I notice that most answers seem to avoid your question of "How to prepare for a CTF", hence I will chime in.
Firstly, you'll want to do all CTFs from the organizer, especially those with the same title. For example, in the recent TokyoWesterns CTF 2019 (CodeBlue Qualifiers) held last weekend, there was one question, "Slack Emoji Converter Kai" that referenced another CTF question in their previous CTF last year (2018), "Slack Emoji Converter". It required a similar exploitation using Ghostscript and if you did not have the experience, it would have taken an unnecessary amount of time just to read/learn about the exploit.
Secondly, you'll want to perform OSINT on the organizers. You want to know who are the members and what they have published/discovered recently.
Why should you do this?
Just like in the previous example, CTF question writers take inspiration from exploits around them. If they aren't referencing an old exploit, they probably have a new one. The PHPNote question in that CTF required an exploit two of the members jointly published back in June. Teams who were aware of it took just a few hours to make a working exploit, while those who were unprepared took over 12 hours to solve. Read about their recently acquired CVEs and recent publications.
Lastly, you'll want to read up on all top-severity exploits within the last 1-2 years (for high level CTFs) or just common/popular exploits (for beginner CTFs).
Note that this only applies for normal CTFs. I still don't know of a reliable way to prepare for DEFCON Finals.