development, highly respected | Extremely difficult, requires OSCP-level expertise |
| Offensive Security | OSWE (Offensive Security Web Expert) | Focuses on white-box web application security, requiring candidates to analyze source code and exploit vulnerabilities. The exam is 48 hours long. | ~$1,499 | Highly specialized in web app security, strong industry recognition | Requires deep knowledge of web application security and coding |
| TCM Security | PNPT (Practical Network Penetration Tester) | A real-world pentesting exam covering Active Directory exploitation, lateral movement, and report writing. | ~$399 | Affordable, realistic pentesting scenarios, includes reporting | Less recognized than OSCP, limited advanced exploitation |
| Pentester Academy | CRTP (Certified Red Team Professional) | Specializes in Active Directory attacks, privilege escalation, and lateral movement techniques. | ~$249 | Strong Windows AD exploitation focus, affordable | Limited coverage of web and network pentesting |
| Hack The Box | CPTS (Certified Penetration Testing Specialist) | A hands-on pentesting certification covering network security, Active Directory exploitation, and web application attacks. | ~$299 | Affordable, practical exam, good for beginners | Less recognized than OSCP, newer certification |
| GIAC (Global Information Assurance Certification) | GXPN (GIAC Exploit Researcher and Advanced Penetration Tester) | Covers exploit development, buffer overflows, and reverse engineering. | ~$8,000 | Deep focus on exploit development, highly technical | Extremely expensive |
| eLearnSecurity (INE Security) | CPTS (Certified Penetration Testing Specialist) | Covers network security, web exploitation, and privilege escalation with a practical exam. | ~$350 | Well-rounded pentesting coverage, hands-on exam | Less industry recognition compared to OSCP |
| eLearnSecurity (INE Security) | eJPT (eLearnSecurity Junior Penetration Tester) | Entry-level pentesting certification covering network security, web exploitation, and basic enumeration. | ~$200 | Beginner-friendly, practical exam | Not recognized for senior pentesting roles |
| Mile2 | CPTC (Certified Penetration Testing Consultant) | Focuses on enterprise-level pentesting, including report writing and compliance. | ~$1,500 | Strong emphasis on consulting and reporting, good for senior roles | Less technical than OSCP, geared toward business-oriented pentesting |
| International Council of E-Commerce Consultants (EC-Council) | CEH (Certified Ethical Hacker) | Covers ethical hacking fundamentals, tools, and methodologies via a multiple-choice exam. | ~$1,199 | Well-known globally, only for beginners | Not a practical exam, focuses more on theory than hands-on skills, terrible course material, not worth the price |
If you like this content and would like to see more, please consider buying me a coffee!