Learning Resources

These are all taken from a forum post over on the picoctf.com challenge

CTFs and many of these security competitions require something slightly different than what you may learn in school. Sometimes you’ll encounter challenges that you may know something from — ie. applying RSA to the challenge you mentioned. Oftentimes, the best way to learn these topics is by doing lots and lots of practice. The way many of these students learn the material is through practice and lots and lots of self-research — Google is your best friend in this case. From your example with the second RSA challenge — you could do research on different RSA equations, how to crack RSA, etc. depending on what you think you need to solve the challenge. The key is spending enough time and figuring out what you need to learn/research to be able to solve the challenge.

In general, all the master challenges and most challenges in levels 1–2 should be pretty doable. Levels 3 and 4 may require much more time and effort to research or learn how to do something in particular. You may sometimes get stuck on a problem for several hours — try switching to another problem for a while or step back and try a different approach.

Here are some various resources for more practice down the road. Hope this helped!
LiveOverflow
http://liveoverflow.com/index.html
Probably the best resource to get started. LiveOverflow runs a YouTube channel that goes through different hacking challenges and explains things from the ground up for people with little to no hacking experience. Heard about a big hack in the news? LiveOverflow also takes those and explains how those attacks work so that you can understand it as well.

picoCTF 2013 and picoCTF 2014
https://2017.picoctf.com/past
(Note: Some of these may be offline so our servers can handle the picoCTF 2017 load). Something cool about picoCTF is that we keep all our past competition challenges up! Feel like you want to try some challenges on your own time? You can register and work on these old security challenges whenever you want.

CSAW HSF
https://hsf.csaw.io/
A high school cyber security competiton made by NYU. While it used to mainly cover digital forensics topics (think FBI/crime-scene type security), it now covers other topics like binary exploitation. Just note that it only runs in September-October each year.

The ‘CTF Field Guide’
https://trailofbits.github.io/ctf/
https://ctftime.org/ctf-wtf/
“What’s a CTF? How do I start?”
“Are these hacking challenges legal?!?!” (yes they are by the way)
These site can give a beginner some quick pointers on how you might start to learn hacking and cyber security topics.

HSCTF
http://hsctf.com/
“a CTF designed by high schoolers for high schoolers” This year’s HSCTF runs in May, but they have lots of practice problems if you’d like to get started now: https://jacobedelman.gitbooks.io/hsctf-3-practice-problems/content/.

CTF Writeups
https://github.com/ctfs
Found an old security competition/CTF and want to know how the problems were solved? This is a huge community-driven collection of write ups to CTF competition challenges for the past several years. Just don’t rely on them too much — the more you try the problems yourself and the less you rely on the writeups, the better you’ll get. Maybe look through some of them to learn how experienced CTFers solve these problems.

Various Other Challenge Sites
(Huge list at http://captf.com/practice-ctf/ + http://www.wechall.net/sites.php + some I practice with.)

Binary Exploitation Practice
Pwnable.kr (http://pwnable.kr)
OverTheWire (http://overthewire.org/wargames/)
Gracker (http://gracker.org/)
SmashTheStack (http://smashthestack.org/)
Microcorruption (https://microcorruption.com/login)
Exploit Exercises (https://exploit-exercises.com/)
Pwnable.tw (https://pwnable.tw/)
Reverse Engineering Practice
Reversing.kr (http://reversing.kr)
NetGarage (https://io.netgarage.org/)
Web Exploitation Practice
HackThisSite (https://www.hackthissite.org/)
Websec.fr (https://websec.fr/)
Webhacking.kr (http://webhacking.kr/)
Mixed Practice
Root-me (https://www.root-me.org)
CTFLearn (https://learn.abctf.xyz or https://ctflearn.com)
Hax.tor (http://hax.tor.hu/welcome/)
Ringzer0 (https://ringzer0team.com/challenges)
Hellbound Hackers (https://www.hellboundhackers.org/)
Vulnhub (https://www.vulnhub.com/)
W3Challs (https://w3challs.com/)
Hacker Gateway (https://www.hackergateway.com/)