Taylor Breland

Cyber Security Analyst.

2 minute read

So you want to learn how to hack and cause mischeif on the internet? Well, this guide is definitely not for you. I wanted to break down the steps of what knowledge is required to complete capture the flag and pentesting challenges.

Capture The Flag?

This isn’t the capture the flag you’re used to from elementary school. I miss those days :(

Instead we’re talking about a challenge that is all about hacking your way through a machine to find a flag. This flag is usually a text file with either a hint on how to get the next flag or it could be some sort of value you have to submit proving that you found the flag. This is great way for people to test out their hacking skills amongst various different systems (windows, linux, etc.), and some of them are actually pretty fun. Most, if not all of the time, these challenges will require you to gain root access in order to access the last flag. You can think of gaining “root access” as having the highest privileges on that machine to do literally anything you want.

Pentesting?

Pentesting on the other hand is the actual profressional application of hacking in a real life controlled scenario that is meant to test network and system security. You can think of this like an audit, but for your existing cyber security posture.

Penetration Testers (Pentesters for short), are tasked with finding as many security loopholes as possible in a network and on systems within the network. This job is legitimate professional hacking, or ethical hacking. The benefits of these pentests for companies is that they are able to see how a malicious hacker could potentially infiltrate their network. This kind of knowledge is very valuable for security teams, and it shows how they can improve their security posture.

Remember, pentests are real life scenarios within an environment. There are no flags to capture, hints or walkthroughs. However, capture the flag challenges serve as great practice environments for pentesters to keep their skills sharp.

What do I need to know?

Here are the areas of technical knowledge you’ll need to know in order to be a successful pentester:

  • Network Security
  • Web Application Security
  • Mobile App Security
  • Coding skills
  • Moderate to advanced linux skills

Each of these disciplines could have their own semesters in a college course. We don’t have that kind of time on this website, but I definitely encourage you to look up each of these topics and explore around. This guide should get you at least heading in that direction, and you’ll see these different disciplines appear at different points.

Now let’s set up your environment…

You May Also Enjoy

Happy New Years!

less than 1 minute read

Happy New Years everybody! Here’s to hoping that your year is filled with joy, excitement and fulfillment of your goals. I have a feeling that the cyber sec...

Exploiting Log4shell

5 minute read

This article is intended to show the Log4shell exploit in action. If you’re unfamiliar with what Log4shell is, please read this article. Essentially, we’re g...

Log4shell Vulnerability

5 minute read

WHEW, it certainly has been one hell of a year for cyber security, and it’s only getting more intense. You may have heard of the recent vulnerability dubbed ...

Finding Passwords with Wireshark

8 minute read

So we’ve already seen how we can collect credentials through using SET (Social Engineering Toolkit). Now let’s see how we can get credentials using a network...