Garden State Cyber CTF

Helpful Tips & Resources

Whether this is your first Capture-the-Flag (CTF) competition or you already have some experience, the resources below are designed to help you build foundational skills, explore common tools, and better understand how to approach challenges. First tip: cyber{lolnottheflag!} and variations thereof are never the flag.

Free & Open-Source Tools Only

All GSCTF challenges can be solved using free and open-source tools. No paid or premium software is required to compete.

Using Virtual Machines

Many competitors choose to work inside a Virtual Machine (VM) so they don’t have to install cybersecurity tools directly on their personal device.

A common choice is Kali Linux, which comes preloaded with a wide range of tools used in CTF competitions.

Students and teachers may also access free cloud-hosted virtual machines through the Cyber.org Range, which includes both Kali Linux and Ubuntu environments.

Access is available through teacher signup:
https://apps.cyber.org/apply

Common Tool Areas

Most CTF challenges fall into a few common technical categories. Below are example tools often used in each area. This is not a complete list — discovering new tools is part of the competition experience.

Network Packet Analysis
Wireshark is commonly used to analyze packet capture files, filter traffic, and reconstruct communications.

Password & Hash Cracking
John the Ripper and Hashcat are widely used to recover plaintext passwords from hashes.

Forensics
ExifTool, Binwalk, hex editors (HxD, Okteta), and image applications help analyze files, metadata, and embedded data.

Web Challenges
Browser Developer Tools such as View Source and Inspect are essential for analyzing web pages and scripts.

Binary Exploitation / Reverse Engineering
Command-line tools like hexedit, strings, gdb, and xxd assist in examining compiled programs. Ghidra is also a well known and free reverse engineering tool which requires a graphic user interface.

Initial File Investigation
Basic utilities such as strings, grep, the file command, and text editors are often the first step in analyzing unknown files.

General Research & Support Tools

Some of the most valuable resources in a CTF are not specialized cybersecurity tools.

Google remains one of the most powerful assets available for researching file types, error messages, hashes, and tool usage.

AI tools are also encouraged as a learning resource. They can help explain concepts, suggest approaches, or assist with tool syntax. However, participants should be aware that some GSCTF challenges are intentionally designed to be AI-resistant. These challenges may include misleading context, incomplete data, or elements meant to produce incorrect AI conclusions. Hands-on investigation and validation are essential.

Documentation & Team Workflow

Maintaining documentation during the competition can be extremely valuable.

Teams are encouraged to keep shared notes on:

Good documentation helps teams avoid duplicating effort, improves collaboration, and makes it easier to revisit challenges later in the competition.