What do you think of my 12-week plan for becoming a CTF candidate?

Stellarian05ByStellarian05

So, let me clarify before the haters come around again. My goal is to become reasonably good at hacking. The CTF event at the end is just a kind of goal or pretext/motivation. I also doubt I'll participate in a real event. I want to focus on networking and the web. I created it using ChatGPT. This is just a brief overview. I also have a seven-page printout of it with everything planned out.

And by the way, I already have a bit of experience with network stuff and know a few programming languages.

LG

1 vote, average: 1.00 out of 1 (1 rating, 1 votes, rated)
You need to be a registered member to rate this.
Loading...
Subscribe
Notify of
2 Answers
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
DummeStudentin
DummeStudentin
2 months ago
  • You don't need Kali Linux, nmap or Metasploit for CTFs. These are tools for pentesters and scriptkiddies, but they won't help you with a CTF. "Normal" Linux distributions like Arch or Fedora are completely sufficient. From the package sources you can install everything you need. Port scanning or the like, in some CTFs, is even against the rules, because it unnecessarily burdens the infrastructure, and would only lead to a rate limited. It is not necessary, however. The ports used are generally announced.
  • Python is sensitive, but forgets port scanner (see above) and code optimization. That's not a lee code. Exploit code is not very complex, and if your exploit works, no one is interested in the code anymore. This is not a software project that has to be maintained for years. In your place, I would look at the pwntools library, which is very useful for CTFs.
  • Theme Web sounds so good, and I don't know all these services. I would rather focus on exploit techniques (eg SQLi, XSS, SSTI) instead of certain services.
  • Burp Suite is okay, but I would recommend OWASP ZAP. Meets the same purpose, but is open source and you don't have to pay or pay you about a limited free version.
  • If you are interested in rev or pwn challenges, Ghidra or the like is not optional.

Overall, I find your plan solid, but this is definitely nothing for 12 weeks. To get good in CTFs you need years (I'm still bad, lol). Take time for the basics and try to solve simple challenges. If you start to get bored, increase the difficulty.

It's not a sprint, it's a marathon!

1
ntechde
ntechde
2 months ago

Sporty!

0