A few days ago, a friend asked me about Capture the Flag (CTF) competitions, as they’re often called. He had never participated in one and wanted to know more about how they’re run and what kind of tooling is used. I’m writing this on my blog to create a centralized place for all the questions he raised. I hope it can help newcomers as well!

Types of CTFs

I have worked in a few cybersecurity positions and have had the chance to try various CTFs. Some of them are very product-heavy. For example, Trend Micro likes to organise CTFs for their product users, such as administrators, security people, or other IT technicians. They can be easy or hard.

When I worked at Bestseller, we had a customer event at a Vejle hotel, where there were 6–7 teams of people. We finished second. For a beginner who had never participated before, it was thrilling. Last year, Trend Micro organised a December CTF and the level was completely different. You could feel the pace and people’s effort to solve the challenges faster against the clock.

Now, I mentioned the product — in Trend Micro’s case, it’s their XDR platform. You get access to the tenant and multiple puzzles. You start each challenge by looking for a specific pattern in the data. It can be flag{something} or thm{something}. However, with each challenge, flags get harder to find. Suddenly it’s base64 or double encoding.

So, that’s only one company organising CTF events. I’m sure every cybersecurity product vendor has a similar approach or something close. Now let’s talk about non-product-driven CTFs.

These types of CTFs are the ones where your creativity and savviness shine. They typically have a thematic plot — for example, a Christmas-styled story about Santa’s helpers who got into trouble, and you, as a true hero, are here to help them.

So you start with OSINT challenges as a warm-up, and suddenly you find yourself reverse-engineering malware, or listening to audio files to hear a secret message. Sometimes you find broken code that you have to fix to complete the challenge.

Each task is rewarded with points. For example, you get 100 points for the first challenge, and the level rises. Suddenly, you’re getting 350 points. Every challenge motivates you to continue — it’s very addictive that way. The gamification aspect is a well-thought-out part of these CTFs.

My article covers just a glimpse of what CTFs are. Product-driven events get you hands-on with a specific vendor stack under pressure, while open-themed CTFs are where your skills and creativity are properly tested across different disciplines. Both can be very competitive and warrant your full attention. In Part 2, I’ll talk about the software tools used — what to have, how to prepare, and where to practice between events.