diff options
Diffstat (limited to 'ctf')
-rw-r--r-- | ctf/crypto.md | 2 | ||||
-rw-r--r-- | ctf/index.md | 19 | ||||
-rw-r--r-- | ctf/pwn.md | 3 | ||||
-rw-r--r-- | ctf/rev.md | 8 | ||||
-rw-r--r-- | ctf/web.md | 8 |
5 files changed, 36 insertions, 4 deletions
diff --git a/ctf/crypto.md b/ctf/crypto.md index 7ff4bd2..f1b061d 100644 --- a/ctf/crypto.md +++ b/ctf/crypto.md @@ -5,6 +5,8 @@ title: some notes on cryptography # cryptography +## practice + - [cryptohack](https://cryptohack.com) - [cryptopals](https://cryptopals.org) diff --git a/ctf/index.md b/ctf/index.md index bf2cdd4..aaf7d94 100644 --- a/ctf/index.md +++ b/ctf/index.md @@ -11,8 +11,21 @@ title: ctf # all my knowledge about capture the flag -[capture the flag](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity)) is a wonderful activity in which one gets together with a merry band of friends to solve puzzles for the sake of solving puzzles and learning things. such puzzles are often security-related. +[capture the flag](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity)) is a wonderful activity in which one gets together with a merry band of friends to solve puzzles for the sake of solving puzzles and learning. such puzzles are often security-related. -capture the flag competitions ("ctfs") are hosted by established teams, or organizations, or corporations. there is typically at least one running at any given time: although most usually start fridays and run for a day or two. +capture the flag competitions ("ctfs") are hosted by established teams, or security organizations, or corporations. +there is typically at least one running at any given time: although most usually start fridays and run for a day or two. +a list of past, present, and future ctfs can be found on [ctftime](https://ctftime.org/). -while competing in ctfs can be group work: practice is overwhelmingly a solo activity. to learn how to play ctfs, one must learn to be very comfortable learning on their own. +while competing in ctfs can be group work: practice is overwhelmingly a solo activity. +to get good at playing in ctfs, one must learn to be very comfortable learning on their own. + +## [crypto](cryptography) + +## [rev](reverse-engineering) + +## [pwn](binary-exploitation) + +## [web](web-security) + +## [misc](miscellaneous-problems) @@ -5,6 +5,8 @@ title: some notes on binary exploitation # binary exploitation +## practice + - [pwn.college](https://pwn.college) - [ionetgarage](https://io.netgarage.org/), [pwnable.kr](https://pwnable.kr/), [pwnable.tw](https://pwnable.tw), [pwnable.xyz](https://pwnable.xyz)... - [the nightmare book](https://guyinatuxedo.github.io/) @@ -12,5 +14,6 @@ title: some notes on binary exploitation ## tooling +- [pwntools](https://github.com/Gallopsled/pwntools) - [angr](https://angr.io/) - [z3](https://github.com/Z3Prover/z3), [cvc5](https://cvc5.github.io/), [stp](https://stp.github.io/), [yices2](https://yices.csl.sri.com/): smt solvers @@ -5,9 +5,17 @@ title: some notes on reverse engineering # reverse engineering +## practice + - [crackmes.one](https://crackmes.one) ## tooling - [ghidra](https://ghidra-sre.org/) [free] - [binary ninja](https://binary.ninja/) [$75 for students] +- [GDB](https://www.sourceware.org/gdb/) +- [GEF](https://github.com/hugsy/gef) + +## language-specific tips: go + +## language-specific tips: rust @@ -5,14 +5,20 @@ title: some notes on web security # web security +## practice + +- [picoctf.org](https://picoctf.org) - [websec.fr](https://websec.fr) +- https://portswigger.net/web-security/all-materials ## tooling +- curl - devtools - burp suite - mitmproxy -- ??? +- [webhook.site](https://webhook.site/) +- [dnslog.cn](http://www.dnslog.cn/) ## common attacks |