For the past week or so I have been participating in CTFs. I was trying to find a technical avenue to learn more security focused things and "games" to spend my time on. I have always wanted to learn more about penetration testing and the offensive side of things. With that said, I have also never pushed myself to do it. I wanted 2018 to be different. So I have been making efforts where possible to focus and study things that I am interested in. I definitely have a ton of room to grow, but I am so happy with the results that I have gotten so far. Of the CTFs that I have done, I have "owned" 7 user accounts and 6 systems. Systems being full root access.
One thing that I have noticed is that all of the boxes that I have gotten access to are linux boxes. My familiarity with Windows is still too small for me to feel comfortable working with them. This upcoming weekend I am going to try focusing solely on Windows boxes. Linux comes across more straight forward for me because I have so much experience with the OS. I understand that advancing will require my learning Windows and Powershell. So that is exciting. I love having things to add to the list!
I also did several challenges that weren’t CTFs but were more like web app testing. Those were pretty fun as well. Ironically I found the more difficult challenges to be easier and some of the easier challenges I found to be difficult.
Overall the experience has made me realize how much I enjoy the type of puzzles that pentesting seems to present. I like the process of deconstruction. And the fact that it works kind of like deconstructing a list helps. As I love to make lists. So essentially, I work down a list until I achieve the result I require.
Some of the CTFs that I have done allow writeups. So I am planning on doing a few of those as well. I think it will help me during the process to keep track of what I am doing and will also allow me to remember steps that I took.
One issue that I ran into was working on a box for a while and getting tired. So I would log off for the night and go to sleep. Sometimes not thinking to keep browser tabs open or my terminals. So I would lose place or lose some history that I meant to keep. Adding some steps when I start should help there. Like recording my terminal sessions with something like:
script -a project.log
That way all terminal history is recorded. Input and output.
I am really excited for the next few weeks. Hopefully I will have some more things to say. And maybe even some actual work to present!