CTF

Capture The Flag competitions and challenges are the fun part of being a hacker. There isnt any other feeling like compromising a box and getting your name on a score board. They are also a fantastic tool for honing your skills both offensively and defensively.

CTF Resources

• Introduction · CTF Field Guide - TrailofBits Guide. Fantastic for CTF exploit development

• Tools and Resources to Prepare for a Hacker CTF Competition or Challenge

• Shiva108's CTF Notes

• CTF Resources - This repository aims to be an archive of information, tools, and references regarding CTF competitions.

• Rawsec - Guides and challange writeups

• home - 0xRick - One of the best set of challange write ups i have been able to find. Very detailed and easy to read.

• Bishop Fox Pocket CTF Guide - https://know.bishopfox.com/hubfs/mkt-coll/Bishop-Fox-Breaking-and-Entering-Pocket-Guide.pdf

• https://bitsdeep.com/posts/attacking-rsa-for-fun-and-ctf-points-part-1/

• https://cheatsheet.haax.fr/cryptography/rsa/

CTF Tools

• Awesome Lists Collection: CTF Cheatsheets

• AnarchoTechNYC - Hacking club's CTF resources

• ctf tools - This is a collection of setup scripts to create an install of various security research tool that are super valuable in CTF settings

• CTF.Party - A Ruby CLI tool & library to enhance and speed up script/exploit writing for CTF players.

• pwntools - Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible.

• RsaCtfTool - RSA attack tool (mainly for ctf) - retreive private key from weak public key and/or uncipher data

• ShellPop - Shellpop is all about popping shells. With this tool you can generate easy and sophisticated reverse or bind shell commands to help you during penetration tests.

• Karkinos - Karkinos is a light-weight 'Swiss Army Knife' for penetration testing and/or hacking CTF's. Currently, Karkinos offers the following:

  • Encoding/Decoding characters

  • Encrypting/Decrypting text or files

  • Reverse shell handling

  • Cracking and generating hashes

• pyWhat - Command line to to identify...well anything.

• https://github.com/hellman/xortool

• https://github.com/tomchop/unxor

CTF Events

• CTF Time Calendar - Schedule of most of the major Cyber CTF events that are held throughout the year.

• NSA Codebreaker Challenge - Super fun NSA CTF.

• TryHackMe | 25 Days of Cyber - Holiday themed ctf-a-thon

• Metasploit community CTF

• Holiday Hack Challenge - SANS Christmas themed hack challenges. Super fun.

• SANS Netwars - SANS CTF that happens along with each of their in person courses. There is an offensive and defensive version.

• https://metactf.com/ - Great platform for hosting your ow CTFs. They also will host public ones regularly.

CTF Sites

• Hack The Box - Virtual machines that you can connect to in a secure VPN. Pwn it boot to root.

• CyberSecLabs - Great platform with free and premium CTF challenges. Some are set up as labs with helpful video walk-throughs

• https://pwnable.kr/ - 'pwnable.kr' is a non-commercial wargame site which provides various pwn challenges regarding system exploitation.

• Embedded Security CTF - Grab a debugger and solve fun CTF challenges focused around the code of embedded devices.

• Underthewire - Powershell focused CTF challenges

• Commandline Challenge - CTF Style puzzles focusing on your SLI skills

• Root-Me - Complete and create cyber CTF challenges with tons of learning resources.

• www.try2hack.nl - Classic iterative cyber puzzle

• hackthissite.org/ - HackThisSite.org is a free, safe and legal training ground for hackers to test and expand their ethical hacking skills with challenges, CTFs, and more.

• OverTheWire: Wargames - The wargames offered by the OverTheWire community can help you to learn and practice security concepts in the form of fun-filled games.

  • Bandit - Linux command line

  • Natas - Basics of web server security

• picoCTF - Aimed for highschool students, this is a super easy and fun way to get into cyber ctfs.

• hackxor - Hackxor is a realistic web application hacking game, designed to help players of all abilities develop their skills

• Cyber Warfare Range - The Cyber Warfare Range is a live-fire cyber warfare range created to rapidly train/upskill cybersecurity talent with hands-on learning.

• ctf365 - Defend your servers, and launch attacks on others, all using the exact same techniques that work in the real world.

CTF-Style Learning Platforms

• TryHackMe | Learn Cybersecurity - Tryhackme is one of the best places to learn cyber. It has tons of free content set up in small bite sized modules to teach and train on specific cyber topics. Also has a big scoreboard for bragging rights.

• Home | Hacker101 - Great platform with tons of free tutorial videos and CTF challenges to practices your skills on.

• Web Security Academy: Free Online Training from PortSwigger - Replacing the Web application Hackers Handbook, PortSwigger Academy teaches you everything you need to know about web app pentesting and has hands on labs for each learning module.

• Pentester Academy - High quality learning courses and CTF style labs

• PentesterLab: Learn practical penetration testing techniques with hands on CTF style labs

• Virtual Hacking Labs - Full offensive course with multiple real world vulnerability labs to practice your skills

• HackTheBox learning Academy - A new offering from our favorite CTF platform, HTB now has training modules for teaching different elements of penetration testing.

• Immersive Labs - My personal favorite platform with hundreds of different challanges both offensive and defense.

• CTFlearn - Great community and beginner set of CTF challanges to dip your toe in the water.

CTF Writeups

• https://www.jaiminton.com/CTF/

• https://www.hackingarticles.in/ctf-challenges-walkthrough/