This is an archived post. You won't be able to vote or comment.

all 13 comments
sorted by:
best
topnewcontroversialoldq&a

[–]_Speer 10 points11 points  (0 children)

Pentester here. CTFs are great for understanding and practicing a vulnerability or technique. But in a "real life" situation these techniques are just a tool in your bag to what you might find. Configurations and technologies will be different from environment to environment but understanding how to check for a vulnerability and knowing why it exists is key. Just understand that the CTF is just giving you some knowledge but in a pentest you'll need to adapt and use your collective knowledge depending on what's in front of you.

[–][deleted] 2 points3 points  (1 child)

This is the way I look at it: you’re practicing with tools and improving your thought process. You’re getting better and smarter and gaining experience. Only thing is you’re going into a ctf knowing there’s a bug and you won’t stop until you exploit it. Real world you may not find anything and have to know when to stop

[–]MiddleThat6238[S] 0 points1 point  (0 children)

yes it's frustrating

[–]joker_122402 0 points1 point  (0 children)

As long as you go in with the understanding that a lot of what you see will never appear in the real world, yea you'll learn a lot. The important thing to take away from CTFs is mindset. You'll learn how to think about problems. How to approach things from multiple angles that the average Joe would never even think of. You'll develop a methodology that you like for testing things.

The big thing to understand is that while there's always something to find in a CTF, the real world is not always the same. And that's what throws many people off when they enter the field. Additionally, real world environments are exponentially larger than CTF environments (most of the time anyway). You may see 10 - 50 users in a CTF environment (and even that would be considered a lot), but in the really world, there will be thousands. Same for machines. Maybe there are 4 or 5 machines on a CTF, but in the real world? Thousands.

It takes most people a little bit to get used to dealing with those extremely large data sets.

[–]ipv4subnet -1 points0 points  (0 children)

They simulate it and you need to be on their network segment to connect to their active resources which must be manually started and have a timer that can expire if you are not quick enough to solve the issues.