summaryrefslogtreecommitdiff
path: root/ctf
diff options
context:
space:
mode:
Diffstat (limited to 'ctf')
-rw-r--r--ctf/crypto.md2
-rw-r--r--ctf/index.md19
-rw-r--r--ctf/pwn.md3
-rw-r--r--ctf/rev.md8
-rw-r--r--ctf/web.md8
5 files changed, 36 insertions, 4 deletions
diff --git a/ctf/crypto.md b/ctf/crypto.md
index 7ff4bd2..f1b061d 100644
--- a/ctf/crypto.md
+++ b/ctf/crypto.md
@@ -5,6 +5,8 @@ title: some notes on cryptography
# cryptography
+## practice
+
- [cryptohack](https://cryptohack.com)
- [cryptopals](https://cryptopals.org)
diff --git a/ctf/index.md b/ctf/index.md
index bf2cdd4..aaf7d94 100644
--- a/ctf/index.md
+++ b/ctf/index.md
@@ -11,8 +11,21 @@ title: ctf
# all my knowledge about capture the flag
-[capture the flag](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity)) is a wonderful activity in which one gets together with a merry band of friends to solve puzzles for the sake of solving puzzles and learning things. such puzzles are often security-related.
+[capture the flag](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity)) is a wonderful activity in which one gets together with a merry band of friends to solve puzzles for the sake of solving puzzles and learning. such puzzles are often security-related.
-capture the flag competitions ("ctfs") are hosted by established teams, or organizations, or corporations. there is typically at least one running at any given time: although most usually start fridays and run for a day or two.
+capture the flag competitions ("ctfs") are hosted by established teams, or security organizations, or corporations.
+there is typically at least one running at any given time: although most usually start fridays and run for a day or two.
+a list of past, present, and future ctfs can be found on [ctftime](https://ctftime.org/).
-while competing in ctfs can be group work: practice is overwhelmingly a solo activity. to learn how to play ctfs, one must learn to be very comfortable learning on their own.
+while competing in ctfs can be group work: practice is overwhelmingly a solo activity.
+to get good at playing in ctfs, one must learn to be very comfortable learning on their own.
+
+## [crypto](cryptography)
+
+## [rev](reverse-engineering)
+
+## [pwn](binary-exploitation)
+
+## [web](web-security)
+
+## [misc](miscellaneous-problems)
diff --git a/ctf/pwn.md b/ctf/pwn.md
index 053ea28..eaa2ee8 100644
--- a/ctf/pwn.md
+++ b/ctf/pwn.md
@@ -5,6 +5,8 @@ title: some notes on binary exploitation
# binary exploitation
+## practice
+
- [pwn.college](https://pwn.college)
- [ionetgarage](https://io.netgarage.org/), [pwnable.kr](https://pwnable.kr/), [pwnable.tw](https://pwnable.tw), [pwnable.xyz](https://pwnable.xyz)...
- [the nightmare book](https://guyinatuxedo.github.io/)
@@ -12,5 +14,6 @@ title: some notes on binary exploitation
## tooling
+- [pwntools](https://github.com/Gallopsled/pwntools)
- [angr](https://angr.io/)
- [z3](https://github.com/Z3Prover/z3), [cvc5](https://cvc5.github.io/), [stp](https://stp.github.io/), [yices2](https://yices.csl.sri.com/): smt solvers
diff --git a/ctf/rev.md b/ctf/rev.md
index ba82c48..e39710b 100644
--- a/ctf/rev.md
+++ b/ctf/rev.md
@@ -5,9 +5,17 @@ title: some notes on reverse engineering
# reverse engineering
+## practice
+
- [crackmes.one](https://crackmes.one)
## tooling
- [ghidra](https://ghidra-sre.org/) [free]
- [binary ninja](https://binary.ninja/) [$75 for students]
+- [GDB](https://www.sourceware.org/gdb/)
+- [GEF](https://github.com/hugsy/gef)
+
+## language-specific tips: go
+
+## language-specific tips: rust
diff --git a/ctf/web.md b/ctf/web.md
index 93612ae..a68f693 100644
--- a/ctf/web.md
+++ b/ctf/web.md
@@ -5,14 +5,20 @@ title: some notes on web security
# web security
+## practice
+
+- [picoctf.org](https://picoctf.org)
- [websec.fr](https://websec.fr)
+- https://portswigger.net/web-security/all-materials
## tooling
+- curl
- devtools
- burp suite
- mitmproxy
-- ???
+- [webhook.site](https://webhook.site/)
+- [dnslog.cn](http://www.dnslog.cn/)
## common attacks