Capture the Flag events are exciting and competitive. But, they can be scary to developers and security practitioners who have never participated in them.

In this session, I introduce CTFs, discuss their benefits to developers, and examine an easy and medium-difficulty CTF challenge in depth.

Together, we walk through the wiley attacker's thought process and how to pick up clues based on the programming language and protocols involved. We google, form theories and test against what little information is provided in the challenge.

You don't need any prior knowledge of a specific programming language. Rather, we focus on developing the skills needed to participate in a Capture the Flag event.

After an introduction to Capture the Flag events, we dig into two challenges. These are real challenges from past CTF events.

For each challenge, we follow a pattern of discovery:

1. Introduce the challenge
2. Review clues from the challenge text and challenge interface
3. Give participants time to take on the challenge
4. Pause and review progress and give a hint
5. Give participants more time to solve the challenge
6. Review the solution and lessons learned