I was a 9th grader when I created and launched my first CTF — “scriptCTF”. I am NoobMaster (that is my discord name) and I regularly participate in CTFs. scriptCTF was my first CTF which I conducted as the team lead of the team — ScriptSorcerers. I had prior experience of conducting CTFs with another team (n00bzUnit3d) as a team member.

If you are thinking of creating and launching a CTF of your own, you have reached the right place. I will talk about everything needed for it — infrastructure requirements, creating and hosting challenges, arranging sponsors and prizes, choosing dates for hosting CTF, marketing your CTF, conducting it, checking for plagiarism cases or flag-sharing, and finally distributing certificates and prizes.

Since everything cannot be covered in one single article, I plan to write a series of articles covering all the above topics. This article primarily focuses on where to start from.

What is a CTF?

CTF stands for Capture-The-Flag cybersecurity competitions where the participants are required to solve challenges posted on a hosting platform. The solution of a challenge is in the form of a flag (a string of random data or text in some format). Individuals and teams can participate and the faster you solve and submit more flags, the higher your chances to win.

There are CTFs specifically designed for middle or high schoolers, for college and university students and those which are open to all.

Where to start?

Participate in CTFs

Start with participating in a good number of CTFs. While you participate in CTFs, notice the following:

• Different categories of challenges that exist: Some categories require a specific skill or expertise in a specific language. Understand different categories and work to solve challenges in a preferred category.
• Quality and difficulty level of the challenges: Some CTFs are designed for beginners, while others are for experienced participants. Observe the mix followed in various CTFs, along with the quality of the challenges.
• The order in which the challenges are released: Some CTFs release all the challenges in one go, while other have phased releases. This is also dependent on the duration of the CTF. Longer duration CTFs generally prefer phased releases.
• Scoring (or Dynamic Scoring): Some CTFs follow static scoring which means that the points that you earn for solving a challenge is constant throughout the duration of CTF; while in dynamic scoring, the points of a challenge decrease as more and more teams solve it.
• Quality of the infrastructure used to host the challenges: If the CTF is down for most of the time or the discord server is not operative, the participants’ frustration builds up and lowers the CTF’s rating. Understand the infrastructure used to host the CTF and the challenges.
• The duration and timing of a CTF: Most CTFs last for a few days (usually over a weekend), while some of them run for a longer duration. Understand the relationship between the duration, the difficulty level, and the number of challenges.
• Dig down the sponsor details: A great information to acquire since this will give you a list of potential sponsors to approach for your own CTF.
• Announcements and discord channels maintained by the admin team: Understanding the manner in which the discord server is organized and the roles different team members take. This will help you organize your team for handling discord communication.
• Responsiveness of the organizers in handling queries: Since most CTFs are global, there will always be someone working on a challenge, and might reach out for clarifications. Responsiveness of the team (during as well as after the CTF) in answering queries effectively plays an important role in deciding the rating of the CTF.
• Feedback and communication happening in the discord server: Closely monitor the feedback being shared by the participants in the server. Observe how criticism is handled by the team. This will help you when you have to answer weird queries and handle criticism.
• Rules and penalties: Be clear about the location where rules and penalties are written and explained. Notice announcements related to violation of rules (such as flag-sharing) and associated penalties.
• Prize division and distribution: Most CTFs have prizes for different category winners. Prizes are sponsored by the organizations that sponsor the CTF. While the participation certificates may be distributed early, the prizes are usually shared after careful checks that confirm fair participation.

What next?

Form a team

While you participate in CTFs, the next important step to do is networking:

• Connect with like-minded people through discord servers of the CTFs you participate in.
• Join an existing team or form your own.
• Be consistent in CTF participation with your team.

Learn to solve challenges

Here are a few things that you can do while you explore CTFs technically:

• Identify the category of challenges that you like the most or that might seem easy or exciting to you.
• Learn to solve challenges by going through solve scripts of similar challenges.

Stay Focused!

Practice and practice

The quality of challenges in a CTF is a key indicator contributing towards the rating of a CTF. The more challenges you learn to solve, the better the challenges you will be able to design for your own CTF. Practice with your team and individually. Be consistent and determined.