- General
- How To Learn
- Web Exploitation
- Reverse Engineering
- Cryptography
- Binary Exploitation
- Hardware Hacking + RF
- Penetration Testing
- Resources + Practice
- Tools
This repository is the master repo for the b01lers CTF team's training materials. The intent of this material is to teach our team's new members how to play CTF by teaching in as short a time as possible the basics of every category of challenge typically seen.
Disclaimer: Some of the materials contained within may be harmful if misused. b01lers does not endorse using any of this information for evil, it is provided ONLY for educational purposes.
The best way to learn CTF is to practice. To this end, we have provided a self-contained docker container to remove the environment setup barrier of entry. A docker container is similar to a virtual machine and will allow you to run our customized pre-setup machine to go through all the training with.
That docker container's source can be found here along with installation instructions. Our youtube channel has install instructions for MacOS, Linux, and Windows here.
The content in this repository was designed to be used alongside a presenter. You can find the video training sessions here
Our recommendation if you want to learn to play CTF is this:
- Watch and work along with all of the bootcamp training sessions.
- Identify which category you are most interested in based on what you've learned.
- Focusing on that category, use the resources and practice to learn and play as much as possible.
Ultimately, the way to become a 1337 hacker is to play CTF as much as possible, but we hope this is a good introduction. Please feel free to make an issue for any recommendations, edits, etc.
- Basic developer tools:
- Inspect Element
- JS Console
- Builtin Debugger
- Network and storage
- Javascript + client side validation
- HTML + CSS
- HTTP methods and internet infrastructure
- CURL + Postman
- PHP
- Sessions
- Hashing and type confusion
- Databases and SQL Injection
- Cross-Site Scripting (XSS)
- Persistent
- Reflected
- DOM
- Burp Suite
Day 1 rev/day_1/slides:
- Hardware and Data Representations
- Language Types
rev/day_1/01-language-types- Compiled
- Intepreted
- JIT
- Bytecode compiled
- Compiled languages
- The C compiler
rev/day_1/02-compilation-steps - ELF format
rev/day_1/03-readelf-sections - Linux system calls + how programs are run
rev/day_1/04-running-programs-on-linux - Introduction to GDB and debugging
- The dynamic loader (interpreter)
rev/day_1/05-dynamic-call - Program images in memory
- Introduction to assembly language
rev/day_1/06-dynamic-call-asm - Important x86-64 instructions
- Stack and Heap
- Stack frames + function calls
- Calling convention + ABI
- High level RE process
- Assembly construct: selection
rev/day_1/07-selection-challenge
- Assembly construct: selection (review)
rev/day_2/00-selection - Assembly construct: iteration
rev/day_2/02-iteration - Structures
rev/day_2/03-data-structures - Parameter passing
rev/day_2/01-function-calls - Advanced Ghidra features
- Decompilation
- Struct editor
- CFG
- Obfuscation, stripping, optimization
- What is Cryptography:
- Substitution Ciphers
- Caesar Ciphers
- Modular Arithmetic
- Representation of Data
- XOR
- Properties
- Applications
- RSA Preview
- Diffie-Hellman
- Asymmetric and Symmetric Cryptography
- RSA
- pwntools
- Stack Overflows
- Return Oriented Programming
- Partial Overwrites
- Global Offset Table & Libc
- Protections Overview
- Stack Canaries & Ret2Libc
- printf
- Intro to Heap
- Board components
- Interfaces
- Firmware acquisition
- https://xss-game.appspot.com/
- https://www.hackthebox.eu/
- https://www.hackthissite.org/
- http://www.dvwa.co.uk/
- https://tryhackme.com/
REcommended Reading:
- Hacking: The Art of Exploitation, by Jon Erickson
- Reversing: Secrets of Reverse Engineering, by Eldad Eilam
- Assembly Language for Intel-Based Computers, by Kip R. Irvine
- Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, by Dang, Gazet, Bachaalany
- Practical Binary Analysis, by Dennis Andriesse
- The Ghidra Book, by Chris Eagle and Kara Nance
- Just look through here really.
REcommended Tutorials + References:
REcommended Practice:
- Challenges.re
- Crackmes.one
- Microcorruption
- Reversing.kr
- OSX Crackme
- Pwnable.XYZ
- W3Challs.com
- io.netgarage.org
- Crackme Forum
- crackmes.de (mirror)
References/Practive:
Practice:
SEO
Reverse Engineering, RE, Awesome, Tutorial, Guide, Learn, Exploitation, CTF, Capture The Flag, Cryptography, Practical, Pwn, pwn, PWN, Binary Exploitation, Web Exploitation, Web CTF, RE CTF, Pwn CTF, Crypto CTF, Training, Bootcamp, bootcamp, Purdue, University, b01lers, b01lers bootcamp, ctf challenges, practice ctf, ctf teaching