CTF Beginner's Guide CTF Beginner's Guide

Others 2022-04-23 01:36:02 views: 0

A Beginner's Guide to CTF

Getting Started with ctf


How to get started? How to form a team?


capture the flag


Types of:

Logic analysis of web
cryptography
pwn program, exploit
misc misc of windows, linux, minicomputer, etc., steganography, data restoration, brain hole, social engineering, reverse of big data related to information security
Reverse windows, linux-like
ppc programming


Famous competitions at home and abroad

Foreign:
Domestic: xctf league 0ctf Shanghai is available at home and abroad, very strong

 


What basics are needed to get started:

1. Fundamentals of programming languages ​​(c, assembly, scripting languages)
2. Fundamentals of mathematics (algorithms, cryptography)
3. Brainstorming (imagination, reasoning and decryption)
4. Physical endurance (staying up all night)

 

How to get started


1. Make up for the basic knowledge
2. Try to start from the brain hole like a hacker game
3. The basic questions are generally 100, 200, and the highest score is 500, 600. First learn 100 points well, you can learn from practice, high school ctf From the beginning, it is relatively simple, only involves 1 or 2 points
4. Learn professional knowledge of information security 
5. Exercise physical endurance There are competitions on Saturday and Sunday


How to learn?

1. Analyze the situation of the competition questions
2. Analyze your own abilities which direction is most suitable for
you 3. Choose a more suitable starting point


Analysis of the competition questions

PWN and Reverse focus on the understanding of assembly and reverse, and the understanding of the bottom layer.
Crypto focuses on the in-depth study of mathematics and algorithms. In-depth study of the
Web is more focused on the challenge of skill accumulation and fast search ability. Regarding the accumulation of vulnerability points,
Misc is more complicated, all related to computer security challenges are steganographic in it, image data analysis and restoration, traffic, big data, reverse game analysis


General practice:

A direction: PWN+Reverse+Crypto random combination
B direction: Web+Misc combination
Misc can be done by everyone


Getting Started:

Contents to be learned: Linux basics, computer composition principles, operating system principles, network protocol analysis

Direction A: IDA tool usage (fs plugin), reverse engineering, cryptography, buffer overflow, etc.
Direction B: Top 10 security vulnerabilities such as web security, network security, intranet penetration, database security, etc.


a:

Direction A:

RE for Beginners
IDA Pro Authoritative Guide Reveals
Home Router 0day Vulnerability Mining Techniques

B direction:

The authoritative guide to web application security is the most recommended Xiaobai, macro web security
web front-end hacking technology reveals 
hacker secrets - penetration testing practical guide
hacker attack and defense technology collection ,Learn it will skyrocket
Code auditing: enterprise-level web code security architecture

 

Getting Started - Starting from basic topics (recommended resources) :

http://ctf.idf.cn !!! The first idf laboratory: the topic is very basic, only 1 point
www.ichunqiu.com has the offline final topic recurrence
http://oj.xctf.org.cn/xctf Question bank website, questions over the years, practice grounds, more difficult
www.wechall.net/challs!!!!!! Very entry-level foreign ctf question bank, many domestic people have grown up from here
http://canyouhack.it/ Abroad, entry, with mobile security
https://microcorruption.com/login A direction password, reverse cool game code
http://smashthestack.org A direction, concise, foreign, wargames, pass
http://overthewire.ofg/ wargames/! ! ! ! It is recommended that there are many domestic materials in the direction A, and the old wargame 
https://exploit-exercises.com The old wargame in the direction A has many domestic materials
http://pawnable.kr/play.php Pwn playground, less than 100 questions
http:// ctf.moonsoscom/pentest/index.php B direction Mian's Web vulnerability shooting range, basics, core knowledge points
http://prompt.ml/0 B direction foreign xss test
http://redtiger.labs.overthewire.org/ B direction foreign sql injection challenge website, 10 levels, different injections in the form of clearance, practice step by step


Tools:
https://github.com/truongkma/ctf-tools
https://github.com/Plkachu/v0lt
https://github.com/zardus/ctf-tools
https://github.com/TUCTF/Tools


Getting Started--Promoting competition with practice, and training with competition

Choose a match that already has a writeup

Summarize the problem solving process and analyze the ideas of the problem maker

Participate in the latest ctf competition
https://ctftime.org/ international competition, there are many basic
http://www.xctf.org.cn/ domestic competition, it is more difficult

 

Forming a team---Portrait of strong members

1. Thinking jumping: Flexibility, will not get into the wall
2. Concentration: do not give up until the solution of the problem
3. Endurance: study technology for one day in a row
4. Team spirit: responsibility, cohesion, sharing

There are 3 strong members and 4 strong captains!


Team formation issues:
recruiting new recruits, training team members, orderly echelons, and strict discipline


Summarized from the Spring and Autumn CTF Beginner's Guide

 

Getting Started with ctf


How to get started? How to form a team?


capture the flag


Types of:

Logic analysis of web
cryptography
pwn program, exploit
misc misc of windows, linux, minicomputer, etc., steganography, data restoration, brain hole, social engineering, reverse of big data related to information security
Reverse windows, linux-like
ppc programming


Famous competitions at home and abroad

Foreign:
Domestic: xctf league 0ctf Shanghai is available at home and abroad, very strong

 


What basics are needed to get started:

1. Fundamentals of programming languages ​​(c, assembly, scripting languages)
2. Fundamentals of mathematics (algorithms, cryptography)
3. Brainstorming (imagination, reasoning and decryption)
4. Physical endurance (staying up all night)

 

How to get started


1. Make up for the basic knowledge
2. Try to start from the brain hole like a hacker game
3. The basic questions are generally 100, 200, and the highest score is 500, 600. First learn 100 points well, you can learn from practice, high school ctf From the beginning, it is relatively simple, only involves 1 or 2 points
4. Learn professional knowledge of information security 
5. Exercise physical endurance There are competitions on Saturday and Sunday


How to learn?

1. Analyze the situation of the competition questions
2. Analyze your own abilities which direction is most suitable for
you 3. Choose a more suitable starting point


Analysis of the competition questions

PWN and Reverse focus on the understanding of assembly and reverse, and the understanding of the bottom layer.
Crypto focuses on the in-depth study of mathematics and algorithms. In-depth study of the
Web is more focused on the challenge of skill accumulation and fast search ability. Regarding the accumulation of vulnerability points,
Misc is more complicated, all related to computer security challenges are steganographic in it, image data analysis and restoration, traffic, big data, reverse game analysis


General practice:

A direction: PWN+Reverse+Crypto random combination
B direction: Web+Misc combination
Misc can be done by everyone


Getting Started:

Contents to be learned: Linux basics, computer composition principles, operating system principles, network protocol analysis

Direction A: IDA tool usage (fs plugin), reverse engineering, cryptography, buffer overflow, etc.
Direction B: Top 10 security vulnerabilities such as web security, network security, intranet penetration, database security, etc.


a:

Direction A:

RE for Beginners
IDA Pro Authoritative Guide Reveals
Home Router 0day Vulnerability Mining Techniques

B direction:

The authoritative guide to web application security is the most recommended Xiaobai, macro web security
web front-end hacking technology reveals 
hacker secrets - penetration testing practical guide
hacker attack and defense technology collection ,Learn it will skyrocket
Code auditing: enterprise-level web code security architecture

 

Getting Started - Starting from basic topics (recommended resources) :

http://ctf.idf.cn !!! The first idf laboratory: the topic is very basic, only 1 point
www.ichunqiu.com has the offline final topic recurrence
http://oj.xctf.org.cn/xctf Question bank website, questions over the years, practice grounds, more difficult
www.wechall.net/challs!!!!!! Very entry-level foreign ctf question bank, many domestic people have grown up from here
http://canyouhack.it/ Abroad, entry, with mobile security
https://microcorruption.com/login A direction password, reverse cool game code
http://smashthestack.org A direction, concise, foreign, wargames, pass
http://overthewire.ofg/ wargames/! ! ! ! It is recommended that there are many domestic materials in the direction A, and the old wargame 
https://exploit-exercises.com The old wargame in the direction A has many domestic materials
http://pawnable.kr/play.php Pwn playground, less than 100 questions
http:// ctf.moonsoscom/pentest/index.php B direction Mian's Web vulnerability shooting range, basics, core knowledge points
http://prompt.ml/0 B direction foreign xss test
http://redtiger.labs.overthewire.org/ B direction foreign sql injection challenge website, 10 levels, different injections in the form of clearance, practice step by step


Tools:
https://github.com/truongkma/ctf-tools
https://github.com/Plkachu/v0lt
https://github.com/zardus/ctf-tools
https://github.com/TUCTF/Tools


Getting Started--Promoting competition with practice, and training with competition

Choose a match that already has a writeup

Summarize the problem solving process and analyze the ideas of the problem maker

Participate in the latest ctf competition
https://ctftime.org/ international competition, there are many basic
http://www.xctf.org.cn/ domestic competition, it is more difficult

 

Forming a team---Portrait of strong members

1. Thinking jumping: Flexibility, will not get into the wall
2. Concentration: do not give up until the solution of the problem
3. Endurance: study technology for one day in a row
4. Team spirit: responsibility, cohesion, sharing

There are 3 strong members and 4 strong captains!


Team formation issues:
recruiting new recruits, training team members, orderly echelons, and strict discipline


Summarized from the Spring and Autumn CTF Beginner's Guide

 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325351261&siteId=291194637
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com