how to get started ctf-泓源视野

how to get started ctf

how to get started ctf插图

CTF: Capture The Flag

CTF: Capture the Flag is a type of information security competition that challenges competitors to solve a variety of tasks. It is a special type of cybersecurity competition designed to challenge computer participants to solve computer security problems or capture and defend computer systems. Typically, these competitions are team-based and attract a diverse range of participants including students, enthusiasts, and professionals. A CTF competition may take a few hours, a full day, or several days.

Why CTF?

Computer security represents a challenge for education due to its interdisciplinary nature. The topics of computer security range from theoretical aspects of computer technology to applied aspects of information technology management. This makes it difficult to encapsulate the feeling of constituting computer security professionals.

How to Get Started into CTF | Importance Of CTF in Bug Bounties

Types of Capture The Flag challenge

JEOPARDY STYLE:

Jeopardy-style CTFs have a couple of tasks in a range of categories. For example, web, forensics, crypto, binary, or anything else. The team can gain some points for each solved task. More points usually for more complex tasks. The next task in the series can only be opened after some team resolves the previous task. Then the playing time is more than the sum of digits which shows you the CTF winner

ATTACK DEFENSE STYLE:

Attack-defense is another interesting type of competition. Every team here has its own network (or only one host) with rude services. Your team has time to patch your services and usually develop adventures. So, then the organizers add the contest participants and the battle begins! You should protect your own services for defense points and hack opponents for attack points.

MIXED STYLE

Possible formats for mixed competitions may vary. This can be something like a wargame with specific times for task-based elements.

Challenge Types & Tools

Cryptography:-

In the case of CTFs, the goal is usually to crack or clone cryptographic objects or algorithms to reach the flag.

  • Hash Extender — A utility tool for performing hash length extension attacks
  • PkCrack — A tool for Breaking PkZip-encryption
  • RSATool — Generate private key with knowledge of p and q
  • XORTool — A tool to analyze multi-byte xor cipher

Steganography

In the context of CTFs steganography usually involves finding the hints or flags that have been hidden with steganography. Most commonly a media file will be given as a task with no further instructions, and the participants have to be able to uncover the message that has been encoded in the media.

  • Stegsolve — Apply various steganography techniques to images
  • Zsteg — PNG/BMP analysis
  • Exiftool — Read and write meta information in files
  • Pngtools — For various analysis related to PNGs

Web

Web challenges in CTF competitions usually involve the use of HTTP (or similar protocols) and technologies involved in information transfer and display over the internet like PHP, CMS’s (e.g. Django), SQL, Javascript, and more.

  • Postman — Add on for chrome for debugging network requests
  • Raccoon — A high-performance offensive security tool for reconnaissance and vulnerability scanning
  • SQLMap — Automatic SQL injection and database takeover tooli
  • W3af — Web Application Attack and Audit Framework.

Forensics

In a CTF context, “Forensics” challenges can include file format analysis, steganography, memory dump analysis, or network packet capture analysis

  • Barf — Binary Analysis and Reverse engineering Framework
  • Binary Ninja — Binary analysis framework
  • BinWalk — Analyze, reverse engineer, and extract firmware images.
  • Boomerang — Decompile x86 binaries to C
  • Frida — Dynamic Code Injection
  • GDB — The GNU project debugger
  • GEF — GDB plugin
  • IDA Pro — Most used Reversing software
  • Jadx — Decompile Android files

Practice

[+] CTF Calendar

CTFtime.org / All about CTF (Capture The Flag)

May 18, 2020, 8:05 p.m. Team "TwoSixNone" added as an alias to "TwoSixNine". May 18, 2020, 2:09 p.m. Team "The_WinRaRs"…

ctftime.org

[+] Write-ups to learn CTF

CTFs

Dismiss GitHub is home to over 50 million developers working together. Join them to grow your own development teams…

github.com

[+] How to start CTF

CTF Field Guide

"Knowing is not enough; we must apply. Willing is not enough; we must do." - Johann Wolfgang von Goethe We're glad…

trailofbits.github.io

picoCTF - CMU Cybersecurity Competition

picoCTF is a free computer security game targeted at middle and high school students, created by security experts at…

picoctf.com

TryHackMe | Hacking Training

TryHackMe is an online platform for learning and teaching cyber security, all through your browser.

tryhackme.com

CTF 101

Capture The Flags, or CTFs, are a kind of computer security competition. Teams of competitors (or just individuals) are…

ctf101.org

Home - RingZer0 CTF

RingZer0 Team's online CTF offers you tons of challenges designed to test and improve your hacking skills through…

ringzer0ctf.com

[+] Hard CTF

Plaid CTF 2020

Edit description

plaidctf.com

HITCON CTF 2019

Qualification: Online Jeopardy Oct 12 10:00 AM ~ Oct 14 10:00 AM, 2019 (GMT+8, 48 hours) Currently 2019 HITCON CTF…

ctf.hitcon.org

Vulnerable By Design ~ VulnHub

VulnHub provides materials allowing anyone to gain practical hands-on experience with digital security, computer…

www.vulnhub.com

Home | CSAW

CSAW is the most comprehensive student-run cyber security event in the world, featuring 9 hacking competitions…

ctf.csaw.io

Dragon Sector

Dragon Sector is a Polish security Capture The Flag team. It was created in February 2013 and currently has 17 active…

dragonsector.pl

[+] PHP Challenge (Real World CTF)

HackMD - Collaborative Markdown Knowledge Base

One Line PHP Challenge without session.upload ### Contact Me wupco1996@gmail.com ### Tribute to

hackmd.io

[+] Networking / Linux Challenges

Wargames

The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of…

overthewire.org

[+] VPS (Virtual Private Server)

DigitalOcean - The developer cloud

We make it simple to launch in the cloud and scale up as you grow - with an intuitive control panel, predictable…

digitalocean.com

[+] Hack The Box (Pentesting style CTF)

Hack The Box :: Penetration Testing Labs

Hack The Box provides a wealth of information and experience for your security team. Train your employees or find new…

hackthebox.eu

[+] Web Application CTF

Websec

Web security challenges from the people of websec.

websec.fr

Hacker101 CTF

The Hacker101 CTF is a game designed to let you learn to hack in a safe, rewarding environment. Hacker101 is a free…

ctf.hacker101.com

[+] Binary Exploitation CTF

Pwnable.tw

ABOUT Pwnable.tw is a wargame site for hackers to test and expand their binary exploiting skills. HOW-TO Try to find…

pwnable.tw

[+] Reverse Engineering CTF

서비스 오류 안내

Edit description

reversing.kr

[+] Cryptography

The Cryptopals Crypto Challenges

We can't introduce these any better than Maciej Ceglowski did, so read that blog post first. We've built a collection…

cryptopals.com

Youtube Channels:-

LiveOverflow

just a wannabe hacker... -=[ ❤️ Support me ]=- Patreon per Video: https://www.patreon.com/join/liveoverflow YouTube…

www.youtube.com

HackerSploit

HackerSploit is the leading provider of free and open-source Infosec and cybersecurity training. Our goal is to make…

www.youtube.com

IppSec

Video Search: https://ippsec.rocks

www.youtube.com

HackHappy

The ethical hacking channel where I focus on creating videos for aspiring ethical hackers, programmers, computer…

www.youtube.com

Resources:-

Aaditya Purani - Ethical Hacker

Here are few Writeups for CSAW CTF. We participate as dcua team, group of awesome people trying the best effort for the…

aadityapurani.com

aadityapurani/My-CTF-Solutions

Dump of codes for the challenges I attempted / solved in various Capture the Flag challenges. Not intended to be very…

github.com

JohnHammond/ctf-katana

John Hammond | February 1st, 2018 This repository, at the time of writing, will just host a listing of tools and…

github.com

Introduction | CTF Resources

This repository aims to be an archive of information, tools, and references regarding CTF competitions. CTFs…

ctfs.github.io

CTFtime.org / Writeups

Capture The Flag, CTF teams, CTF ratings, CTF archive, CTF writeups

ctftime.org

zardus/ctf-tools

This is a collection of setup scripts to create an install of various security research tools. Of course, this isn't a…

github.com

Hope you will start playing CTFs after go through this write-up.

Special Thanks to My Tesla Friend Aaditya Purai for sharing different types of challenges.

本文由 泓源视野 作者:admin 发表,其版权均为 泓源视野 所有,文章内容系作者个人观点,不代表 泓源视野 对观点赞同或支持。如需转载,请注明文章来源。
3

发表评论

Protected with IP Blacklist CloudIP Blacklist Cloud
您是第8231130 位访客, 您的IP是:[172.70.38.89]