CTF : Mindset Development, Getting Started and Advancing in CTF

Beginner Boost

  1. The first thing is “ENUMERATION”. This is surfing all places of the challenge part, whether its any part or any one part of challenge.
  2. The second thing is “Selecting Easiest Part”. In a CTF competition, start with smallest and easiest challenge, to gain maximum points.
  3. The third thing is “Collecting Logical Flags” first, then go for “Brute-Forced Flags”, so that on can gain maximum output.
  4. And last, “Be Calm”, The more, the better. CTF can be irritating, like Mathematics, but when solved, you get satisfaction. Even today, i get irritated when no flags i get, yet calming oneself, and be persistent keeps you going on in CTF

Intermediate Section :

Crypto :

  1. Hash Extender : A tool that performs hash length extension attack.
  2. FeatherDuster : An automated cryptanalysis tool.


  1. Bettercap — Framework for MITM Attacks.
  2. Layer2Attack — Attack various protocol on layer 2.

Bruteforcers :

  1. Hashcat : Always a handy brute forcer.
  2. John The Ripper : Password Cracker.

Exploits :

  1. Metaploit : A Framework for exploitation, consisting of different payloads, written exploits.
  2. Pwntools : CTF Framework for writing exploits

Forensics :

  1. Aircrack-ng : Cracks 802.11 WEP Keys and WPS-PSK KEYS
  2. ExifTools: Read write and edit file metadata.
  3. NetworkMiner : Network Forensic Analysis Tool.

Reverse Engineer :

  1. Barf : Binary Analysis and Reverse Engineering Framework. For me this always works.

Steganography :

  1. Exif — Shows EXIF information in JPEG files. For me, that is more than enough.

Web :

  1. BurpSuite — A graphical tool to testing website security. More than enough.
  1. ZAPProxy — If the above somehow not work, then this can be used.
  1. Hackbar — Firefox addon for easy web exploitation. This should be added on the firefox browser less that level 51 update.
  2. Wireshark — Analyze the network dumps.
  3. Nmap — An open source utility for network discovery and security auditing.
  4. Zmap — An open-source network scanner.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Fardeen Ahmed

ASE | DevSecOps | Pen-tester | Cyber Security consultant | Coder