Learning about programming, system administration, and ethical hacking is hard. As a matter of fact, it's very hard!
One of the hardest parts about it for me is the feeling of continuously discovering new things I can and want to learn more about. By making these discoveries I feel like my relative knowledge always stays at the same level no matter how much I learn. The ocean of knowledge and skills I feel like I should and want to learn about is continuously growing.
In this article, I will tell about my experience when it comes to learning IT skills and how CTF's (Capture The Flag) is helping me feel a sense of growth.
Capture The Flag
What is it exactly?
Before we can continue the discussion on why I love CTF's, we first need to understand exactly what CTF's are.
CTF's are generally a method of verifying that some sort of task was done. These tasks are often given points based on their difficulty. These points could be used in competitions as a scoring system.
An example of a CTF is hacking competitions where the participant has to find a specific file that contains a text string. That text string has to be entered into a form on a website to verify that the task was done to be given points. The difficulty of the task will determine how many points you score on that flag.
Another example of a flag is using programming and cryptographic skills to find content that is hidden in multiple layers of cryptography. Once all the cryptographic layers are peeled off the flag will be revealed.
When learning becomes a game
My favorite platform to learn Cyber security on is TryHackMe.com. This is a wonderful site to learn fundamental concepts surrounding Information technology in general. In addition, you will learn the methodologies and tools that attackers use to compromise systems. By learning these tools and methodologies I truly feel that I gain insight that helps me better defend against attacks.
There are several reasons why I love TryHackMe.com, but the main reason I keep on coming back is the way they use the CTF concept to inspire and motivate further learning.
TryHackMe consists of many layers of learning, but the main structure is that you join a learning path. That path makes you learn about various topics in so-called rooms. These rooms consist of things you must read about and learn, and tasks to be performed to demonstrate what you have learned so far in the room.
By completing these tasks you get points that are added to you your account similar to XP (experience points) in a video game. These experience points build up to give you new levels.
In addition, to gain points by doing tasks you can be awarded badges that can be used for bragging rights, just like achievements on game platforms like Xbox, PlayStation, and Steam. Some of the badges are for completing iconic rooms, or groups of rooms, and some are for having a streak of completed tasks. These streaks are based on how many days in a row you have been completed tasks.
The streak system is one of the main reasons why I come back. The thought of owning one of the top steak badges really motivates me to at least take one task every day. Some days this is the only reason why I log on to TryHackMe, but once I get going I usually end up spending more time than I initially intended.
To make the gamification complete there is a scoreboard and a friend system that motivate you to compete against friends to get the most points.
The badge above is snowing my own status on the platform, and if you want to, please feel free to send me a friend request, so we can encourage each other to keep on grinding for more skills.
To sum it up: TryHackMe is a role-playing game for your own life and career in cyber security. The point system really reflects what you have learned and the time spent on the platform. And because it requires you to learn real skills it's a game where you as a person grow and level up.
What is the result?
Getting enrolled into TryHackMe with a couple of friends from my class at Noroff really had the same effect as being enrolled into any "real" educational system. It had an enrollment fee to get full access, and you get out of it just as much as the effort you put into it.
By having someone who shares the same passion as me on the same platform, I'm able to push myself a little further than what I think I otherwise would be able to on my own. The drive to get more pints, more badges, higher levels, longer streak motivated me in a fascinating way.
The rooms in TryHackMe that were a part of the learning paths forced me to learn about important topics and tools that I probably would have avoided because they seemed boring or uninteresting.
Is it for everyone?
Yes! And no... Prerequesites:
As mentioned in the chapter about what CTFs are, you can tell that there probably is a CTF for extremely many topics. TryHackMe covers the field of Cyber Security, in an all-encompassing umbrella that covers a lot of what makes up IT.
The problem with a lot of the topics covered in TryHackMe is that it's really hard to get into if you have zero experience with system administration and programming.
Most of the rooms that are classified as easy try to make the learning experience as smooth as possible for complete beginners by providing a short theoretical introduction to the topic it covers. But like with everything you want to learn, it's a lot easier if you have some points of reference.
Before joining TryHackMe I would recommend that you have at least some basic familiarity with navigating the CLI of Windows (CMD and PowerShell) and Linux (Bash) since most of the work on the tasks will be done through the CLI. In addition, some basic understanding of computer networking is probably a good idea to make it easier to "connect the dots".
Many of the early rooms are focused on web hacking. If you have taken a crash course on web development (HTML, CSS, and JS) you will have a good starting point. Because a lot of the backend web server examples will cover PHP it might be a good idea to have some basic familiarity with PHP and SQL as well.
I will not say that it's impossible to learn on TryHackMe without these prerequisites, but I can guarantee that the learning experience will be a lot less frustrating and a lot more fun in the beginning. This is simply because you will have a lot more points of reference when learning new stuff.