Zero-based CTF Getting Started Guide + Tools

Enterprise 2023-06-21 09:01:31 views: null

ctf Getting Started Guide

 CTF toolkit acquisition address: http://www.ctftools.com/
How to get started? How to form a team?
capture the flag capture the flag


type:

Web
cryptography
Logical analysis of pwn programs, exploiting windows, linux, minicomputers
,
etc.


Famous competitions at home and abroad

Overseas:
domestic: xctf league 0ctf Shanghai has both domestic and foreign, very strong


What basics are needed to get started:

1. Fundamentals of programming language (c, assembly, scripting language)
2. Fundamentals of mathematics (algorithms, cryptography)
3. Brainstorming (unconstrained imagination, reasoning and decryption)
4. Physical endurance (staying up all night)

How to get started


1. Catch up on basic knowledge
2. Try to start from the brain hole like a hacker game
3. Starting from the basic questions, generally 100, 200, the highest score is 500, 600. First learn the 100 points well, you can learn from practice, high school ctf From the beginning, it is relatively simple, only involving 1 or 2 points
4. Learn information security professional knowledge 
5. Exercise physical endurance There are competitions on Saturdays and Sundays


How to learn?

1. Analyze the situation of the competition
2. Analyze your own ability and which direction you are most suitable for
3. Choose a more suitable starting point


Analysis problem

PWN and Reverse focus on comprehension of assembly and reverse and understanding of the bottom layer Crypto focuses on in-depth learning of
mathematics and algorithms
The accumulation of vulnerability points
is more complicated. Misc is more complicated. All related to computer security challenges are steganographic, image data analysis and restoration, traffic, big data, game analysis and reverse engineering.


Conventional practice:

Direction A: PWN+Reverse+Crypto randomly matched with
Direction B: Combination of Web+Misc
and Misc, everyone can do it


Introductory knowledge:

What to learn: Linux foundation, computer composition principle, operating system principle, network protocol analysis

Direction A: IDA tool usage (fs plug-in), reverse engineering, cryptography, buffer overflow, etc.
Direction B: top 10 security vulnerabilities in web security, network security, intranet penetration, database security, etc.


a:

Direction A:

RE for Beginners
IDA Pro Authoritative Guide
Demystifying Home Router 0day Vulnerability Mining Technology Customize
the Operating System Your Own
Hacker Attack and Defense Technology Collection: System Actual Combat Chapter with reverse explanations of various systems

B direction:

The authoritative guide to web application security is the most recommended Xiaobai, macro web security
web front-end hacking technology reveals 
hacker cheats-practical guide to penetration testing
hacker attack and defense technology collection web combat all the core basic points of web security, challenging, the most conventional, the most comprehensive , learn well and you will rise in a straight line
Code audit: enterprise-level web code security architecture

Getting Started - Starting from the basic topic (recommended resources) :

http://ctf.idf.cn !!! The first idf laboratory: the topic is very basic, only 1 point
www.ichunqiu.com The topic of the offline final is reproduced
http://oj.xctf.org.cn/xctf Question bank website, past questions, practice field, more difficult
www.wechall.net/challs !!!!!! Very entry-level foreign ctf question bank, many domestic people have grown up from here
http://canyouhack.it/ Abroad, entry, there is mobile security
https://microcorruption.com/login A-direction password, reverse cool game generation
http://smashthestack.org A-direction, concise, foreign, wargames, clearance
http://overthewire.ofg/ wargames/! ! ! ! It is recommended that there is a lot of domestic information in direction A, the old wargame 
https://exploit-exercises.com The old wargame in direction A has a lot of domestic information
http://pawnable.kr/play.php pwn-type playground, less than 100 questions
http:// ctf.moonsoscom/pentest/index.php B-direction Mian's web vulnerability shooting range, basics, core knowledge points
http://prompt.ml/0 B-direction foreign xss test
http://redtiger.labs.overthewire.org/ Foreign sql injection challenge website in direction B, 10 levels, different forms of injection to pass the level, practice step by step

CTF toolkit acquisition address: http://www.ctftools.com/


Getting Started--Promote the game with practice, train with the game

Select a match that already has a writeup

Summarize the problem-solving process and analyze the idea of ​​the questioner

Guess you like

Origin blog.csdn.net/jazzz98/article/details/130900386
Recommended
Arc Browser for Windows 1.0 officially GA
A programmer born in the 1990s developed a video porting software and made over 7 million in less than a year. The ending was very punishing!
Ranking
1. Select Sort
Create a thread thread
3 press to play ball that reach 6
Programmation CUDA (4) : gestion de la mémoire
SpringBoot database connection pool Druid error
E Diudiu App redesign summary
4EVERLAND Hosting now supports SNS+IPFS
About HTTPS
[vue3+vite+ts+element-plu+sass] uses bug records in sass
Interpretation of HUAWEI CLOUD GaussDB (for Influx): Best Practice Data Modeling
Daily
More
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)

Code World

© 2018 codetd.com