Setting up a virtual machine for your CTF toolbox

By |Published On: October 9th, 2020|Tags: |

You may have seen some Capture the Flag (CTF) writeups on the Hurricane Labs blog recently! If you’re wondering how to get started yourself, this blog post will help you set up a virtual machine (VM) for CTFs.

Just in case you missed the others, I wrote a beginner’s guide that was inspired by the NahamCon 2020 CTF and another post about OSINT challenges experienced during the CSI CTF. My teammate, Collin Simpson, also wrote up a NahamCon CTF series, so make sure you check out parts 1, 2, and 3 of his series.  

What are CTFs and how you can get started

CTFs (Capture the Flags) are competitions you can participate in–virtually or in-person, depending on the CTF–to show off your cybersecurity skills, to give you learning-based challenges, and to have a little bit of hacking fun. Most of them are red team and based on pentesting skills, but there are some blue team CTFs as well.

If you’re looking to get started with CTFs, the first thing you’ll want to do is create a VM so you have a place to work from that has all the tools you will need. You can use Virtualbox, VMware, Parallels, or any virtualization software. You could also purchase a virtual private server from a hosting provider. Whatever option you choose, you can find instructions online through searching for “Installing Kali Linux on [your VM of choice]” and there are hundreds of articles on how to do so. For Virtualbox, I used these instructions.

Additional tools, websites, and other useful resources

The following is a list of tools I installed and websites I bookmarked based on the past few CTFs I have done.

You can install all the tools in Kali’s repo if you’d like, but you won’t need all of them–it would be a lot to maintain if you did. During the installation, if you are not using the image for virtualization, choose the default recommended install and then install the tools you’ll need for each category:

Web Exploitation


  • Stegsnow: Hides and detects steganography in whitespace
    sudo apt-get install stegsnow
  • Stegosuite: Hides and detects steganography in images
    sudo apt-get install stegosuite

Reverse Engineering

  • Ghidra (bookmark): Reverse engineering tool


  • Sherlock: Search for usernames across multiple websites
    sudo apt-get install sherlock
  • Exiftool: See exif data in photos
    sudo apt-get install exiftool

Multiple Uses

  • CyberChef (bookmark): This is very useful for CTFs! I don’t have to install so many tools because it does so much, especially if you are trying to convert something from one format to another or decrypt something.
  • RSA Step-by-Step (bookmark): This will help with any RSA challenges and it also explains how RSA encryption works. Also, be sure to watch John Hammond’s video on solving RSA challenges to see how he solves RSA challenges, which will deepen your understanding of it.
  • Pentesting CheatSheet (bookmark): This cheatsheet has common red team linux commands you can use during CTFs.


  • PIP: for installing python packages
    sudo apt-get install python3-pip python-pip

Check out my Twitch livestream video!

During a Twitch livestream a few weeks ago, I went through the entire process and have edited it down to just the important parts so you can follow along with me at your convenience–closed captioning (CC) available. Also, for those who would prefer a transcript, you can download that file here!

These tools and websites should get you started; however, as you go along–depending on what type of challenges you end up doing and the CTFs you participate in–you will start to accumulate more tools and should create a list of your own. I know this list will probably be twice as long next year after I participate in more CTFs–and, as always, new tools are coming out and new types of challenges are being developed.

Feel free to reach out

I hope you enjoy CTFs! If you wish to share any comments or suggestions for my future blog posts or live streams–or just want to let me know what tools you use for CTFs–feel free to tweet at me @theroxyd or send me an email.

Share with your network!
Get monthly updates from Hurricane Labs
* indicates required

About Hurricane Labs

Hurricane Labs is a dynamic Managed Services Provider that unlocks the potential of Splunk and security for diverse enterprises across the United States. With a dedicated, Splunk-focused team and an emphasis on humanity and collaboration, we provide the skills, resources, and results to help make our customers’ lives easier.

For more information, visit and follow us on Twitter @hurricanelabs.