Capture

The
Flag
CTF
101
 TABLE OF CONTENTS
What is
1 CTF 2 Web
Forensic Cryptog
3 s
Binary 4 raphy
Reverse
exploitati Engineerin
5 on 6 g
0 What
is CTF
1
Capture the flag is a cyber security
competition where teams compete
against each others to score the highest
points by finding flags which are text
strings secretly hidden in purposefully
vulnerable software or websites.
EX:OMC{Fl4g_2025}
Some photos from CTF
challenges

DEF CON 17 ICSD-2022

 Type Of CTF
This is the most common catygories in
Web
CTF Chellenges
exploita
tion Forensic
s
Cryptog Binary
raphy exploitati
Reverse
Engineerin on
g
Before this Say Hi
to our CTF Expert

The winners of the

competition Csaw
 W
0
1
eb
Defenition :
Exploiting website vulnerabilities to
gain unauthorized access or
control by analyzing sensitive
information, authentication flaws,
and vulnerabilities like XSS or SQL
injection.
Sensitive Information Discovery:
Searching for exposed credentials,
hidden comments, or unprotected
directories.
Authentication Flaws:
Exploiting weak or misconfigured
authentication mechanisms.
Example: Bypassing login via common
passwords or stolen session cookies.
Vulnerability Analysis:
Testing for flaws such as Cross-Site
Scripting (XSS), SQL Injection, or logical
errors
 0
2
Fore
nsic
s
Definition :
Recovering and analyzing digital
footprints from static data files or
storage devices to uncover hidden
information.
 Decoding Techniques:

Converting formats like Base64 or

hexadecimal to reveal concealed
data.

Example: Decoding a Base64

string back into plaintext to recover
a password.
 File Identification:

File Identification: Detecting file types

by analyzing header data, known as
magic numbers.
Example: Recognizing a PNG file by its
header signature (89 50 4E 47).
 Data Concealment Detection:

Finding hidden information

embedded in media files like
images or audio.

Example: Using tools to extract

hidden messages from an image
file.
 Cryptog
0
3
raphy
Definition:

Securing communication by
transforming data into unreadable
formats using mathematical
algorithms.
 Encryption Algorithms:

Methods like Caesar, Vigenère, and XOR

for transforming data.

Example: Decoding a Caesar cipher by

shifting letters 3 positions.
Hash Functions:

Creating unique, fixed-size values from

input data, useful for verification and
integrity checks.
Example: Detecting hash collisions with
MD5 or using SHA-256 for stronger
security.
Advanced Encryption:

Sophisticated encryption techniques like

RSA (asymmetric) and AES (symmetric).

Example: Decrypting an RSA-encrypted

message with a private key.
 0
4
Revers
e
Engine
Definition

Breaking down software or systems to

understand their design, logic, or inner
workings.
Assembly Code Analysis

Studying machine-level code to

understand a program's behavior.
Example: Finding hardcoded passwords
by analyzing assembly code.
Code Conversion:

Converting executable files into

human-readable pseudocode.
Example: Using Ghidra to analyze a
binary and retrieve its source logic.
 Bina
0
5
ry
Definition:

Manipulating flaws in
compiled programs to
alter behavior or control
execution.
 Memory Overflows:

Overwriting memory by sending more data

than allocated, often used for arbitrary code
execution.
Example: Exploiting a program with
insufficient input validation that allows 33
bytes of input into a 32-byte buffer.
Format String Exploitation:

Misusing user-controlled format

strings to leak or modify
memory.
Example: Using %x in a
vulnerable program to print
memory addresses.
 Off-by-One Errors:

Exploiting improper bounds

checking that allows a one-byte
overwrite.
Example: Writing data beyond
allocated memory due to an off-by-
one error.
Thank you
all.