Capture The Flag(CTF) Challenges

CTFs are texts or strings that are purposefully hidden.

📌Find your sweet spot (challenges that are hard to you at the moment but not too demanding/arduous)

CTF Challenges Platforms

📌To be better in CTF, build a team and each member to specialize in

• CTF101
• CTF365
• Hacker101
• CTF Time
• EchoCTF
• Hack the box
• Hack this site
• Hack A Sat
• Over the wire
• Pico CTF
• Ringzer0CTF
• ROot Me
• Try Hack Me

Smart-Contract based CTFs

• Damn Vulnerable DeFi
• OpenZeppelin

War Games Platforms

• Over The Wire
• Smash The stack

Software tools for CTF.

Virtualization

• VMware
• Virtual Box

Programming

• Python
• Pwntools

---

Types of CTFs

1. Jeopardy

• Reverse
• Pwn
• Crypto
• Web
• Mise

2. Attack & defence

3. Vulnerability discovery

• Source code Auditing
• Binary auditing

4. Exploit creation

Categories of CTFs.

• 1. General skills
• 2. Cryptography
• 3. Forensics
• 4. Web exploitation
• 5. Reverse engineering
• 6. Uncategorized/Miscellaneous
• 7. Binary exploitation

General Skills

• Scripting
• Operating System Specific
• System Administration

Cryptography

Cryptography is the practice and study of techniques for securing communication and information from adversaries.

Uses of Cryptography

• Hiding malicious code
• Hiding malicious communication
• Key exchange algorithms
• Secure copyrighted software code
• Secure web traffic i.e passwords

Types of Cryptography

• Symmetric Key Cryptography
• Asymmetric Key Cryptography
• Hash Functions

More info on Cryptography

Forenscis

📌It's important to note that Forensics in CTFs is not 100% compared to real-world forensics.

• File
• Filesystem
• Memory
• Network

For more info on forensics

Web Exploitation

Web exploitation is the process of exploiting vulnerabilities in web applications to gain unauthorized access or perform malicious actions.

• Known exploited vulnerabilities
• Programming languages
• Tech stacks

Web Exploitation Tools

• Burp suite

Miscellaneous

Miscellaneous challenges in CTFs are tasks that do not fit neatly into other predefined categories. These challenges often test a wide range of skills and creativity.

Examples of Miscellaneous Challenges

• Steganography - Hiding information within images, audio, or other files.
• Encoding/Decoding - Working with various encoding schemes like Base64, Morse code, or custom ciphers.
• Trivia - Answering cybersecurity-related questions or solving puzzles.
• OSINT (Open Source Intelligence) - Gathering publicly available information to solve a challenge.
• Logic Puzzles - Solving riddles or logical problems.

Tools for Miscellaneous Challenges

• CyberChef - A versatile tool for data analysis and manipulation.
• StegOnline - A tool for analyzing and extracting hidden data from images.
• Online Decoders - Websites for decoding Base64, ROT13, or other encodings.

Reverse Engineering

• Assembly & machine code
• C/C++, Rust programming
• Disassembly
• Debugger
• Decompiler

More info on Reverse Engineering

Binary Exploitaion

• Buffers
• Calling convection
• Format string vulnerabilities
• Global offset table(GOT)
• Registers
• Return oriented programming(ROP)
• The heap
• The stack

---

External Resources.

Books

• Gray Hat hacking

Github repositories

• Awesome-CTF by Apsdehal

Youtube Channels

• Hacker101
• LiveOverflow
• The Cyber Mentor
• IppSec

Websites

• CTF Learn
• Forenscis wiki
previous Top Next