From fa1e6f75ceb4f2a99dc1c107bfe60434356cfe19 Mon Sep 17 00:00:00 2001 From: JJ Date: Tue, 20 Feb 2024 17:28:49 -0800 Subject: meow --- ctf/crypto.md | 2 ++ ctf/index.md | 19 ++++++++++++++++--- ctf/pwn.md | 3 +++ ctf/rev.md | 8 ++++++++ ctf/web.md | 8 +++++++- 5 files changed, 36 insertions(+), 4 deletions(-) (limited to 'ctf') diff --git a/ctf/crypto.md b/ctf/crypto.md index 7ff4bd2..f1b061d 100644 --- a/ctf/crypto.md +++ b/ctf/crypto.md @@ -5,6 +5,8 @@ title: some notes on cryptography # cryptography +## practice + - [cryptohack](https://cryptohack.com) - [cryptopals](https://cryptopals.org) diff --git a/ctf/index.md b/ctf/index.md index bf2cdd4..aaf7d94 100644 --- a/ctf/index.md +++ b/ctf/index.md @@ -11,8 +11,21 @@ title: ctf # all my knowledge about capture the flag -[capture the flag](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity)) is a wonderful activity in which one gets together with a merry band of friends to solve puzzles for the sake of solving puzzles and learning things. such puzzles are often security-related. +[capture the flag](https://en.wikipedia.org/wiki/Capture_the_flag_(cybersecurity)) is a wonderful activity in which one gets together with a merry band of friends to solve puzzles for the sake of solving puzzles and learning. such puzzles are often security-related. -capture the flag competitions ("ctfs") are hosted by established teams, or organizations, or corporations. there is typically at least one running at any given time: although most usually start fridays and run for a day or two. +capture the flag competitions ("ctfs") are hosted by established teams, or security organizations, or corporations. +there is typically at least one running at any given time: although most usually start fridays and run for a day or two. +a list of past, present, and future ctfs can be found on [ctftime](https://ctftime.org/). -while competing in ctfs can be group work: practice is overwhelmingly a solo activity. to learn how to play ctfs, one must learn to be very comfortable learning on their own. +while competing in ctfs can be group work: practice is overwhelmingly a solo activity. +to get good at playing in ctfs, one must learn to be very comfortable learning on their own. + +## [crypto](cryptography) + +## [rev](reverse-engineering) + +## [pwn](binary-exploitation) + +## [web](web-security) + +## [misc](miscellaneous-problems) diff --git a/ctf/pwn.md b/ctf/pwn.md index 053ea28..eaa2ee8 100644 --- a/ctf/pwn.md +++ b/ctf/pwn.md @@ -5,6 +5,8 @@ title: some notes on binary exploitation # binary exploitation +## practice + - [pwn.college](https://pwn.college) - [ionetgarage](https://io.netgarage.org/), [pwnable.kr](https://pwnable.kr/), [pwnable.tw](https://pwnable.tw), [pwnable.xyz](https://pwnable.xyz)... - [the nightmare book](https://guyinatuxedo.github.io/) @@ -12,5 +14,6 @@ title: some notes on binary exploitation ## tooling +- [pwntools](https://github.com/Gallopsled/pwntools) - [angr](https://angr.io/) - [z3](https://github.com/Z3Prover/z3), [cvc5](https://cvc5.github.io/), [stp](https://stp.github.io/), [yices2](https://yices.csl.sri.com/): smt solvers diff --git a/ctf/rev.md b/ctf/rev.md index ba82c48..e39710b 100644 --- a/ctf/rev.md +++ b/ctf/rev.md @@ -5,9 +5,17 @@ title: some notes on reverse engineering # reverse engineering +## practice + - [crackmes.one](https://crackmes.one) ## tooling - [ghidra](https://ghidra-sre.org/) [free] - [binary ninja](https://binary.ninja/) [$75 for students] +- [GDB](https://www.sourceware.org/gdb/) +- [GEF](https://github.com/hugsy/gef) + +## language-specific tips: go + +## language-specific tips: rust diff --git a/ctf/web.md b/ctf/web.md index 93612ae..a68f693 100644 --- a/ctf/web.md +++ b/ctf/web.md @@ -5,14 +5,20 @@ title: some notes on web security # web security +## practice + +- [picoctf.org](https://picoctf.org) - [websec.fr](https://websec.fr) +- https://portswigger.net/web-security/all-materials ## tooling +- curl - devtools - burp suite - mitmproxy -- ??? +- [webhook.site](https://webhook.site/) +- [dnslog.cn](http://www.dnslog.cn/) ## common attacks -- cgit v1.2.3-70-g09d2