Getting Started with CTF

HIEN DO
10:54 22/06/2018

We’ve created a small guide to get you started with CTF and more or less infosec in general. There are a few selected resources for each of the major CTF disciplines that should help you get up to speed in those.

Prerequisites

Basic Linux/Unix skills and some knowledge of programming should suffice to begin with.

CTF in general

Probably the best way to get started with CTF is by reading through the CTF Field Guide, so go there first. Additionally there is also the following blog post on how to get started with CTF.

Other than that you’ll usually learn a lot from writeups for CTF challenges (especially for ones you tried but couldn’t solve). A writeup is just a guide walking you through the solution for a challenge. There is a CTF writeup repository on github that contains a lot of them. You’ll also find writeups for the corresponding CTFs on ctftime.org.

If you want to practice a bit (and you definitely should!) you can always take a look at previous CTF challenges here or the overthewire wargames, but first check out the following section.

You should also make yourself familiar with ctftime.org. The site keeps a global team rating for all CTFs and upcoming events will be announced there. You’ll also find some other useful things around the site.

How to get started in…

Binary Exploitation

Personally I can strongly recommend the book “Hacking - The Art of Exploitation”. There is also the following extensive tutorial on exploitation: A Journey into Exploitation.

For a nice overview on memory corruption bugs and exploitation see this white paper History of Memory Corruption Attacks (pdf) or Project Zero’s blogpost series on memory corruption vulnerabilities. That should get you up to speed on memory corruption bugs so you can recognize these vulns in the challenges and then do more research on them if needed.

To develop some more practical skills you can take a look at the microcorruption game. It’s a browser based exploitation course guiding you through memory corruption exploitation on an embedded platform. It’s designed for beginners but you will need to read up on the topics on your own.
Also, you should give the overthewire wargames mentioned above a try.

For a decent introduction to Return Oriented Programming (ROP) see this article.

Cryptography

The cryptopals challenges are a nice set of exercises that guide you through modern cryptography and how to break it. You’ll also be doing quite a lot of programming throughout the course.

Web Security

The Web Application Hackers Handbook is basically the bible of web security. It will take some time reading through the book but it’s definitely worth it.

You can also take a look at the following online challenges/courses for learning some web security:

Moreover there is the Open Web Application Security Project which also has some nice resources on web security.

Reversing

To get started with reversing you’ll probably want make yourself familiar with some assembly first. There are a lot of guides on that topic out there, just pick one and write a HelloWorld Linux program in assembly.

After that a good idea is to grab a disassembler, compile some small C code snippets and load the resulting binary into your disassembler of choice to see what the compiler generated. This will give you a good feeling for assembly and help you recognize code patterns and functions in disassembled binaries. You can also take a look at some crackmes (for example from here) to get some hands-on experience.

Moreover I can recommend the books “Reversing - Secrets of Reverse Engineering” and (if you already have some reversing skills) “Practical Reverse Engineering”.

Coding

While not really a core CTF discipline some good coding skills will definitely proof useful (not only for CTF obviously). There are some nice sites to practice on out there, for example talentbuddy or hackerrank.
Also, there are some websites organizing regular coding contests like the Google Code Jamtopcoder or codeforces.

No tagNo tag. Use category_name
TIN LIÊN QUAN
Cảnh báo: Bài viết này có văn phong phóng khoáng, có chứa một số từ ngữ teen code, nếu bạn không quen teen code hãy làm quen trước khi đọc, và quay lại sau nhé .    From kzy with love <3 Cuối tuần định về quê bung lụa xong...
CTF ngày càng trở nên quen thuộc và gần gũi với các bạn học sinh, sinh viên có niềm đam mê học hỏi trên lĩnh vực an toàn thông tin. CTF dần trở thành một sân chơi bổ ích nhằm trau dồi, nâng cao khả năng và hiểu biết về...
WHAT IS “HACKING?” Hacking is all about curiosity, exploration, and deeply understanding how something works. Most people who identify as “hackers” are working very hard to protect people and to make technology easier and safer to use. Unfortunately, when most people hear or read about hacking in the news, the story is about people...