Beginner Resources for first-timers
Installing a Virtualization Software
VirtualBox allows you to host "virtual machines" a.k.a. VMs. Imagine you have a computer within your computer - that is what a VM is. It allows you to host different operating systems without having to worry about the hardware for each. Each VM will utilize your host computer's hardware so it is important to not allocate more computing resources than you have available. Working off a VM in JerseyCTF is wise because you can use pre-installed tools on a cybersecurity-focused Linux distribution like Kali or Parrot OS without having to download any tools on your host machine. Once the competition ends, the best part is you can delete the VM and your host computer will be clean!
Installing a Linux distribution to run in VirtualBox
Some notable "operating systems" you have heard of include Windows, iOS, and macOS. Linux is also an operating system that is popular in industry, but it is free and open-source! "96.3% of the top 1 million web servers use Linux" (TrueList). Knowing how to navigate a Linux filesystem is a good first step when starting in the IT/CS/cybersecurity industries. There are hundreds of Linux distributions. In cybersecurity, you will most often hear about Kali Linux and Parrot OS. These distributions are free and come with tons of pre-installed tools that can be used in JerseyCTF like Wireshark for network packet analysis and John the Ripper for password cracking! If you would like to work off a user-friendly Linux distribution and download tools yourself, Ubuntu is a popular option. Important to note: only one VM is necessary.
Useful Tools and Resources
Some important beginner words in penetration testing include low-hanging-fruit, enumeration, and breadcrumbs. Special tools make enumerating through systems to gather breadcrumbs and low-hanging-fruits a lot easier. As mentioned above, it is best practice to utilize Kali Linux which comes with pre-installed tools so you don't have to worry about installing and configuring a bunch of tools on your host computer when participating in JerseyCTF. Whether you want to use Kali's toolbox or download tools, here is a list of useful tools for competing. It is also a good idea to Google whatever tool/attack you need with GitHub at the end of the search query to look through free and open-source options. This list is far from everything as there are hundreds of tools out there that you can find and use. ALL JerseyCTF challenges can be solved using free and open-source tools and do not require any paid/premium tools. IMPORTANT: Any tools that contribute towards any form of "active reconnaissance" like Nmap should only be used within an isolated or simulated competition environment, never on real-life hosts.
Wireshark for network packet analysis.
Dirbuster for web directory enumeration.
John the Ripper for password cracking.
Ghidra for binary exploitation and reverse engineering.
Nmap for network scanning including port scanning, host discovery, OS detection.
Google because, Google.
Shodan for advanced open-source intelligence and reconnaissance.