Last weekend I participated in my first CTF (Capture The Flag). A CTF is a competition where people attempt to solve various security challenges. Think of it as a way to improve your 1337 hacker skills through gamification. Once the CTF starts you are presented with a variety of challenges. They are all organized by category (cloud, cryptography, reverse engineering, web, etc.) and skill. Every challenge you solve award you points on the leaderboard. Each challenge is worth 500 points but that score goes down as more people solve the challenge.
After CTFs are completed, folks tend to write up their solutions to the challenges. For the hackathon I attended there are even prizes for the best write ups about the event! This post is not one of those write ups.
Before talking more about CTFs, I want to provide some background. I grew up in a hamlet in rural Alberta. Everyone I knew wore cowboy boots and rode dirt bikes. Imagine my parent's reaction when they brought home our first computer and I decided I never wanted to see the light of day again. They unknowingly opened my eyes to a world I didn't know existed. Even though we could only get dial up internet, it wasn't long before some of my closest relationships existed inside of that box.
In-between countless hours on AIM and deviantART, I discovered thebroken while watching The Screen Savers on TechTV. It was an online show covering topics like wardriving and social engineering made by Kevin Rose before he got big with startups. My mind was blown. I started to fantasize about my future as a hacker.
I was 13. I didn't have a job. I couldn't drive. I never ended up hacking anything. Like pretty much any other aspiration in my life from that time, I dabbled and then told myself I wasn't capable of doing it. Nothing survived the dream stage.
So what does that have to do with participating in a CTF? Well, Friday morning my partner's brother Zach, who is currently studying computer science, asked if I'd want to participate in the CTF. My curiosity was piqued but knowing I didn't have the required skills I just told him I'd pass.
Later that night my phone lit up with a text. It was Zach. He sent me a codebase and asked me if I could find the flag on a website. What happened next was the ultimate nerd snipe. I was already curious so I downloaded the codebase and started to poke around. It wasn't long before I started to have ideas. Shortly after that I captured my first flag and the dopamine hit.
That night I stayed up until 5 in the morning (I normally wake up at 6). I solved some challenges and got stuck on even more. But I hadn't had this much fun in months. I spent the rest of the weekend chipping away at the challenges and ended up placing 28th out of 326 teams! I reconnected with my deep love for computers. Everything about the way they work and what we can achieve with them brings me joy. It's why I work as a software engineer. It's a feeling I am committed to continue developing.
Last weekend I realized I continue to hold myself back like I did when I was younger. I keep telling myself I'm not good enough to do things I really want to do. It's surprising because the way I learned to write software was by building even when I didn't know how. Doing this CTF was just like that. I spent a lot of time researching, googling, succeeding, and failing. I didn't need permission. I didn't need to know how to achieve what I was trying to achieve. I just tried my best.
Last weekend I realized I need to stop operating with such high expectations. If I want to do a CTF, do a CTF! If I want to learn to draw, just draw! I've been noticing that I've fallen back into old patterns of shutting down my curiosity like when I was younger. I have a desire to learn then I create an expectation and tell myself I could never meet it. As someone with more dreams of hobbies than actual hobbies, I am doing myself a disservice.
It turns out you don't actually need permission from somebody else to develop security skills, learn to code, draw, or do anything else you want to do. Especially with access to all of the information on the internet.
After all of this I'm confident vikeCTF won't be my last CTF. Heck, maybe I'll even make it to DEF CON some day!