CTF Preparation Guide

What is a CTF?

CTF stands for Capture the Flag. In this context, it’s a cybersecurity competition designed to test and teach a range of technical skills often encountered in the cybersecurity field. There are many different kinds, but ours is “jeopardy-style”. This means that you will have access to several different challenges covering a range of difficulties. With a few exceptions, these challenges will be mostly independent from each other, and you will be able to work on them in any order.

The goal for each of these hands-on challenges will be for you to come up with or find the “flag”, which is a special string of text, often enclosed by tags like MetaCTF{} or flag{}. Submitting this flag will give you points and help you move up on the scoreboard. The problem statement will usually mention if the flag has a special unusual format.

You can register for our public Flash CTFs here: January CTF  |  March CTF  |  April CTF  |   May CTF

These competitions are over, but it will help you become more familiar with our platform and different kinds of CTF challenges. The challenge solutions are available from each Flash CTF’s landing page after you login.

Also, check out this talk by our friend John Hammond. It talks about CTFs and shows a few example challenges from our platform.


You will need a personal computer to participate. During the CTF, you may want to install additional software, so having Administrator/sudo access to your machine is preffered. School computers could work, but you may be very limited to what you can install and download. Work-provided computers could also work, but your employer might not want you to download any hacking tools or malicious-looking files onto the system. We won’t give you any live malware, but some things you do may seem suspicious.

You will probably have to download a lot of different files that you’ll be working on, so setting aside a separate folder for this and clearing up some disk space beforehand will help.

We may be able to provide you with a browser-accessible Kali or Windows virtual machine if you need one.


We suggest that you have a virtual machine (VM) or two ready. You will likely need to install new tools during the CTF, and having a separate environment for this is helpful if you don’t want to clutter your computer and you don’t use these tools all the time.

You can download Kali Linux here or get a free (genuine) Windows VM here

The tools you will need during the event vary from CTF to CTF, but some of the most common ones include Wireshark, Ghidra, nc/netcat, JohnTheRipper/Hashcat, volatility, BurpSuite (though I personally prefer the built-in browser developer tools, and it will have all the features you need 90% of the time).

Definitely make sure to check out CyberChef. It’s a swiss-army-knife of all kinds of useful tools.

In some cases, you may need to have a web endpoint available to receive requests from vulnerable web servers. We recommend using a free service like Webhook.site.


We are here to help. Please follow the support instructions we have for the specific CTF you’re competiting in. You’re also welcome to reach out to us at support@metactf.com.