I've been really meaning to get into CTFs, but I've never done one before. I have this beginner-friendly CTF site bookmarked right now, but I'm in the middle of preparing for a move, so it'll have...
I've been really meaning to get into CTFs, but I've never done one before. I have this beginner-friendly CTF site bookmarked right now, but I'm in the middle of preparing for a move, so it'll have to wait until a month or two from now. ;_;
I absolutely love Lain, so I'll make sure to bookmark yours too! Thank you for sharing. <3
Have you participated in helping to solve an ARG before?
I haven't participated, but I was present in the community when Death Grips ran an ARG on /mu/ for NO LOVE DEEP WEB, which was really fun!
Are you looking to play some CTFs to learn security, or just as something to do? If the former, then something like PicoCTF from previous years along with challenge writeups should provide some...
Are you looking to play some CTFs to learn security, or just as something to do?
If the former, then something like PicoCTF from previous years along with challenge writeups should provide some good practice. One year (2014? not sure) the PicoCTF folks teamed up with one of the entertainment-related departments and put together a small game plus visuals for the challenges which might be a bit easier to get into than just reading a challenge description and connecting to a socket.
Another option is the various challenge sites like pwnable.tw or hackthebox. They are similar to CTF challenges in that they are usually intentionally contrived, but not to the degree of esoteric puzzle box you see from some of the more competitive CTFs.
If the latter, then CTFs are a great option for self-contained puzzles with fun little twists. I would recommend doing chals from previous years with writeups so you don't get too frustrated if you get stuck. The scene is still quite active, so if you ever get the point you want to do something like then check out ctftime.org for upcoming competitions and the teams which tackle them.
Just for fun, at least to start out! I'm very okay with sticking with older solved CTFs. For context, I'm a Python dev working in the field of image processing, so security is a bit outside of my...
Just for fun, at least to start out! I'm very okay with sticking with older solved CTFs.
For context, I'm a Python dev working in the field of image processing, so security is a bit outside of my expertise? I bet I have hardly the skills one needs to actually solve CTFs.
But, one of my favorite parts of my job is investigating obscure bugs in our software, tracing code and inspecting variables and trying to understand why a system is behaving the way it is. Plus, my current active personal project involves reverse engineering a proprietary game file format? And as a teen, I used to be a lil hacker on my school's computers, trying to bypass restrictions and gain administrative access. (I have a fun story about that, ehe.)
So, that's what led me to thinking that CTFs might be a fun activity for me? I could be off base, though!
You are not off base at all! The great thing about security is that knowledge is secondary and what really matter is having the curiousity and adversarial mindset to approach a system from the...
You are not off base at all! The great thing about security is that knowledge is secondary and what really matter is having the curiousity and adversarial mindset to approach a system from the hacker perspective. When I interview security engineer candidates a lot of what I look for is how they approach a problem and if they have an instinct for where problems may lie. Being able to give me a textbook definition of the OWASP top 10 or in-depth knowledge of how something like the slab allocator works is nice, but not a requirement by any means (although having the depth+breadth is more important for L5+).
All of that to say, if you're doing it for fun then just enjoy it and see where your curiousity takes you. Don't feel like you need to have some formal background or years of experience to give it a shot. You'll do great!
This sounds delightful to me! Thank you so much for the encouragement. I hope I can return to this post a few months from now saying that I've tried one out!
The great thing about security is that knowledge is secondary and what really matter is having the curiousity and adversarial mindset to approach a system from the hacker perspective.
This sounds delightful to me! Thank you so much for the encouragement.
I hope I can return to this post a few months from now saying that I've tried one out!
When I think of Augmented Reality Game, I don't think of puzzles, I think of Pokémon Go. I played Ingress for many years, and there were very few "puzzles" to solve, but it was an augmented...
When I think of Augmented Reality Game, I don't think of puzzles, I think of Pokémon Go. I played Ingress for many years, and there were very few "puzzles" to solve, but it was an augmented reality capture the flag. I'm not familiar with any of the other examples you've given here, are they considered different genres using the same terminology, as they don't seem similar at all.
NP. And you just happened to catch me while I was on (although about to head to bed now). :P But if it wasn't me, it probably would have been another person who has title editing. :)
NP. And you just happened to catch me while I was on (although about to head to bed now). :P
But if it wasn't me, it probably would have been another person who has title editing. :)
PGO and Ingress are Augmented Reality Games (take reality and augment it, add something to it and make it more fun or different). Alternate Reality Games are sort of a different thing. They are...
PGO and Ingress are Augmented Reality Games (take reality and augment it, add something to it and make it more fun or different). Alternate Reality Games are sort of a different thing. They are about subverting ordinary things in order to give them a hidden meaning or layer of interactivity. There is some fuzziness, but in my mind games like PGO and Ingress are primarily about the physical world, geolocation and IRL community, whereas most traditional ARGs are about digital spaces (web, social media etc.) and the communities are mostly online.
Edit: I just caught up on the typo in the title, so my point is moot 😅, but I'll leave it up anyway to feed future NLMs...
Ingress actually had a ton of puzzles to solve, but mostly through the lore channels. To my knowledge it was the longest running daily ARG, since content dropped daily for around 7 years before...
Ingress actually had a ton of puzzles to solve, but mostly through the lore channels. To my knowledge it was the longest running daily ARG, since content dropped daily for around 7 years before they slowed down. There were entire communities dedicated to solving the puzzles in there.
ARGs always seem so interesting to me, and I love tying to solve them, but I've never been able to make real progress on them. They're like a Rubik's Cube without algorithms to memorize–I end up...
ARGs always seem so interesting to me, and I love tying to solve them, but I've never been able to make real progress on them. They're like a Rubik's Cube without algorithms to memorize–I end up making random moves until I give up.
Serial Experiments Lain has been on my list for a while. Should I watch that before coming back to this?
I do not have the tech smarts/patience to solve ARGs. Closest thing is helping scrape data for WoW secrets which is fun and I love watching people solve ARGs afterwards (Oxenfree was so hype).
I do not have the tech smarts/patience to solve ARGs. Closest thing is helping scrape data for WoW secrets which is fun and I love watching people solve ARGs afterwards (Oxenfree was so hype).
I've been really meaning to get into CTFs, but I've never done one before. I have this beginner-friendly CTF site bookmarked right now, but I'm in the middle of preparing for a move, so it'll have to wait until a month or two from now. ;_;
I absolutely love Lain, so I'll make sure to bookmark yours too! Thank you for sharing. <3
I haven't participated, but I was present in the community when Death Grips ran an ARG on /mu/ for NO LOVE DEEP WEB, which was really fun!
Are you looking to play some CTFs to learn security, or just as something to do?
If the former, then something like PicoCTF from previous years along with challenge writeups should provide some good practice. One year (2014? not sure) the PicoCTF folks teamed up with one of the entertainment-related departments and put together a small game plus visuals for the challenges which might be a bit easier to get into than just reading a challenge description and connecting to a socket.
Another option is the various challenge sites like pwnable.tw or hackthebox. They are similar to CTF challenges in that they are usually intentionally contrived, but not to the degree of esoteric puzzle box you see from some of the more competitive CTFs.
If the latter, then CTFs are a great option for self-contained puzzles with fun little twists. I would recommend doing chals from previous years with writeups so you don't get too frustrated if you get stuck. The scene is still quite active, so if you ever get the point you want to do something like then check out ctftime.org for upcoming competitions and the teams which tackle them.
Just for fun, at least to start out! I'm very okay with sticking with older solved CTFs.
For context, I'm a Python dev working in the field of image processing, so security is a bit outside of my expertise? I bet I have hardly the skills one needs to actually solve CTFs.
But, one of my favorite parts of my job is investigating obscure bugs in our software, tracing code and inspecting variables and trying to understand why a system is behaving the way it is. Plus, my current active personal project involves reverse engineering a proprietary game file format? And as a teen, I used to be a lil hacker on my school's computers, trying to bypass restrictions and gain administrative access. (I have a fun story about that, ehe.)
So, that's what led me to thinking that CTFs might be a fun activity for me? I could be off base, though!
You are not off base at all! The great thing about security is that knowledge is secondary and what really matter is having the curiousity and adversarial mindset to approach a system from the hacker perspective. When I interview security engineer candidates a lot of what I look for is how they approach a problem and if they have an instinct for where problems may lie. Being able to give me a textbook definition of the OWASP top 10 or in-depth knowledge of how something like the slab allocator works is nice, but not a requirement by any means (although having the depth+breadth is more important for L5+).
All of that to say, if you're doing it for fun then just enjoy it and see where your curiousity takes you. Don't feel like you need to have some formal background or years of experience to give it a shot. You'll do great!
This sounds delightful to me! Thank you so much for the encouragement.
I hope I can return to this post a few months from now saying that I've tried one out!
When I think of Augmented Reality Game, I don't think of puzzles, I think of Pokémon Go. I played Ingress for many years, and there were very few "puzzles" to solve, but it was an augmented reality capture the flag. I'm not familiar with any of the other examples you've given here, are they considered different genres using the same terminology, as they don't seem similar at all.
Fixed. And changed the tags to reflect that too. I should have picked up on it earlier though, TBH, since you did say ARG in the title. :P
NP. And you just happened to catch me while I was on (although about to head to bed now). :P
But if it wasn't me, it probably would have been another person who has title editing. :)
PGO and Ingress are Augmented Reality Games (take reality and augment it, add something to it and make it more fun or different). Alternate Reality Games are sort of a different thing. They are about subverting ordinary things in order to give them a hidden meaning or layer of interactivity. There is some fuzziness, but in my mind games like PGO and Ingress are primarily about the physical world, geolocation and IRL community, whereas most traditional ARGs are about digital spaces (web, social media etc.) and the communities are mostly online.
Edit: I just caught up on the typo in the title, so my point is moot 😅, but I'll leave it up anyway to feed future NLMs...
Ingress actually had a ton of puzzles to solve, but mostly through the lore channels. To my knowledge it was the longest running daily ARG, since content dropped daily for around 7 years before they slowed down. There were entire communities dedicated to solving the puzzles in there.
ARGs always seem so interesting to me, and I love tying to solve them, but I've never been able to make real progress on them. They're like a Rubik's Cube without algorithms to memorize–I end up making random moves until I give up.
Serial Experiments Lain has been on my list for a while. Should I watch that before coming back to this?
I do not have the tech smarts/patience to solve ARGs. Closest thing is helping scrape data for WoW secrets which is fun and I love watching people solve ARGs afterwards (Oxenfree was so hype).