# CTF
---
## Hacking For Fun and Profit
---
Capture the Flag (CTFs) are a special kind of information security competitions where the participants learn by solving innovative security challenges.
---
## FLAG
### CTFName{S0me_random_t3xt}
---
# Types of CTFs
---
### Jeopardy
Multiple challenges in a range of categories not limited to - web, cryptography, reverse engineering, binary exploitation, forensics, etc.
You get points for solving challenges by submitting "flags", more the points higher you are on the scoreboard.
---
### Attack Defense
Each participant has a VM/network that they defend/patch and attack others simultaneously
---
# How to CTF?
---
### CTFtime
* head over to https://ctftime.org/event/list/upcoming
* Maintains a list of past and upcoming events with scores, challenges and writeups
* Player submitted writeups
---
# Categories to expect
---
### Web
* Given - Website
* Figure out the features and attack surfaces
* Compromise and read the flag - file/db/env
---
### Web - Knowledge
* Types of Vulnerabilities
* XSS
* SSRF
* Logical - Login/logout
* Deserialization
* SSTI
* SQLI
* ...
* Common vulnerability patterns and where to look for them
---
### Web - Tools
* Burp Suite
* python?
* nmap?
---
### Reverse Engineering
* Given - A program - binary(PE, ELF, Mach-O ..), js, bytecode etc
* Figure out how it works - input/output
* "reverse" the logic to get flag
---
### Binary Exploitation
* Given
* A program - binary(PE, ELF ..)
* A remote ip/port where its running
* Figure out how it works - input/output
* Find out exploitable vulnerabilities
* Get shell and/or read flag
---
### Reverse Engineering and Binary Exploitation - Knowledge
* Assembly - x86/64, arm, mips ...
* Executable File Format
* OS internals
* Process
* Memory allocators
* C/C++ and related vulnerability patterns
---
### Reverse Engineering and Binary Exploitation - Tools
* Disassembler/Decompiler
* radare2/cutter
* ghidra
* Hopper
* Binary Ninja
* IDA Pro
---
### Reverse Engineering and Binary Exploitation - Tools ...
* Debuggers
* windbg
* gdb
* lldb
* Instrumentation
* Pin
* DynamoRIO
* python?
---
### Crypto
* Given
* A program - binary(PE, ELF, python script) implementing a crypto system
* A remote ip/port where its running
* Find out weaknesses in the given crypto system/implementation
* Use the weaknesses to "calculate" flag
---
### Crypto - Knowledge
* Classical crypto systems - RSA, AES, DES, DH, ECC
* Classical attack techniques
* Known Implementation problems
* Maths?
---
### Crypto - Tools
* python?
* sage
---
### Misc
* Forensics
* Steganography
* Programming
---
### General Tools/Knowledge
* Command Line Usage
* IDEs - vim, VSCode, Sublime Text
* Programming - python, golang ...
---
## Dos
* Learn
* Try new technologies
* Talk with other teams and players
* Be Active on the IRC/Slack/Telegram/Discord of the CTF
---
## Dont's
* Use automated tools
* Attack the infrastructure
* Be Salty
* Share Flags/Spoilers with other teams
---
# Practice
* https://www.root-me.org/ All categories
* https://backdoor.sdslabs.co/ by IIT Roorkee's CTF team
List at https://www.wechall.net/
---
# :muscle: :tada:
---
### Thank you! :sheep:
You can find me on
- [Twitter](https://twitter.com/_sudhackar)
- or [email](mailto:sudhackar@outlook.com) me
{"metaMigratedAt":"2023-06-15T11:05:27.638Z","metaMigratedFrom":"YAML","title":"CTF","breaks":true,"description":"How-to CTFs","contributors":"[{\"id\":\"f41e1afe-84d9-46f4-ab07-3940dc41035c\",\"add\":3877,\"del\":359}]"}