Practice Cybersecurity!

We’re glad to see you’re interested in learning cybersecurity! Here we will provide you with online resources to give you some practical experience with your technical skills.

Steganography/Metadata Challenges

There are challenges of varying difficulty in this zip file, so you’ll be able to test your level of resourcefulness. Steganography is the art of hiding a message within another message (commonly hidden in a photo, but there are other ways to hide messages), and metadata is information about files or other data, such as how big a file is, or how many columns a SQL database table will have. Knowing how to extract metadata is critical for any kind of technical analysis, so make sure you know all about it.

Hashes to Solve

Use hashcat to break these hashes. The decoded plaintext starts with “FLAG-HQNT-” followed by 4 digits. (Hint: Use the mask function in hashcat).






Packet Capture File

There is a secret code in here, can you find it? Try following the streams. (The code will be in the format picoCTF{secretcode}).


Virtualization software allowing you to store Virtual Machines on your computer. VMs are simulations of operating systems, and they provide all the functionality of that OS. VirtualBox is a free software allowing users to learn different OSes and improve your technical skills. Make sure you install the VirtualBox Extension Pack too, there will be some trouble getting into your VM easily if you don’t.

Kali Linux

Linux based VM made for hacking. There are tons of software installed on this VM allowing users to practice all stages of ethical hacking. This will be the InfoSec Club’s VM of choice when doing most club activities. Make sure you download the VirtualBox image file that ends in .ova. Here is a tutorial for importing .ova files into VirtualBox.


Free computer security game created by security experts at Carnegie Mellon University. The game consists of a series of challenges centered around a unique storyline where participants must reverse engineer, break, hack, decrypt, or do whatever it takes to solve the challenge. The challenges are all set up with the intent of being hacked, making it an excellent, legal way to get hands-on experience.

Hack The Box

A free online platform to test and advance your skills in penetration testing and cybersecurity, much bigger than picoCTF. Many of it’s challenges are user-submitted, added a layer of community into the mix. There’s also more real world scenarios where you will actually have to hack into live machines in order to complete the challenge. Kali Linux is the recommended OS to do this on.