The CTF competition is an important way to quickly improve practical network security skills and has become a common method for selecting network security talents in various industries. However, during the process of CTF training, the author of this book found several outstanding problems:
1) There is a serious "last mile" problem in offline CTF competition training , and the level of offline training instructors varies.
2) The cyberspace security disciplines and majors in domestic universities and vocational colleges lack practical and systematic teaching materials and supporting experimental courses . For example, Base64 encoding is a necessary basic knowledge in the network security industry, but the school's teaching materials do not cover this knowledge point, and there are no special experimental courses to explain this knowledge.
3) Most CTF competition books are not friendly enough to newcomers who want to learn cyberspace security technologies. Many beginners cannot find a quick and effective learning method.
In order to solve the above problems, help zero-based learners quickly master basic skills, attract more people to pay attention to the learning of cyberspace security skills, and promote the development of CTF competitions, this book innovatively proposes a new CTF knowledge learning framework and Each chapter is accompanied by a large number of practical exercises . Even novices with no basic knowledge of cyberspace security can independently reproduce the experimental content according to the operations in the book.
This book not only teaches the basic knowledge and operational skills related to cyberspace security, but also discusses the nature of CTF competition questions, focusing on analyzing ideas and methods when facing different types of questions. For example, for the first time, we proposed problem-solving thinking models such as "Image Steganography" and "Reverse True Scripture" , and comprehensively summarized the testing methods for industrial control safety-related knowledge in CTF competitions. Judging from the effects of offline training, these methods are extremely practical.
"Those Things About CTF" popularizes the knowledge of cyberspace security in an easy-to-understand, humorous language in a popular way, thereby improving the public's awareness of cyberspace security, thereby promoting the improvement of the level of the entire industry, and helping our country become a powerful country in cyberspace security. lay a solid foundation.
brief introduction
This book was polished by Professor Li Zhoujun, the instructor of the top CTF team Lancet, and core team members over a period of 4 years. It innovatively proposes a new CTF knowledge learning framework and reflects Professor Li Zhoujun’s many years of teaching essence and team leadership experience. The book covers common topics such as PWN, reverse engineering, and Web, and systematically summarizes the inspection methods of industrial control safety in CTF competitions. It not only teaches basic knowledge and operational skills, but also discusses the essence of CTF competition questions, focusing on analyzing ideas and methods when facing different types of questions.
At the same time, the book's arrangement of CTF competition learning is in line with my country's mainstream computer science knowledge system structure. Professor Li Zhoujun combines students' practical experience to provide a textbook-style practical guidance manual for cyber security space enthusiasts. Follow "IT Reading Ranking" and reply 72991
Readership
1) Readers who want to systematically learn basic network security skills. The original intention of the author of this book is to present the basic knowledge and skills of network security in an easy-to-understand manner. Anyone who is interested in network security can study this book.
2) Technical personnel of government agencies, institutions, state-owned enterprises and other enterprises. For readers in various enterprises who need to participate in CTF competitions, this book can be used as a guide for pre-competition training to help them quickly master network security skills in a short period of time.
3) Students from colleges and universities and vocational schools. For students in colleges and vocational schools, this book can be used as a "quasi-textbook" for them to learn network security knowledge, effectively supplementing the lack of theoretical knowledge and practical skills.
4) Cyber security training and competition practitioners. We hope to make this book a basic textbook and important reference book for network security training and promote the further development of CTF competition and training industry.
Experts recommend
Professor Li Zhoujun has long been engaged in research and teaching in the field of network and information security, and has trained a group of high-level network security talents for the country. At the same time, as a member of the Cyberspace Security First-level Discipline Research and Demonstration Working Group of the Academic Degree Committee of the State Council, he played an important role in the creation and development of this discipline. The Lancet team, guided by Professor Li Zhoujun, has achieved excellent results in CTF competitions such as "Netding Cup", "Qiangwang Cup" and "Pengcheng Cup". This book is created by the Lancet team and creatively proposes a new systematic learning framework for basic network security skills. It is a self-study manual for basic network security skills that is very suitable for "newbies" to get started. At the same time, the book introduces the historical context of network security related theories and technologies with a rigorous attitude, and is equipped with a large number of practical exercises and offline tool kits. It is both informative, interesting and practical, and will be of great benefit to readers. I think this book is a rare masterpiece for CTF training and teaching practical network security skills, and I highly recommend it.
——Fang Binxing , academician of the Chinese Academy of Engineering, network and information security expert, convener of the Cyberspace Security Discipline Evaluation Group of the Academic Degrees Committee of the State Council, deputy director of the Cyberspace Security Professional Teaching Steering Committee of the Ministry of Education
Due to the distinct practical nature and confrontational characteristics of network security, CTF has become an important way to learn and practice network security technology, and is also an important means to examine and select network security professionals. Among the many network security technology books, and even books specifically introducing CTF, this book edited by Professor Li Zhoujun is unique and embodies the essence of his teaching over the years. The book covers common CTF topics such as PWN, reverse engineering, and Web, as well as professional and practical fields such as industrial control system security. It is not only an important guide for network security students and enthusiasts to learn CTF, but also a rare learning material for network security practitioners.
——Duan Haixin , professor at Tsinghua University Network Research Institute, doctoral supervisor, co-founder of Blue Lotus Team, current member of the Cyberspace Security Discipline Evaluation Group of the Academic Degrees Committee of the State Council
Although this book uses CTF as a clue to organize the content, it is also a good introductory learning material for network security. The book explains each technical category from scratch and is equipped with a large number of illustrations that are easy for readers to understand. It can be described as a step-by-step teaching. In addition, in addition to the technical content, this book also tells the history and culture of technological development, which is very worth reading.
——Yu Yang , Tencent Distinguished Scientist, Head of Xuanwu Laboratory
Professor Li Zhoujun and the Lancet team he leads are pioneers in the field of CTF competition training in my country. In the past few years, the Lancet team has won awards in almost all top domestic competitions under the guidance of Teacher Li. This book is anchored by Mr. Li's solid theory and teaching practice, combined with practical experience in guiding students. It provides a textbook-style practical guidance manual for all cyberspace security enthusiasts, and also provides a guide for teaching by organizing CTF teams. The teachers provided a reference lesson plan with clear paths and rich connotations.
——Cai Jingjing , Chairman of Beijing Yongxin Zhicheng Technology Co., Ltd., professor-level senior engineer, selected into the national “Ten Thousand Thousand Persons Plan”, national network security experimental platform project expert, and network security expert of the Ministry of Public Security
This book comprehensively and systematically introduces the important knowledge points of CTF. Readers can gain extensive and in-depth knowledge in the security field by reading this book. For information security students, this book is both an excellent guide to getting started and a valuable resource for improving your skills and becoming proficient in CTF. For those readers who want to enter the security field and engage in research work, reading this book will also be of great benefit. As my graduate tutor, Professor Li Zhoujun’s professional guidance and careful training have had a profound impact on me and I have benefited a lot.
——Gong Guang , chief security researcher of 360 and director of the Vulnerability Research Institute of Digital Security Group, researcher-level senior engineer
Table of contents
目录
Contents目 录
前言
第0章 开启CTF之旅 1
0.0 CTF比赛的历史 1
0.1 CTF比赛的常见赛制 1
0.2 国内外知名的CTF比赛 3
0.3 国内外知名的CTF战队 4
0.4 学习前的实验环境准备 7
0.4.0 虚拟机运行软件 7
0.4.1 搭建Python脚本运行环境 9
0.4.2 搭建Docker使用环境 11
第1章 安全杂项 12
1.0 安全杂项类赛题简介 12
1.1 常见的编码与解码 13
1.1.0 ASCII编码 13
1.1.1 Base64编码 15
1.1.2 Base32编码 18
1.1.3 Base16编码 19
1.1.4 其他Base系列编码 19
1.1.5 Shellcode编码 21
1.1.6 Quoted-printable编码 22
1.1.7 UUencode编码 22
1.1.8 XXencode编码 23
1.1.9 URL编码 24
1.1.10 摩斯码 24
1.1.11 JSFuck编码 25
1.1.12 Brainfuck编码 26
1.1.13 编码类题目的通用解题方法 28
1.2 网络流量分析 30
1.2.0 网络协议的基础知识 31
1.2.1 Wireshark的基本使用方法 33
1.2.2 CTF流量分析的通用方法 42
1.2.3 ICMP 44
1.2.4 Telnet 45
1.2.5 FTP 47
1.2.6 DNS 48
1.2.7 HTTP 50
1.2.8 USB 59
1.2.9 TLS 60
1.2.10 IEEE 802.11 62
1.3 日志分析 65
1.3.0 Web日志及分析方法 65
1.3.1 系统设备日志及分析方法 70
1.4 电子取证分析 75
1.4.0 电子取证的常用技术 75
1.4.1 文件恢复 77
1.4.2 磁盘取证分析方法 79
1.4.3 内存取证分析方法 81
1.5 压缩文件格式与破解 84
1.5.0 ZIP压缩包格式 84
1.5.1 伪加密 87
1.5.2 压缩包密码爆破 89
1.5.3 CRC碰撞破解压缩包 91
1.5.4 已知明文攻击 93
1.6 信息搜集与搜索引擎的高级用法 95
1.6.0 信息搜集方法 95
1.6.1 搜索引擎的高级用法 97
第2章 安全杂项——隐写术专题 99
2.0 隐写术简介 99
2.1 图像隐写方法及信息提取 100
2.1.0 常见的图像隐写方法 101
2.1.1 PNG文件格式及隐写方法 102
2.1.2 JPG文件格式及隐写方法 106
2.1.3 GIF文件格式及隐写方法 110
2.1.4 图像隐写三板斧 115
2.1.5 图像隐写三板斧2.0 124
2.1.6 图像和像素值的转换 133
2.2 音频隐写方法及信息提取 135
2.2.0 常见的音频文件格式解析 135
2.2.1 基于波形图的隐写 137
2.2.2 基于频谱图的隐写 138
2.2.3 音频LSB隐写 139
2.2.4 MP3文件隐写 141
2.2.5 拨号音识别 144
2.2.6 音频隐写总结 146
2.3 视频隐写方法及信息提取 147
2.4 文本隐写方法及信息提取 148
2.4.0 基于文本内容的隐写 149
2.4.1 基于Word文档的隐写 149
2.4.2 基于PDF文档的隐写 151
2.5 二维码 155
2.5.0 QR码的基础知识和常用工具 156
2.5.1 QR码画图 158
2.5.2 QR码修复 159
第3章 密码学基础 161
3.0 密码学简介 161
3.1 古典密码 165
3.1.0 栅栏密码 165
3.1.1 凯撒密码 169
3.1.2 ROT位移密码 170
3.1.3 Atbash密码 172
3.1.4 猪圈密码 172
3.1.5 培根密码 173
3.1.6 简单替换密码 175
3.1.7 仿射密码 177
3.1.8 单表代换密码总结 178
3.1.9 多表代换密码 179
3.1.10 维吉尼亚密码 179
3.1.11 希尔密码 184
3.2 对称密码 185
3.2.0 对称密码的基本模型 185
3.2.1 流密码和分组密码的本质区别 186
3.2.2 xor密码 186
3.2.3 RC4 190
3.2.4 Feistel密码结构 191
3.2.5 DES 194
3.2.6 AES 195
3.2.7 填充 196
3.2.8 分组模式 197
3.3 非对称密码 206
3.3.0 RSA基础 206
3.3.1 模数N相关攻击 208
3.3.2 指数e相关攻击 212
3.3.3 私钥d相关攻击 214
3.3.4 广播攻击 215
3.3.5 ECC基础 217
3.3.6 ECC加密 218
3.3.7 Pohlig_Hellman攻击 219
3.3.8 Smarts攻击 220
3.4 哈希函数 221
3.4.0 哈希函数的基本模型 221
3.4.1 MD5 222
3.4.2 哈希长度扩展攻击 223
第4章 Web渗透基础 228
4.0 引言 228
4.0.0 概述 228
4.0.1 HTTP理论基础 229
4.0.2 环境搭建与工具使用 234
4.1 Web信息收集的技巧 241
4.1.0 端口扫描 241
4.1.1 目录探测 247
4.1.2 指纹识别 255
4.2 暴力破解 258
4.2.0 用户名/密码爆破 258
4.2.1 参数爆破 264
4.2.2 密钥爆破 268
4.2.3 随机数爆破 271
4.2.4 字典 275
4.3 PHP弱类型 277
4.3.0 PHP代码基础 277
4.3.1 PHP弱类型问题 280
4.4 上传漏洞 283
4.4.0 前端JavaScript绕过 287
4.4.1 MIME-Type绕过 288
4.4.2 黑名单绕过 288
4.4.3 .htaccess绕过 289
4.4.4 后缀名绕过 290
4.4.5 图片马 291
4.4.6 其他类型的问题 296
4.5 SQL注入漏洞 297
4.5.0 SQL注入 297
4.5.1 SQL注入漏洞的分类 300
4.5.2 SQL注入漏洞实战 301
4.5.3 SQLmap 307
4.5.4 宽字节注入 309
4.5.5 WAF绕过 310
4.5.6 利用SQL注入读写文件 313
4.5.7 报错注入 314
4.6 文件包含 317
4.6.0 php://filter进阶 321
4.6.1 文件包含的分类 322
4.6.2 文件包含中的截断和phar:// 322
4.7 命令执行 324
4.7.0 危险函数 332
4.7.1 无参数RCE 333
4.8 CSRF与XSS 338
4.8.0 CSRF 338
4.8.1 CSRF防御 340
4.8.2 XSS 341
4.9 SSRF 344
第5章 软件逆向工程 347
5.0 软件逆向工程简介 347
5.0.0 软件是怎么生成的 347
5.0.1 软件逆向工程的定义及目标 349
5.0.2 软件逆向工程的发展历史 349
5.1 CTF软件逆向工程入门 350
5.1.0 逆向题目的特点 350
5.1.1 逆向真经 351
5.2 静态分析方法 352
5.2.0 静态分析的原理和技巧 352
5.2.1 静态分析的常用工具 355
5.2.2 静态分析实战 359
5.3 动态分析方法 383
5.3.0 动态调试的技巧 383
5.3.1 汇编 384
5.3.2 使用OllyDbg进行动态调试 392
5.3.3 使用GDB进行动态调试 399
5.3.4 使用IDA进行本地动态调试 403
5.3.5 使用IDA进行远程动态调试 407
第6章 进入 PWN 的世界 410
6.0 PWN简介 410
6.1 CTF中的PWN 410
6.2 栈溢出入门 414
6.2.0 认识栈结构 415
6.2.1 函数调用过程分析 415
6.2.2 Linux操作系统的基本保护
?机制 418
6.2.3 覆盖返回地址 419
6.2.4 覆盖返回地址到Shellcode 421
6.2.5 编写单个函数的ROP链 423
6.2.6 编写两个函数的ROP链 427
6.2.7 编写多个函数的ROP链 431
6.2.8 ret2syscall 433
6.2.9 用动态链接动态泄露system
?地址并利用 437
6.2.10 64位程序的栈溢出 442
6.2.11 未知远程libc的解法 443
6.3 格式化字符串 443
6.3.0 格式化字符串的原理 443
6.3.1 格式化字符串漏洞的利用 446
6.3.2 通过格式化字符串漏洞泄露
?栈上内容 447
6.3.3 通过格式化字符串漏洞泄露
?任意地址内存 448
6.3.4 通过格式化字符串漏洞覆盖
?任意地址内存 450
6.3.5 64位格式化字符串 456
6.3.6 格式化字符串的综合利用 456
6.4 栈溢出进阶技术 457
6.4.0 栈劫持 457
6.4.1 ropchain 463
6.4.2 Canary保护机制及其利用
?方式 463
6.4.3 __libc_csu_init的利用方式 472
6.4.4 ret2_dl_runtime_resolve 474
6.5 栈溢出和格式化字符串总结 484
第7章 PWN进阶 485
7.0 堆管理器 485
7.0.0 ptmalloc堆管理器的基本功能 485
7.0.1 malloc和free简介 486
7.0.2 内存分配背后的系统调用 487
7.1 堆相关的数据结构 488
7.1.0 malloc_chunk 488
7.1.1 bin 490
7.1.2 fast bin 492
7.1.3 small bin 493
7.1.4 large bin 495
7.1.5 unsorted bin 496
7.1.6 bin 的总结 497
7.2 malloc的基本算法 497
7.2.0 __libc_malloc 497
7.2.1 fast bin分配算法 498
7.2.2 small bin分配算法 499
7.2.3 large bin分配算法1 500
7.2.4 unsorted bin分配算法 501
7.2.5 large bin分配算法2 503
7.2.6 寻找更大的bin链 504
7.2.7 使用top chunk 505
7.2.8 总结 506
7.3 free函数的基本算法 506
7.4 堆利用的基本方法 507
7.4.0 House of Prime 507
7.4.1 House of Lore 508
7.4.2 House of Spirit 509
7.4.3 House of Force 512
7.4.4 House of系列方法总结 514
7.5 链表攻击 514
7.5.0 unlink 514
7.5.1 fast bin 攻击 520
7.5.2 unsorted bin 攻击 524
7.6 其他漏洞形式及其利用 526
7.6.0 off by one 527
7.6.1 off by null 530
7.6.2 fast bin 三重释放攻击 533
7.7 例题讲解 536
7.8 tcache机制及其利用方式 542
7.8.0 tcache的重要数据结构与
?源码解读 542
7.8.1 tcache dup(glibc 2.27) 547
7.8.2 tcache 双重释放(glibc 2.27) 549
7.8.3 tcache dup(glibc 2.29) 551
7.8.4 tcache 双重释放(glibc 2.29) 551
7.8.5 tcache stash unlink(glibc 2.29) 557
7.8.6 tcache stash unlink plus
?(glibc 2.29) 560
7.8.7 tcache stash unlink plus plus
?(glibc 2.29) 562
7.8.8 large bin 攻击1(glibc 2.29) 564
7.8.9 large bin 攻击2(glibc 2.29) 568
7.8.10 tcache 攻击(glibc 2.31) 569
7.8.11 堆利用总结 572
7.9 PWN中的打补丁技术 572
7.9.0 change data 573
7.9.1 add segement 575
7.9.2 compress instruction 578
7.9.3 add logic 580
7.9.4 打补丁技术总结 582
第8章 工业控制系统安全 583
8.0 工业控制系统概述 583
8.0.0 工业控制系统的定义 583
8.0.1 工业控制系统安全概述 586
8.0.2 工业控制系统的组成 588
8.0.3 工业控制系统的架构 601
8.1 工业控制系统编程 607
8.1.0 读懂梯形图 608
8.1.1 学会指令表 633
8.1.2 其他编程语言 650
8.1.3 常见工程文件汇总 653
8.2 工业控制系统通信协议 659
8.2.0 Modbus协议 659
8.2.1 西门子S7协议 669
8.2.2 其他工控协议 680
8.2.3 PLC漏洞利用 691
参考文献 710
- Two books are given away this time
- Activity time: Until 2023-10-08
- How to participate: Follow the blogger, like, favorite and comment below this article.