Capture the Flag (CTF)

Capture the Flag is a cybersecurity competition format where participants solve security challenges to find hidden "flags" - secret strings that prove you completed the challenge.

Origins

CTF competitions emerged from the hacker conference scene in the 1990s. DEFCON, the largest hacker convention in the world, hosted one of the first major CTF events in 1996. What started as informal challenges between friends became a global competitive scene with thousands of teams.

Competition Formats

Jeopardy-Style

The most common format. Challenges are organized into categories, each worth different point values based on difficulty. Teams work independently to solve as many challenges as possible within the time limit.

Common categories:

Web - SQL injection, XSS, authentication bypasses

Crypto - Breaking or analyzing cryptographic systems

Pwn - Binary exploitation, buffer overflows, shellcode

Reverse Engineering - Analyzing compiled programs to understand their behavior

Forensics - Recovering data from disk images, memory dumps, network captures

Misc - Everything else: OSINT, steganography, programming puzzles

Attack-Defense

Teams are given identical servers running vulnerable services. You must simultaneously:

Defend your own services (patch vulnerabilities, monitor for attacks)

Attack other teams' services to capture their flags

Keep your services running (uptime matters)

This format mirrors real-world security work more closely but requires more infrastructure to run.

King of the Hill

A single target system. First team to gain access plants their flag. Other teams try to take over and plant their own. The team holding the hill longest wins.

Skills That Transfer

CTF challenges are designed to teach real security concepts:

Reading code and spotting vulnerabilities

Understanding how systems work at a low level

Creative problem-solving under pressure

Research skills - finding the right documentation or prior art

Collaboration and communication with teammates

Many professional security researchers, penetration testers, and red teamers got their start in CTF.

Getting Started

Online Platforms

Several excellent platforms offer CTF-style challenges:

picoCTF - Beginner-friendly, always available, run by Carnegie Mellon

OverTheWire - Progressive challenges that teach Linux and security basics

HackTheBox - Retired machines and challenges for practice

TryHackMe - Guided learning paths with hands-on labs

Live Competitions

CTFtime tracks upcoming competitions worldwide. Most are online and free to enter. Start with events rated for beginners before jumping into the competitive scene.

CTF at CLI-Games

CLI-Games offers two ways to train:

The Skills Tree (Static Training)

CTF: Capture the Flag is a structured curriculum that builds from first principles. Navigate procedurally generated filesystems, chain commands together, and hunt for flags hidden in the noise. Tiers progress from Linux literacy through forensics and cryptanalysis. Work at your own pace, save progress, and earn keys as you climb.

The Range (Live Daily CTF)

The Range is a live competition that runs daily. Real Linux containers, real attack targets, real-time scoring. Connect from your browser to a personal attack box and compete against other players. Objectives rotate every day. Type range or daily ctf in the terminal to check if an event is running.

Read more about why we built CTF training this way.

Want to sharpen other terminal skills? Try Hackerman for network simulation, Regex Golf for pattern matching, or Sysadmin Simulator for system administration challenges.