CTF Skillset

Guys,

I am looking for advice to get better at CTFs and increasing my skillset overall. I have taken and passed my OSCP and i have read a million of recommend books. i am great when it comes to the easy challenges but anything harder i struggle. Please let me know what you recommend I do, i want to be at @ippsec level.

Not everyone at once…

@p0wn3y said:
Guys,

I am looking for advice to get better at CTFs and increasing my skillset overall. I have taken and passed my OSCP and i have read a million of recommend books. i am great when it comes to the easy challenges but anything harder i struggle. Please let me know what you recommend I do, i want to be at @ippsec level.

You missed out subscribing to @ippsec Youtube channel. The main skill @ippsec is imparting, in my opinion, is the thought process approaching a problem, not so much on the technical walkthrough.

Cheers

You just need more practice, tbh. Also focus more on difficult ones, they’ll likely take you days but the experience you accumulate is worth 200x that of the easy ones, imo.

Make yourself believe that difficult machines are just like easy machines but with difficult machines, you’d actually need to work on a little bit more than usual.

@p0wn3y

What I am seeing is this

1.) The harder the box the more I learn
2.) The problem allot of times with CTF is things are right under our noses so we are learning to enumerate, which is the foot printing stage. I would say the insane level challenges are trying to impart wisdom on us learned by mostly people that do this for a living and either see this stuff on a penetration test or just decide to create it due to their skill set for our pleasure.

When I first started doing these I thought I had an idea how to really get into some stuff if I wanted to and sure I can get into allot but I came here found I lacked basic Linux skills I had overlooked many small things like setuid, suid what have you.

When it comes to Windows and Active Directory those are hard as ■■■■ than comes in the SMB and LDAP challenges .

I would honestly say most if not all of these really hard ones employ a known CVE or a custom 0 day that needs to be figured out but the solution is always right under our nose.

Also allot of people on here use discord and I spend most of my free time on here and chat with people and do allot of learning and beating challenges so if You ever need help with a box or want to see how I approach a really hard one minus any degrees or formal schooling maybe we can help each other learn especially since you have an OSCP.

I would like to chew your ear off at some point about that experience.

Feel free to hit me up via PM

Thanks so much for the response everyone