2. Capture-the-Flag events are computer security competitions. Participants compete in
security-themed challenges for the purpose of obtaining the highest score. Competitors are
expected to “capture flags” to increase their score, hence the name of the event.
What are Flags?
Flags are usually random strings embedded in the challenges.
Pre-requisites
CTF CHALLENGES
• Programming
• Networking
• Linux-distro Basics
• Windows basics
• Cryptography
• Exploitation
• Digital forensics
• Reverse engineering
3. GET STARTED!
● TryHackMe is a free online platform
for learning cyber security, using
hands-on exercises and labs, all
through your browse!
● Much more beginner friendly and the
best platform to start you
cybersecurity career with!
• Hack The Box is a massive, online cybersecurity
training platform, allowing individuals,
companies, universities and all kinds of
organizations around the world to level up their
hacking skills by allowing them to test their
penetration testing skills and exchange ideas
and methodologies with other members of
similar interests.
4. PENTESTING TOOLS TO BE USED
John the Ripper
Hydra NMAP
• Basic Pentesting
• OhSINT
brute forcing | hash cracking | service enumeration | Linux Enumeration
5. ● Hydra is a parallelized login cracker which supports
numerous protocols to attack.
● It is very fast and flexible, and new modules are easy to
add.
● This tool makes it possible for researchers and security
consultants to show how easy it would be to gain
unauthorized access to a system remotely.
Hydra
It supports : FTP, HTTP(S)-FORM-GET, HTTP(S)-FORM-POST, HTTP(S)-
GET, HTTP(S)-HEAD, HTTP-Proxy, MS-SQL, MySQL, PostgreSQL, SMB(NT),
SMTP, SSH (v1 and v2), SSHKEY, XMPP and others.
6. ● Nmap, short for Network Mapper, is a free, open-
source tool for vulnerability scanning and network
discovery.
● Network administrators use Nmap to identify what
devices are running on their systems, discovering
hosts that are available and the services they offer,
finding open ports and detecting security risks.
Variety of capabilities include :
● Network mapping
● OS detection
● Service discovery
● Security auditing
NMAP – Network Mapper
Nmap can be used to monitor single hosts as well as vast networks that encompass hundreds of
thousands of devices and multitudes of subnets.
NMAP
7. ● John the Ripper is an Open Source password security
auditing and password recovery tool available for many
operating systems.
● It is a fast password cracker, currently available for many
flavors of Unix, macOS, Windows, DOS, BeOS, and
OpenVMS.
● It can be run against various encrypted password formats
including several crypt password hash types.
John the Ripper
It is among the most frequently used password testing and breaking
programs as it combines a number of password crackers into one
package, autodetects password hash types, and includes a
customizable cracker.
8. ● Open-source intelligence (OSINT) is a multi-factor (qualitative, quantitative)
methodology for collecting, analyzing and making decisions about data accessible in
publicly available sources to be used in an intelligence context.
Analyzing open source intelligence includes :
• Metadata search
• Code search
• People and identity investigation
• Phone number research
• Email search and verification
• Linking social media accounts
• Image analysis
• Geospatial research and mapping
• Wireless network detection and packet analysis
OSINT – Open source Intelligence
Hackers use OSINT to identify technical vulnerabilities as well as human targets for
phishing and social engineering attacks.
11. CREDITS: This presentation template was created
by Slidesgo, including icons by Flaticon,
infographics & images by Freepik and
illustrations by Stories
THANKS!
Do you have any questions?
Stay Home! Stay Safe!
@samiphegde
linkedin.com/in/samip-hegde-13a96a1b1