Preparing
The format
Capture the flag, or simply CTF, is a competition where the participants work with computer systems (for example, a fictional bank’s app) and extract the insufficiently protected valuable information, which is called a flag.
There’s plenty of time to study each challenge, but you always end up in a hurry anyway. The team that submits the most flags wins.
It’s a unique vibe. It’s a marathon that you can run with friends. It’s the competition where being smart and savvy makes you win.
The challenges
Flags can be literally everywhere: on a website protected by a password, in a secret file, in an encrypted archive, in a phone answering machine or even in a satellite signal.
Each challenge belongs to a category. The category suggests which kind of vulnerability should be exploited, and where to look for the flag.
You don’t need to be an omnipotent expert: in the qualification stage, you can team up with friends, and each of you may specialize on areas of your own interest.
Avoid rote learning: you can use any software and search the Internet (however, it is forbidden to seek help from anyone outside your team).
Choose what you like the most and start preparing!
The categories
Web technologies
Web-specific vulnerabilities of the pages, web servers and databases.
Skills and knowledge
- Knowing the difference of frontend vs backend
- HTTP: cookies, headers, forms, request types
- JavaScript
- SQL
How to prepare
Cryptography
A thousand-year-old science of encrypting data so that it can’t be read by anyone.
Skills and knowledge
- Basics of number theory and discrete math
- Making sense of moderately easy math
- …and specifications of crypto algorithms
How to prepare
Forensics
Looking for evidence in memory, disk images and dumps of network traffic.
Skills and knowledge
- File formats
- Memory structures
- File systems
- Network protocols
- Knowing how to conduct investigations
How to prepare
Steganography
The art of covert information transmission over non-covert channels. Invisible ink.
Skills and knowledge
- Files, formats, encodings
- Data analysis
- Finding patterns in data
- Solving unusual challenges
How to prepare
- You’re prepared
OSINT
Open-source intelligence. Identification by an IP address and view from the window.
Skills and knowledge
- Searching the Internet (like a pro)
- General knowledge (knowing where to look)
- Being smart
How to prepare
Pwn (binary exploitation)
Exploiting vulnerabilities in the code. Make the program obey you and not its creator.
Skills and knowledge
- Programming
- Reverse engineering
- Computer architecture
How to prepare
Reverse engineering
Researching binary code. Programs at your computer are not black boxes.
Skills and knowledge
- Programming experience
- Knowing how to read and debug code
- Being patient and attentive
- Fearlessness
How to prepare
Demo
Try solving some simple challenges right here, on this page.
Using a computer for solving and searching the Internet is probably more convenient than using a phone.
Flags (the strings that you need to find and submit) start with ugra_.
Pressure
PPC / Programming
Solving this challenge is very easy:
The darker times
Steganography
We’ve got this picture for you.
No further words
Cryptography
Well, this is how it goes.
75 67 72 61 5f 77 6f 77 5f 79 6f 75 5f 73 70 65 61 6b 5f 68 61 63 6b 65 72 69 73 68
By the way: the course!
We have a course that’s recommended both for those who solved the challenges above and for those who struggled too much with them.
The course is in Russian, so it’s probably of limited use if you don’t speak it, but the machine translation is becoming better and better, so you’re still very much encouraged to have a look.
→
Challenges of past years
| 2023 | 2022 | 2021 | 2020 | 2019 |
|---|---|---|---|---|
| Quals | Quals | Quals | Quals | Quals |
| School Finals | School Finals | School Finals | A—D | Finals |
CTF challenges, as you already understand, aren’t similar to those from usual problem-solving competitions. Our challenges from the past competitions will help you to build intuition and understand what’s it all about.
Linked are GitHub repositories with source code of the challenges, their descriptions and detailed write-ups (in Russian).