#Beginner Guide | How to get started in CTF
In this write-up, you will get to know about #CTF, Challenges, Tools for solving the #CTF challenges, Practice Platforms, Resources and Youtube Channels for #CTFs
What is #CTF?
#CTF is the abbreviation for “Capture The Flag”. #CTFs are the challenges in which you just find the #Flag from your #Hacking Skills. The goal of CTF is just finding the Flags.
There are three common types of CTFs : i) Jeopardy Style CTFs, ii) Attack-Defense Style CTFs & iii) Mixed Style CTFs.
Jeopardy Style CTF :
#Jeopardy-style CTFs has a couple of questions (tasks) in range of categories. For example, Web, Forensic, Crypto, Binary or something else. Team can gain some points for every solved task. More points for more complicated tasks usually. The next task in chain can be opened only after some team solve previous task. Then the game time is over sum of points shows you a CTF winner. Famous example of such CTF is Defcon CTF qualifiers.
Attack-Defense Style CTFs :
#Attack-Defense Style CTF is another interesting kind of competitions. Here every team has own network(or only one host) with vulnerable services. Your team has time for patching your services and developing exploits usually. So, then organizers connects participants of competition and the wargame starts! You should protect own services for defence points and hack opponents for attack points. Historically this is a first type of CTFs, everybody knows about #DEF CON CTF — something like a World Cup of all other competitions.
Mixed Style CTFs :
#Mixed Style CTF is a mix style CTF of Jeopardy and Attack-Defense. Mixed competitions may vary possible formats. There can be an attack-defense competition having a few jeopardy tasks set as bonuses or a jeopardy competition with a global task including an attack-defense dynamic. It may be something like wargame with special time for task-based elements (e.g. #UCSB iCTF).
#Cryptography involves encrypting or decrypting a piece of data.
Tools :- CyberChef, FeatherDuster, Hash Extender, padding-oracle-attacker, PkCrack, RSACTFTool, RSATool, XORTool, Cryptii, Keyboard Shift, and many more.
#Steganography is tasked with finding information hidden in files or images.
Tools :- StegCracker, Steghide, Openstego, Stegsolve, Online stego tool, and many more.
iii) Binary Exploitation/pwn
It is basically exploiting a binary file and exploiting a server to find the flag.
Tools :- readelf, formatStringExploiter, DLLInjector, libformatstr, and many more.
iv) Reverse engineering
#Reverse Engineering in a CTF is typically the process of taking a compiled (machine code, bytecode) program and converting it back into a more human readable format.
Tools :- ltrace, Hopper, Binary Ninja, gdb, IDA, radare2, Ghidra, apktool, Androguard, and many more.
Tools :- BurpSuite, Commix, Hackbar, Raccoon, SQLMap, DirBuster, gobuster, nikto, wpscan, CloudFlare Bypass, Edit This Cookie, File or Directory(robots.txt, /.git/, /admin/), and many more.
#Forensics challenges can include file format analysis, steganography, memory dump analysis, or network packet capture analysis. Any challenge to examine and process a hidden piece of information out of static data files (as opposed to executable programs or remote servers) could be considered a Forensics challenge.
Tools :- split, pdfinfo, pdfimages, pdfcrack, pdfdetach, Keepass, Magic Numbers, hexed.it, foremost, binwalk, Repair image online tool, photorec, TestDisk, pngcheck, pngcsum, Registry Dumper, Dnscat2, pefile, Wireshark, Network Miner, PCAPNG, tcpflow, PcapXray, qpdf, Audacity, sonic visualiser, ffmpeg strings, file, grep, scalpel, bgrep, hexdump, xxd, base64, xplico framework, zsteg, gimp, Memory dump - volatility, ethscan, and many more.
Many challenges in CTFs will be completely random and unprecedented, requiring simply logic, knowledge, and patience to be solved. There is no sure-fire way to prepare for these, but as you complete more CTFs you will be able to recognize and hopefully have more clues on how to solve them.
CTFtime.org / All about CTF (Capture The Flag)
Jan. 13, 2020, 9:51 a.m. "WhiteHat Grand Prix 06 - Quals" scoreboard added. Jan. 13, 2020, 9:49 a.m. "TetCTF 2020"…
Hack The Box :: Penetration Testing Labs
Hack The Box provides a wealth of information and experience for your security team. Train your employees or find new…
Vulnerable By Design ~ VulnHub
VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer…
Capture The Flags, or CTFs, are a kind of computer security competition. Teams of competitors (or just individuals) are…
Home - CTFlearn - CTF Practice - CTF Problems / Challenges
CTFlearn is an ethical hacking platform that enables tens of thousands to learn, practice, and compete. We host an…
The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of…
picoCTF - CMU Cybersecurity Competition
picoCTF is a free computer security game targeted at middle and high school students, created by security experts at…
Home - RingZer0 CTF
RingZer0 Team's online CTF offers you tons of challenges designed to test and improve your hacking skills through…
Youtube Channels :
just a wannabe hacker... -=[ ❤️ Support me ]=- Patreon per Video: https://www.patreon.com/join/liveoverflow YouTube…
HackerSploit is the leading provider of free and open-source Infosec and cybersecurity training. Our goal is to make…
Learn everything about hacking. E-learning for mathematic and programming. Learn for free. Explain through video…
John Hammond | February 1st, 2018 This repository, at the time of writing, will just host a listing of tools and…
A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to…
CTF Series : Forensics - tech.bitvijays.com
If you are looking for hidden flag in an image first check with file, exiftool command, and make sure the extension is…
This article shares Tuan's (GSoC13 Student) investigations about the metadata structure in JPEG files. It also…
Introduction | CTF Resources
This repository aims to be an archive of information, tools, and references regarding CTF competitions. CTFs…
CTF Field Guide
"Knowing is not enough; we must apply. Willing is not enough; we must do." - Johann Wolfgang von Goethe We're glad…
CTFtime.org / Writeups
Capture The Flag, CTF teams, CTF ratings, CTF archive, CTF writeups
This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a…
This repository contains the materials as developed and used by RPISEC to teach Modern Binary Exploitation at…
There are some problems with CTF write-ups in general: They're scattered across the interwebs They don't usually…
Ctf solutions from p4 team. Contribute to p4-team/ctf development by creating an account on GitHub.
This cheasheet is aimed at the CTF Players and Beginners to help them understand the fundamentals of Privilege…