What are CTFs?
CTFs are a kind of hacking competition where you often need to find a "flag", a particular text string. There are three types of CTF: jeopardy, attack&defense and boot2root.
Boot2root CTFs are vulnarable machines that have to be hacked to obtain root or administrator privileges and read one or more flags.
In attack & defense CTFs, participants have one or more virtual machines with some vulnerable exposed services. The aim is both to defend your services and to attack those of others to get flags and earn points. The team with more points wins the competition.
In jeopardy CTFs there are one or more challenges, each of which give you a flag and some points. The team with more points wins the competition. There are various types of jeopardy CTFs, for example:
-web, where you have to hack a web site
-steganography, where you have to found information hidden in files or images
-cryptography, where you have to decrypt a message
-pwn, where you typically have to exploit a server
-reversing, where you have to reverse an application.
Where do I start?
Below there are some resources to learn and to practice
Web:
The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws - by Dafydd Stuttard and Marcus Pinto
Web application pentesting with Mutillidae II
Damn Vulnerable Web Application
Cryptography:
Pwn:
Hacking: the art of exploitation - by Jon Erickson
The Shellcoders Handbook. Discovering and Exploiting Security Holes - by Chris Anley, John Heasman, Felix "FX" Lindner and Gerardo Richarte
Reversing:
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation - by Bruce Dang, Alexandre Gazet and Elias Bachaalany
Boot2root
No comments:
Post a Comment