Categories

Common CTF categories

This category focuses on finding and exploiting security flaws in websites and web applications. It covers vulnerabilities like injection attacks, broken authentication, misconfigurations, and logic flaws. This could include Cross Site Scripting, SQL Injection, etc.

Cryptography revolves around breaking or analyzing encrypted data or cryptographic algorithms. This usually involves weak ciphers, bad key management, poorly implemented algorithms, and recognizing patterns. This is usually a very math-heavy category. Challenge from this category could include RSA, hashing, AES, etc.

Forensics is about uncovering hidden or lost information from files, system and network captures. This is usually analyzing network traffic, suspicious files or recovering deleted files. This category usually challenges ones understanding of files, file system structures and network protocols. Challenge from this category can usually include analyzing a disk image, memory image or captured network traffic.

OSINT relies on publicly available information to find some wanted information. This can usually either be looking for a specific person through social medias or a specific place like GeoGuesser. These challenges often include finding the location of an image or finding a person on social media.

Reverse Engineering involves decompiling and analyzing programs to understand how they work and usually "reverse" the logic. This can often be through a specific encryption implementation or password checker. This category builds a good understanding of how programs interact with memory and how to read decompiled pseudo-code.

Pwn focuses on exploiting vulnerabilities in compiled binaries. This usually relies on some reversing ground work to understand the binary. The goal is usually to execute arbitrary code or somehow make the program behave unexpected. This typically includes buffer overflow, format strings or manipulating memory. This category also builds a strong foundation for understanding memory and OS interactions.

"Misc" is a category where challenges that do not fully fit in other categories usually go. This can be a huge variety of things that sometimes lean to the more "guessy" side. This could be reconstructing a corrupted image, creative encodings or automating jigsaw puzzles. The common factor is that they usually require more creative and out-of-the-box thinking to solve.

Hardware is a somewhat rare category, but builds on the more physical side of hacking, involving electronic devices, embedded systems, radio frequencies or firmware. This usually tests skills in extracting data from chips and signals, analyzing electronic circuits and understand different communication protocols. This category might also include actual physical devices for some on-site CTFs.