Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
53 views6 pages

CTF - Info

The document provides a comprehensive guide for Capture The Flag (CTF) competitions, including recommended books, websites, tools, and platforms for preparation. It outlines common CTF categories such as web exploitation, reverse engineering, and cryptography, along with associated tools for each category. Additionally, it lists video resources and practice CTFs to enhance skills in cybersecurity challenges.

Uploaded by

Matyas Garcia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
53 views6 pages

CTF - Info

The document provides a comprehensive guide for Capture The Flag (CTF) competitions, including recommended books, websites, tools, and platforms for preparation. It outlines common CTF categories such as web exploitation, reverse engineering, and cryptography, along with associated tools for each category. Additionally, it lists video resources and practice CTFs to enhance skills in cybersecurity challenges.

Uploaded by

Matyas Garcia
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

CTF INFO

Books
1. The Web Application Hacker's Handbook by Dafydd Stuttard and
Marcus Pinto

o Excellent for web security and understanding common


vulnerabilities like XSS, SQL Injection, and CSRF.

2. The Art of Exploitation by Jon Erickson

o Covers the fundamentals of computer systems, networking, and


binary exploitation with practical examples.

3. Metasploit: The Penetration Tester's Guide by David Kennedy et al.

o A great introduction to the Metasploit framework, which is often


used in CTF competitions for penetration testing.

4. Practical Binary Analysis by Dennis Andriesse

o A good resource for reverse engineering and binary exploitation,


which are common categories in CTFs.

5. Real-World Bug Hunting by Peter Yaworski

o Covers real vulnerabilities in modern applications and services,


providing insights into the real-world applications of CTF skills.

Websites
1. CTFTime (ctftime.org)

o This is a central hub for CTF competitions. It tracks events, ranks


teams globally, and provides resources for past CTFs, including
challenges and solutions.

2. Hack The Box (hackthebox.com)

o An interactive, online platform that lets you practice hacking in a


real-world environment. It offers challenges in web exploitation,
reverse engineering, and more.

3. OverTheWire (overthewire.org)
o A set of wargames that focus on basic to advanced exploitation
techniques. Bandit and Narnia are great places to start for
beginners.

4. Root Me (root-me.org)

o Another platform offering various challenges for web exploitation,


reverse engineering, and forensics.

5. picoCTF (picoctf.org)

o A beginner-friendly CTF competition designed by Carnegie Mellon


University. Great for newcomers to CTF.

6. TryHackMe (tryhackme.com)

o Offers rooms with interactive lessons on different cybersecurity


topics, including web exploitation, network security, and forensics.

7. Cybrary (cybrary.it)

o Free online cybersecurity training. You can find courses that align
with the skills needed for CTF challenges.

Tools
1. Burp Suite

o A comprehensive web vulnerability scanner and proxy tool, often


used for web exploitation challenges.

2. Wireshark

o A network protocol analyzer used for network forensics and packet


analysis.

3. Ghidra

o A reverse engineering tool developed by the NSA, great for binary


analysis and reverse engineering.

4. Pwntools

o A Python library used for CTF challenges, especially for writing


exploits in binary exploitation challenges.

5. John the Ripper/Hashcat

o Tools for password cracking, common in forensics and cryptography


challenges.
6. Metasploit

o An essential tool for penetration testing, often useful in CTFs for


exploiting vulnerabilities.

7. IDA Pro (or its free version)

o A powerful disassembler used for reverse engineering.

8. Binwalk

o Used for analyzing and extracting data from binary files, often useful
in firmware exploitation challenges.

9. Nmap

o A network discovery and security auditing tool. Very useful for


reconnaissance.

10. Volatility

o A memory forensics framework that’s often helpful in digital


forensics challenges.

Platforms for CTF Preparation


1. VulnHub (vulnhub.com)

o A platform offering downloadable vulnerable machines for practicing


penetration testing and exploitation techniques.

2. Pwnable.kr (pwnable.kr)

o A collection of challenges specifically designed for binary


exploitation and reverse engineering.

3. CTFlearn (ctflearn.com)

o Offers challenges in various categories like web exploitation, reverse


engineering, and cryptography with a community aspect.

Video Resources & Courses


1. YouTube Channels

o LiveOverflow: A popular channel that explains CTF challenges,


binary exploitation, reverse engineering, and web exploitation.
o John Hammond: Known for detailed walkthroughs of CTF
challenges.

2. Udemy

o Ethical Hacking: Capture the Flag Walkthroughs


A course dedicated to CTF walkthroughs and learning
methodologies used in the competition.

Practice CTFs
1. Google CTF

o Google hosts annual CTFs that you can practice with challenges
even after the competition ends.

2. CSAW CTF

o One of the largest student-run CTFs with beginner-friendly


categories and challenges.

Common CTF Categories


1. Web Exploitation: SQL Injection, Cross-Site Scripting (XSS), Cross-Site
Request Forgery (CSRF).

2. Reverse Engineering: Binary analysis, decompiling software, reverse


engineering malware.

3. Cryptography: Breaking ciphers, understanding cryptographic algorithms.

4. Forensics: Analyzing memory dumps, packet captures, or disk images.

5. Pwn/Binary Exploitation: Buffer overflows, format string vulnerabilities,


return-oriented programming.

6. Steganography: Hiding information in images, audio, or other files.

Categories and Tools


CTF Category Tools Description

Web Exploitation - Burp Suite These tools help with testing web
- OWASP ZAP applications for vulnerabilities like
- SQLmap
- Postman SQL Injection, XSS, CSRF, and web
- Nikto requests manipulation.

Reverse Engineering - Ghidra These tools assist in disassembling


- IDA Pro and analyzing binary programs for
- Radare2 reverse engineering tasks.
- Binary Ninja
- Cutter
- Hopper

Cryptography - CyberChef Used for decrypting or cracking


- Hashcat ciphers, hash functions, or
- John the encryption methods. Python scripts
Ripper help in automating or solving custom
- RSACTool cryptography tasks.
- Python
Scripts

Binary Exploitation - Pwntools Tools for binary exploitation,


- GDB including buffer overflows, return-
- Radare2 oriented programming (ROP), and
- ROPgadget debugging vulnerable programs.
- QEMU

Forensics - Wireshark For analyzing memory dumps, disk


- Autopsy images, packet captures, and file
- Volatility metadata to extract hidden
- Binwalk information or artifacts.
- Foremost
- Strings

Steganography - Stegsolve Tools that help detect, extract, and


- Steghide analyze hidden data embedded in
- zsteg images, audio, or other files.
- OpenStego
- Binwalk
- ExifTool

Networking - Nmap Used for network scanning,


- Netcat (nc) reconnaissance, packet capturing,
- Wireshark and traffic analysis.
- TCPdump
- Masscan
Password Cracking - John the Password-cracking tools used for
Ripper brute force, dictionary attacks, and
- Hashcat cracking hash functions.
- Hydra
- Medusa

Reconnaissance/OSINT - Tools for gathering information from


theHarvester publicly available sources and
- Shodan footprinting a target system or
- Maltego organization.
- Recon-ng

File Analysis - Binwalk Tools to extract hidden content or


- Foremost metadata from various file formats.
- Strings
- ExifTool
- 7-Zip

Miscellaneous - CyberChef These tools/scripts are helpful across


- Python multiple CTF categories for data
(scripts) manipulation, crafting requests, and
- Bash performing general tasks.
(scripts)
- Socat
- jq

You might also like