Resources

Not sure where to start learning and training?

CTF challenges are commonly seperated into different categories. Below, we explain some categories and provide learning materials for them. If you don’t know which category you prefer or are new to all of this read the Beginner category.

Beginner

The following have no specific order, pick whatever interests you most first and switch as you prefer.

Basic Intrudction to wargames and the Linux CLI

Knowing how to navigate a Linux system is an important skill in general. This wargame will teach you some concepts typically encountered on a Linux system and the general mindset for wargames and CTFs.

• Over the Wire: Bandit

PicoCTF

Pico CTF is a CTF designed for high school and early college Students and covers the typical CTF categories.

• Current PicoCTF

Specific Categories

Binary/Reverse Engineering

In the Binary category you are given some kind of executable program that is already compiled and have to reverse engineer or exploit it. Reverse engineering means understanding what the program does and finding some input which generates the flag. Exploiting means finding some flaw in the program that allows you to take control over the process and get a shell on the system where you then often just read a file ‘flag’ or ‘flag.txt’ that contains the flag

• pwn.college
• Intro to Binary Hacking by LiveOverflow
• Intro to Modern Binary Exploitation
• Book (Intro to classic Binary Exploitation): Hacking - The Art of Exploitation

Crypto

In the Crypto category, you need to attack cryptographic operations, e.g. decrypt a ciphertext without knowing the key or generating a signature for a certain input. Sometimes, this includes “classical” codes like Vigenere cipher, but the more interesting challenges are based on modern crypto systems.

The higher rated crypto challenges commonly require you to read papers about attacks on some crypto system and implementing these attacks. As cryptographic primitives are often based on mathematical problems, a solid understanding of mathematics helps, too.

• CryptoHack offeres an extentive amount of crypto challenges, organized in a CTF-style interface, and ordered in a way to get to know an area step-by-step. Some challenges are also grouped into “courses”.
• In Cryptopals, you learn a number of classical attacks against crypto systems by first implementing the crypto and attacking it afterwards. It does not require any previous knowledge and you can use any programming language you like.
  • Filippo Valsorda has created a series of videos solving the Cryptopals Challenges with Go

Web

• Web Application for playing around with Web exploitation

• Web Security Basics (XSS and CSRF)

• AngularJS Sandbox Bypasses

Play CTFs

Online CTFs

• Overview about upcoming CTFs: CTFtime

Wargames

• RingZer0Team
• Hack the Box