nice excuses here https://twitter.com/LiveOverflow/status/1265562734772584449
but it is clear that many recent challenges are not that realistic. the truth is that there are too many players who already know the solution to attack typical real world challenges. it would be too easy to put typical ones, and ctfs usually have a limited amount of time
which also makes it hard to put a real world challenge which is very time-consuming and requires tons of guessing skill. ctf is not the best choice when it comes to generic pentests or real world bug hunting.
and as all of you know, most of pentests in general are not too far away from script kiddies. At least in ctf there are many cases where you have to write a customized exploit. Since ctf is done in a short period of time, ctf also pushes you to write faster customized exploits.
it feels like an excuse to me when some people talk bad about ctf. ofc there are shit ctfs and we all dont like it, but on the other hand there are many good ctfs which can boost your learning curve. it definitely helps in your real world as well
and of course, difficulties have hiked up so much when compared to challenges in 2012. but I think this is inevitable. technologies are improving exponentially over time and what people are trying to do divide into two things - break new tech or bypass hardened ones
and these make it even harder for people to even try ctf now. would you be able to catch up with issues on latest technologies? would you be able to catch up with tricks that could bypass the hardened services?
ctf challenges come up with bypassing some tricky tricks or attacking hardened services which are not covered by simple tools. but as I said, there are too many new security concepts and technologies which can't let beginners catch up at this point
which makes it feel unrealistic. there is a huge knowledge gap between players and this is a main problem I would say.
but this problem doesnt mean that ctf is for people who nailed security or something. there are always ctfs with easy and medium difficulties and you just need to keep playing until you understand tons of concepts. just keep trying hard!
You can follow @stereotype32.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cålculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more