 Hey everyone, so I get a lot of questions and comments asking me like hey John How can I get into the capture to the flag scene? How can I get started? How can I learn how to hack or how to be more of a cybersecurity professional? So my usual answer to them is like well, just jump in just Take a look at over the wire some of those war games try practicing like capture to flag competitions Normally the first thing that I suggest to them is try to play Pico CTF and Pico CTF is what I would say is one of the best jumping off points to really learn more capture the flag style like Challenges and the content the topics things that you would you see in some of the scene so what I want to do in this video series is try and attack this like as if you were an absolute beginner, so I'll explain as much as I can everything in detail and Try and be as hand-holding and as friendly as I can be and that's why I'm doing this right now on Windows So let's say you're absolute beginner. You don't know Linux You don't know a whole lot of programming stuff just yet, but we're gonna jump in and we're gonna do it for real So I am on a vanilla Windows 10 image like literally not even I'm just doing a virtual machine right here. So I'm just even on Microsoft Edge I don't have anything so if I were to go to Google like as a noob just googled Pico CTF and Our first result is where we're gonna head. So Pico CTF is a cybersecurity competition put on by Carnegie Mellon University let's make this stupid Windows nag go away and It's originally designed for middle and high school students, right? So to get that introductory phase for people trying to get into the scene and learn cybersecurity computer science stuff around Participants must reverse engineer break hack decrypt or do whatever it takes to solve a challenge They're set up with the intent of being hacked. So it's like purposefully vulnerable and For you to learn so it's done by the Carnegie Mellon University the guys that do psi lab And their I and I and Plaid Parliament opponent So the guy a lot of guys that like our hardcore like top of the world for capture flag security teams at least United States wise and This is their game. So let's jump in We're still waiting on Pico CTF 2018 to be released should come this September but the 2017 game is phenomenal and that's where I want us to start So if you haven't already go ahead and create an account I'm gonna do this as well. The URL right now is just 2017 dot Pico CTF calm if we want to register You would just go to like forward slash register You can check out the get started page right here, but it will link you to okay officially register for Pico CTF You will need an email address to be able to do this I'm just probably going to use a quick and easy 10 minute mail thing if we Google 10 minute mail We can get Temporary email. Wow being is the default here. Dang All right, so let's go back over to our Pico 2017 tab. I'll pick a username I'm gonna do underscore underscore John Hammond because I've been trying this a few times Paste in that email address that we just got for our temporary email address Let's give it a password. We don't need to have a school in this case I'm from the United States. So I'll agree to the terms of service. Tell them I'm not a robot and I'm probably gonna have to go through this stuff. Sorry guys Bus bus bus more buses Verify sweet. I did it. I am not a robot. Perfect. All right, so they just sent a verification email. Let's go ahead and check it Since we're in the 10 minute mail slot, let's go over there and Okay, cool. It just popped up welcome to Pico CTF confirm your email scroll down here There's a big blue button to activate our account cool, so now we are in and It looks like It's trying to load something. Okay, cool. I'm gonna zoom out here a little bit so we can see here But what this section is is the tutorial like you can see up in the URL cut for cutscene and then tutorial one entry So this is a tutorial and it's trying to go through a little bit of scenario storyline To offer some context for what we're trying to do here But I think it's pretty silly. You don't have to watch through all of it down at the bottom right You've got some skip or skip all options And right now it's just trying to set the scene for a lot of the material that we're gonna see in the game I don't care too much about that storyline stuff I care more about the actual technical ability and competence that we're gonna learn how to do here So I'm actually gonna go ahead and skip all on these and it'll jump us right to the first challenge here But it looks like we're presented with kind of like a desktop looking screen. So Daedalus, I think is the company or corporation that we're trying to Either get stuff out of again, I didn't pay attention the storyline But I just want to give you context of what this thing is So on the left here, you've got a file called Name, but the icon says open me So if we click on that we get this dialog box that pops up and this is what we're gonna see as a Challenge that like that's presented to us and it's that's it's just that it's that small self-contained encapsulated thing This box right here. So the challenge title in this case is just tutorial one and our challenge prompt is how can you figure out? Robin Morris's middle name Thankfully, you have a list you can check and list looks to be in blue. So that's got to be a link We've got hints down here and we can expand those hints here says, please don't search by hand. Okay Benefit of using a computer. We have automation. We have power. We have speed and numbers computing So let's click on that list and Nice, okay. This looks like a giant text file contractors dot text in some static directory I don't care, but we've got Daedalus contractor list number 1498 so We can Scroll through this right, but like it said, please don't look by hand. So let's try and control f. Let's Use that find and replace or search functionality that our browser gives us and hit control and f at the same time on the keyboard And we can look for whatever it is. We're trying to find Robin Morris's middle name Well, since we can only look for text in that text file Let's try like Morris as the last name see if we could track it down We could also look for Robin, but that has 23 results as you can see and Morris I think only has 12. Okay, so last name Morris That's Anthony Robin Morrison not right not right first names That's Jennifer Morris not Robin Morris Ava Morris Morris in Sophie Morris still wrong Robert Morris, etc Etc. Okay, so after we fit enter a few times looks like we found it on the 10th entry Robin L may Morris you can see it right there. You're all highlight this That's his name Robin first name Morris last name. So his middle name must be L may Cool. So right now, obviously, this doesn't look like a cool lead hacker thing that we're doing right now It's just a tutorial. It's just trying to get us in the zone in the mindset of finding a flag or a token or something that we're trying to reach as our goal as the objective and Find out a way to get there And it's just going through these silly cutscenes and all but let's go ahead and move on from this I want to hit skip all and Okay, now we're back to the desktop and the next level tutorial tutorial to looks like the thing is called ambition Tutorial to Robin handed me this the other day. Maybe we'll help me find the answer Okay, well, that's enough for now because I want us to just get our feet wet. I want us to register for Pico CTF I wanted to jump and showcase the first tutorial But that's right now the bare basics that we're doing because you're right That wasn't super cool. That wasn't super lead flashy hacky sexy stuff on the keyboard But we're gonna get into it. You're gonna learn to be an awesome Cybersecurity professional gonna learn to be a hacker and you're gonna be loving the cyber security capture the flag competition that CTF seen and I think Pico CTF is a great way to jump in I'm on Windows right now because I want to be Holding your hand. I want to be with you as a beginner. I want to be walking this road with you like side by side So thanks for watching guys. Hope you like this Hey, I have to shout out to my supporters people that are giving me some love so far in patreon So big shout out to I'm gonna say big because I make it like a huge font 472 let's go 48 72 little much cool Spencer Clark Gal Horowitz Zoke Attila, I'm sorry Windows notepad remove the accent so I know you have an accent in your name and I'm really sorry that it loses it but The next one is my favorite to say orgal off the unruly destroy of worlds bastion of terror Thank you guys so much for supporting me one dollar a month on patreon We'll give you a shout out just like this at the end of every video five dollars a month or more We'll give you early access quote-unquote early actress access the best I can do for the videos that I create because I Record a lot of things in bulk and in mass and then I release them to YouTube and a schedule daily like gradual upload If you don't want to wait you want the content immediately as it's ready Five dollars a month. You get early access. So thank you guys for watching if you did like this video, please plus that like button Please please plus please press that like button. Hey, maybe comment Maybe subscribe if you're willing to support me on patreon. Thanks so much. See you soon