8-Week CTF Preparation Routine
This document provides a detailed 8-week Capture the Flag (CTF) preparation
routine. It is designed for beginners and intermediate learners aiming to get ready
for a CTF competition within 2 months. You should ideally spend 2–4 hours per day.
Adjust based on your availability.
Week 0: Setup & Warm-up (3 Days)
- Day 1: Install Kali Linux / Parrot OS. Install Python, Burp Suite, CyberChef, Wireshark,
Ghidra, etc.
- Day 2: Create accounts on TryHackMe, HackTheBox, CTFlearn, OverTheWire, picoCTF.
Watch overview videos.
- Day 3: Try 2–3 basic challenges from CTFlearn (Misc, OSINT, Crypto). Bookmark writeup
sources.
Week 1: Linux Basics & Bash
- Day 4: OverTheWire – Bandit Levels 0–6
- Day 5: Bandit Levels 7–12
- Day 6: Bandit Levels 13–18
- Day 7: Learn Bash scripting. Write small scripts.
- Day 8: Practice Linux commands: grep, cut, find, awk, sed, netcat.
- Day 9: Solve Linux-related challenges on CTFlearn or picoCTF.
- Day 10: Revise Linux/Bash and attempt a small mock challenge set.
Week 2: Web Exploitation (Beginner)
- Day 11: TryHackMe: Complete 'Intro to Web' & 'OWASP Top 10'.
- Day 12: Practice SQL Injection (SQLi).
- Day 13: Practice XSS – reflected and stored.
- Day 14: Learn LFI/RFI and test on TryHackMe or PortSwigger labs.
- Day 15: Learn about cookies, session hijacking, hidden forms.
- Day 16: Solve 3–5 web challenges from picoCTF or CTFlearn.
- Day 17: Review failed challenges and revise.
Week 3: Cryptography
- Day 18: Learn encoding: Base64, Hex, ASCII, Binary. Use CyberChef.
- Day 19: Learn classical ciphers: Caesar, Vigenère, XOR.
- Day 20: Learn hashes: MD5, SHA1. Try hashcat, CrackStation.
- Day 21: Understand modular arithmetic and simple RSA.
- Day 22: Solve 5 crypto challenges on picoCTF.
- Day 23: Try CTFlearn Crypto section (3 problems).
- Day 24: Review crypto writeups and revise tools.
Week 4: Reverse Engineering
- Day 25: Learn strings, ltrace, strace, objdump, Ghidra.
- Day 26: TryHackMe: 'Intro to Reverse Engineering'.
- Day 27: Reverse simple binaries on CTFlearn.
- Day 28: Practice with picoCTF reverse problems.
- Day 29: Learn basic x86 Assembly. Use Ghidra.
- Day 30: Solve 3 challenges + take notes.
- Day 31: Review and retry failed challenges.
Week 5: Binary Exploitation
- Day 32: Learn memory layout, stack, heap, registers.
- Day 33: TryHackMe: 'Buffer Overflow Prep'.
- Day 34: Install pwndbg + gdb. Debug C programs.
- Day 35: Learn and try buffer overflow locally.
- Day 36: Solve buffer overflow CTFs (picoCTF, pwnable.kr).
- Day 37: Read writeups on ret2win, NOP sled.
- Day 38: Write vulnerable C code and exploit it.
Week 6: Forensics & Steganography
- Day 39: Learn file carving, metadata (exiftool, binwalk).
- Day 40: Practice image steg (zsteg, steghide).
- Day 41: Analyze network (Wireshark + PCAP).
- Day 42: Try forensic challenges (CTFlearn, picoCTF).
- Day 43: Practice audio/image hidden messages.
- Day 44: Practice forensic + steg combo.
- Day 45: Revise and document tools.
Week 7–8: Practice & Mock CTFs
- Day 46–49: Complete full beginner CTF on TryHackMe (e.g. Mr Robot).
- Day 50–52: Try past challenges from picoCTF or CTFtime.
- Day 53–56: Time-based practice: 5–6 problems in 4 hours.
- Day 57–58: Join CTF Discords or team up.
- Day 59: Review notes. Create a cheat sheet.
- Day 60: Final mock CTF. Time yourself. Document everything.