Security, Privacy, Technical

A Quick CTF Methodology

DISCLAIMER: ONLY use this methodology on boxes that you have permission to hack. It is VERY noisy and any blue team worth their salt will easily detect this and take action — If not already automated. I can not stress this enough. This is for CTF purposes only. Keep it legal and responsible!

An Introduction and History

When I first started in the more applied info-sec world, I discovered that there was a severe lack of information and training resources for the beginner. I came face-to-face with the opposing opinions of “just start poking around… but don’t get caught”, and “only hack what you have permission to hack”. Obviously I’m in the ethical camp, but I found that those same people who would say to be ethical would provide no help at all in gaining the skills to do so. And for a long time I simply took courses that were related to security, and scavenged the internet for the rare (at those times) write-ups (weren’t called that — more “stories”), news, or played around on my own machine.

Continue reading