CTF learning route! One of the most detailed none! (recommended collection)

1. Introduction to CTF

Recently, many friends have privately messaged me in the background, asking how to get started with CTF.

I personally think that before getting started with CTF, everyone should first understand what CTF is, and what is your purpose of learning CTF;

Secondly, it is best to have the corresponding programming ability. If you don't have these abilities at all, you may be dismissed directly.

After all, during the competition, I often write a script and conduct an audit.

The nonsense is over, for getting started with CTF, the current environment is much better than when I first came into contact with it in 2014 and 2015. Back then, there were very few resources, and SQL injection around WAF was considered a problem.

At present, the domestic atmosphere is obviously much better, and a large number of excellent platforms have emerged. As a beginner, you often encounter a very critical problem: which direction to learn.

Personally, if you don’t know what to learn, you can first learn Misc to cultivate your interest, and then think about the direction you are interested in while doing the questions.

Secondly, the future development is also a very important thing. If you plan to retry network security after graduation, you need to think about the future development of Web and Pwn.

What positions can you do, and the corresponding ability, development space, salary, etc. that these positions require.

1.1. CTF question reappearance platform

• BUUCTF

1. Reproducible environment with a large number of matches
2. The CTF reappearance platform that uses dynamic target drones earlier in China · Regularly holds various open competitions
3. Provide platform open source environment · Complete game Writeup

• CTFHub

1. All kinds of competitions over the years
2. More systematic skill tree
3. A relatively complete set of CTF tools
4. A comprehensive event calendar
5. A fuller game WriteUp

• My bug

1. An earlier domestic CTF reappearance platform (bugku was famous when buu and ctfhub were not yet popular) Relatively basic topics
2. More complete WriteUp

• Pwnable

1. Suitable for Pwn beginners, the topic is more friendly

1.2. Events and information

• DEF CON CTF

1. The top international CTF event
2. Main Event + Wild Card
3. The final will be held at the same time as DEF CON

• CTFTime

1. Comprehensive international CTF event information·
2. More complete CTF team information·
3. More authoritative CTF team ranking.
4. Major competitions WriteUp
5. Major events calendar

• BUUCTF

1. I said it before, I won't repeat it

• XCTF International League

1. Earlier domestic CTF league
2. The first domestic CTF competition held overseas
3. Has a certain reputation internationally
4. Some schools can add points or even guarantee research
    

There are too many competitions of all kinds, so I can’t list them here. You can play some school competitions and small competitions in the early stage, advance to the iSpring and Autumn, XCTF, and directly to CTFTime various international competitions in the later stage.

1.3. Blogs and forums

• Prophet Community: https://xz.aliyun.com.
• Kanxue Forum: bbs.pediy.com/.
• Anquanke: anquanke.com/.
• FreeBuf freebuf.com/。
• P God Blog leavesongs.com/.
• Code Audit t.zsxq.com/UrJiUBY ·
• Full of loopholes t.zsxq.com/fEmluBe.
• CTFWP@Nu1 Lt.zsxq.com/JluJi23

1.4. Books and Wiki

• CTF WiKi

1. Advanced knowledge in CTF competition.
2. High-quality questions in the CTF competition ·
3. A comprehensive learning path
4. Completely open source, can be deployed offline

• From 0 to 1: The growth path of CTFer

1. Edited by Nu1L Zhan team
2. Covering the learning paths of all directions of CTF.
3. Teamwork and management experience sharing

• CTF special training camp

1. By FlappyPig
2. Common CTF question types and problem solving methods
3. Various race mode skills

• White hats talk about web security

1. Classic Books for Web Beginners
2. It is suitable for the direction of Web to read before learning CTF

• Encryption and Decryption (4th Edition)

1. Must-read books for reverse entry
2. Derived from actual combat, guiding actual combat.
3. buy it
    

2. Advanced stage

At this time, you have successfully left Novice Village, and it is entirely up to your ability to do some CTF corresponding questions. If you haven't joined the team yet, you can hurry up and join the school team or a reliable alliance.

At this stage, you need to participate in a large number of high-quality competitions, and quickly learn various new skills and accumulate experience through competition training. Through these a large number of competitions, you have mastered the skills of quick code auditing (other directions are similar, here is the Web as an example), and you can try to start from CTF to actual combat. Through the skills learned in CTF, start submitting your first vulnerability, the first CVE, and start focusing on more cutting-edge directions.

2.1. CTF team and talent training

Talent training is an eternal topic. Before I graduated, I also worked on talent training in Huchang for a period of time. Let me briefly talk about it based on my own team leadership experience.

The most important thing for the CTF team is to find like-minded partners. Of course, there will be a problem involved here, that is, the school team and the alliance team. I personally think that the school team and the alliance team do not conflict, but if both sides request to participate in the same game, one should choose to participate and not communicate with the other team during the game.

For schools where network security is a new discipline and the team is weak, I personally think that joining the alliance is a good choice. In the alliance, you can meet leaders from various schools and fields, and everyone learns from each other and makes progress together. This can speed up your learning and expand your network.

When you already have a certain ability, you can feed back what you have learned to the school girls in the school team to accelerate the improvement of the school team's skills. Among them, the PPT, curriculum system, question bank, and shooting range for the training of juniors and juniors must be well preserved, and the accumulation of technology will facilitate subsequent students to continue a new round of learning and education on this basis.
 

For those who want to form a CTF team, I mainly offer some small suggestions.

• In the initial stage of formation - we must find like-minded partners and gather the core; ·
• Captains need not only technology, but also management and communication skills;
• Screen the personnel, understand their details, and prevent the existence of "inner ghost" players who have been involved in multiple teams;
• If this "inner ghost" still likes PY, he will cheat you to death;
• Internal communication is also very important, such as: CTF review, various technical exchanges. Don't be in groups with water every day;
• Make certain plans, such as this year's goal is to rush into DEF CON;
• Choose some suitable collaboration tools and manage permissions well;
• Need to let the team members have a sense of belonging and honor, hold a game of their own, or organize some offline parties and competitions? ;
• When the team grows up, it is necessary to consider the development of personnel, not just CTF;
• Need to consider the addition of new blood, how to attract and find these people?
• The team needs to survive, some game prize money can be drawn into the team fee, and some training work can be done. ·
• Reasonable use of these team fees to provide games and team uniforms that are not reimbursed for travel?
• ...Too many, I will come back when I think about it when I have time

Whether it is a league team or a school team, it is very important to accumulate knowledge, whether it is Wiki, WP, training courseware and screen recording. All these things need time to accumulate, and only when you have these accumulations can you use these accumulations to build your core competencies and attract more newcomers.
 

2.2, 0day vulnerability mining and transformation

As mentioned earlier, at this time, you should use the skills learned in CTF to start submitting your first vulnerability, the first CVE, and start focusing on more cutting-edge directions, so how should you start? Since I am in the direction of Web The suggestions given may be very limited and are for reference only.

web security

• Start trying to independently audit some CMS, from simple to complex frameworks; ·
• From the common PHP in CTF to more current Java, NodeJs, etc.; ·
• Visit more forums, such as the prophet community;
• Try to open your mind and dig out the loopholes of common tools; ·
• Find a security vendor to move bricks during the summer vacation and accumulate practical experience;
• Appropriate volume—volume, see what people are studying;·
• If necessary, you can try to learn Re and Pwn;

Ps: If you are not particularly clear about other directions, I will not make random suggestions. Based on my experience in the Internet of Things and the Internet of Vehicles, here are some small suggestions, suitable for reference in the binary direction

• Learn - some hardware security knowledge, such as how to extract firmware? ·
• Reverse engineer some real devices;
• Reproduce some public vulnerabilities
• If buying equipment is too expensive, you can use Xianyu properly and refund for no reason within seven days (don't hit me); ·
• Start simple and develop a sense of accomplishment and interest first. It is too difficult and easy to dismiss at the beginning; ·
• Digging a loophole by yourself, reporting a CVE, etc., seeing the thanks will give you a sense of accomplishment ·
• Try to keep up with the latest bugs
   

off topic

Many people feel that CTF is out of touch with actual combat. Yes, many CTF competition questions do not have much meaning now, it is more like making questions for the sake of making questions. But when you abandon those meaningless competitions and participate in some high-quality competitions, you will find that a large number of high-quality competitions are using Oday or very cutting-edge technology to make questions. In the CTF competition, you have mastered the ability to learn quickly, the methods and skills of mining vulnerabilities, the mining of cutting-edge vulnerabilities, and the writing of exploit scripts and tools. Do you still think that CTF is meaningless now?
 

3. Retirement stage (advanced workers)

Graduation is approaching at this stage, and you have to start looking for a job. Be careful not to miss the autumn recruitment, or it will be very troublesome. When looking for a job, in addition to the company, the leader and the platform are also very important. It will be very cool to follow the right leader. Party A's salary will be relatively higher, while Party B is more inclined to the project but the salary will be lower. This depends on personal choice, and the situation of each laboratory is not the same, so you can look at the specific situation. (Personally, it is suggested that Party B can work for two years first, for reference only)

Fresh graduates should remember that their eyes are high and their hands low!!!! This is very important!!! Many people get money too quickly when they play games, and they don’t pay much money for training games, so they think it’s easy to make money. When recruiting, I often see fresh graduates with good abilities, and they are 20k to 30k at every turn. Do you really know what 30k means? It is recommended to hire directly from the BOSS first, and look for the approximate price. Don't ask the price too much, and don't ask it to be too low. Asking the price with HR is a science. If you are interested, we will talk about it in the next issue!
 

Network Security Zero-Basic Learning Route

For students who have never been exposed to network security, I have prepared a detailed learning and growth roadmap for you. It can be said that it is the most scientific and systematic learning route. It is no problem for everyone to follow this general direction. If you need it, you can tell me in the comment area.