CTF Categories and Mindset

A Capture The Flag (CTF) is a cybersecurity competition where you solve security challenges to recover a hidden token called a flag.

Flags follow a fixed format so scoring systems can validate them automatically, for example:

• flag{this_is_the_answer}
• CTF{s0me_l33t_string}

You submit the flag to a scoreboard to earn points. CTFs are a legal, sandboxed way to practice offensive techniques against targets you are explicitly allowed to attack.

The two dominant CTF formats are:

• Jeopardy — a board of standalone challenges grouped by category and point value. You solve independently and submit flags. Best for learning.
• Attack-Defense — each team runs an identical vulnerable service. You patch your own copy while exploiting opponents to steal their flags. Real-time, team-heavy, infrastructure-intensive.

Most beginners start with Jeopardy events on platforms that host them, then graduate to attack-defense once they have core skills.