Block_CTF(2) Block_CTF(2)

Name

tips-for-getting-started — Practice makes perfect! All our past challenges are available for you to play. Solutions published by various past teams are also available.

Challenges requiring backend services are packaged using Docker.

Check out our previous years' challenges challenges.

Work environment

• Some challenges are going to require and/or be easier to solve with Linux. If you don’t have a native Linux install, you can either use a Liveusb or a virtualizer (e.g. VirtualBox). You can use Ubuntu or any other distribution.
• You can save some time by pre-installing common programming languages, such as gcc (or llvm), golang, perl, ruby, python.
• Vagrant-CTF is a VM filled with useful tools.

Common linux command line tools

• curl and wget let you download files and data
• xxd or od let you convert files to hex and the other way around
• file and strings let you get a sense of the type of the file

Network

• Burp, Charles, Paw and Postman let you proxy web traffic and intercept/modify it. 8 Best Paros Proxy Alternatives lists other similar tools.
• WireShark and scapy let you inspect and record network packets.
• NetworkSorcery has diagrams for many network protocols.
• Common protocols are specified as RFCs.

Web tools and web security

• Learn to use your browser's developer console (enables debugging web apps, copy network requests as curl commands, etc.)
• The Tangled Web and Browser Security Handbook are useful resources
• OWASP maintains information on web vulnerabilities, and this blog post discusses the top 10 most common flaws

X86 assembly

• gdb (debugger).
• lldb: LLVM's debugger.
• objdump (disassembler).
• ldd to view linked libraries.
• pwndbg a gdb plugin. Several other plugins (peda, gef) exist.
• Ghidra: open source reverse engineering tool developped by the NSA.
• Radare: a portable reversing framework.
• IDA pro. The leading debugger for reverse engineering (~$500).
• https://defuse.ca/online-x86-assembler.htm online x86/x64 assembler and disassembler.
• https://www.onlinedisassembler.com/odaweb/ another online disassembler.
• A thorough list of disassemblers. Some are free, others aren't.
• Linux syscalls

Practice, practice, practice!

• Cryptopals is a collection to ~50 cryptography challenges. They become progressively harder and they cover topics related to modern ciphers.
• Overthewire has been around for over 10 years and has some great challenges.
• Wechall - list of wargame websites.
• CTFtime - calendar of past and upcoming CTF events.
• A great list on security.stackexchange.com.
• Advent Of Code - annual programming event. The puzzles are not security related, but the event and subreddit are fun.

Other resources

• Cryptography And Coding Information
• https://trailofbits.github.io/ctf/
• http://resources.infosecinstitute.com/tools-of-trade-and-resources-to-prepare-in-a-hacker-ctf-competition-or-challenge/#gref
• http://resources.infosecinstitute.com/what-a-challenger-perceives-in-most-of-the-ctf-categories-or-challenges/#gref
• https://www.endgame.com/blog/technical-blog/how-get-started-ctf
• https://github.com/ctfs/resources
• https://github.com/sobolevn/awesome-cryptography
• https://www.doyler.net/security-not-included/ctf-resources
• http://phrack.org/issues/49/14.html
• https://github.com/fdiskyou/Zines

See also

Work_at_Block(1), Privacy_policy(1), Code_of_conduct(1)