5 min read

Categories

AMA with OfficialBenko

Are you looking for an opportunity to participate in exciting Capture-The-Flag Competitions? Do you want to solve complex challenges while expanding your technical know-how? then feel free to join OfficialBenko’s Discord : discord.gg/vjpAtf3 👋


  • Where do beginners learn CTF from which website, from which platform?

    • There are different type of tasks in CTF. For example Reverse Engineering & Binary Exploitation. You can google for them. Both of them, for example, would require you to learn at least the basics of C-Programming. Just sign up for a CTF on http://ctftime.org 😃 ✌️


  • How did you started the PLAYING CTF

    • @LiveOverflow got me into participating in CTFs. [Ja, genau Sie! Danke dafür! Meine DMs sind offen :D] One reason for that is that he is very successfull, experienced, but also from Germany :)

    • I headed over to https://ctftime.org/event/list/upcoming, choosed an ctf competetion and signed up for it. That’s all you need to do to get started :D


  • What topics you focused before starting learning and while you learning? What you followed while learning and doing CTF’s

    • I mainly focus on Reverse Engineering & Binary Exploitation. The reason for this is that I love to do review & coding itself!

    • I still learn each day by participating frequently in CTFS and doing Reverse & Binary Expl. Challenges :)


  • What are Minimum skills required to start in CTF? for example Linux, Ports, CVE search skills, etc…

    • There is no such thing as minimum requirements in my opinion! But of course you should not start without a certain basic knowledge. Otherwise the journey could be much more difficult. 😬

    • In my opinion you should be familiar with Linux. Also it is beneficial to know the web basics and a programming language. But you do not have to master any of them! With every CTF you gain more and more experience and knowledge.

    • I always choose a challenge, collect all available information and then try to solve the challenge. If something seems unknown to me, I google it. That way you have already learned something new!


  • What is your strategy for DEFCON CTF

    • first of all I’m looking for “Low-Hanging Fruits”, the challenges that are easier. After that I go for the harder ones.

      • I mean Which strategy should I use Attack-Defense or jeopardy defence??

        • Be oranized & Always keep the overview. As I said before, you should first of all focus on the challenges you have learned about. Filter out what you know, then create possible solutions before you finally dare to solve a challenge.
  • I have seen many people in social media saying that playings ctfs won’t make u a Bugbounty hunter whats your opinion on this…?

    • CTFs alone won’t turn you into Bug Bounty Hunter. But it can be very rewarding. You will be forced to deal with different topics and technologies that can make it easier for you to get started, but also to progress.


  • your favourite CTF which you enjoyed the most

    • I liked Bugcrowd 0x07 CTF the most, because it was the first real big “competition” for me. But also because of the great structure & story.


  • Do you have any cheat sheet, checklist, or any mindmap for CTF?

    • Actually I don’t have a checklist/mindmap, although it could be very useful. But depending on the challenge, I know relatively quickly what could possibly be done, and then I try to do it. You develop a feeling for it very quickly. The experience is important. There is no general checklist, because every challenge (type) is different. Sure, sometimes there are challenges that you have already solved before. You will notice them.


  • CTF / Bugbounty which seems more interesting and profitable for you? And whats the mistake u made when u got started?

    • In my opinion it is hard to compare Bug Bounty Hunting with CTFs. They share many similarities, yet have their own basic idea and appeal to other target groups. Nevertheless, you asked me about my attitude to this topic. For me, CTFs are currently the focus of attention. I enjoy them so much and I learn a lot at the same time. Solving challenges together in a group is what I like. But soon I will start again with Bug Bounty Hunting.

    • But if you are looking for a career in cyber security and monetary rewards, you should definitely focus on Bug Bounty Hunting. The CTF is mainly about fun.

    • The biggest mistake on my part was not being consistent and focused. If you are new to the game, you should definitely familiarize yourself with the basics. It will cost you a lot of time! Stay focused and it will definitely be worth it!


  • What is ur fav ctf? How did u crack it and how much time did it take?

    • I really liked the Bugcrowd 0x07 Levelup CTF 💚 It had a great story and many different types of challenges. There had been several challenges. So it took many different approaches to solve them all. In total, I spend about 1 1/2 days solving it.


  • from which ctf did u learn the most? u r fav tools to crack tough ctf’s?

    • There is not just one CTF from which I learned a lot. But the recent “Cyber Yoddha” CTF really helped me to refresh some basics, but also to get into some more advanced topics (Reverse -> Binary Exploitation)

    • For Crypto-Challenges I frequently use the tool called “Ciphey”. For Reverse Engineering and Binary-Exploitation, Ghidra is my tool of choice. But there are lot more you should make use of. [gdb, pwntools, …] I hope I could answer your questions 😃 Feel free to message me😉


  • Do you do any automation .Eg when you get the ip do u run any script to generate payloads related to that ip like reverse http://shells.Do you use any tricks for doing things faster like aliases for the commands u use frequently Basically any tricks u use to attack fast ?

    • hanks for your question! The situation you describe focuses on the topic Linux machine Explotation and Privilege Escalation. Unfortunately this area is outside of my main focus. Therefore I rarely come into contact with them.

    • In general, however, I prefer manual work according to my preferences. This allows me to implement my ideas much more specifically. For this reason, I prefer writing my own scripts. In my case primarily in Python.