CTFs

Writeups / Files for some of the Cyber CTFs that I've done

I've also included a list of CTF resources as well as a comprehensive cheat sheet covering tons of common CTF challenges

[!NOTE] There is now a web mirror of this repo at hackback.zip

Table of Contents

• Resources

  • YouTube Channels
  • Practice / Learning Sites
    • CTFs
    • General
    • Pwn
    • Rev
    • Web
    • Crypto
    • Smart Contracts
    • Cloud
    • Pentesting

• CTF Cheat Sheet

  • Forensics / Steganography
    • General
    • Audio
    • Image
    • Video
    • Machine Image
    • Pcap
  • Pwn / Binary Exploitation
    • General
    • Buffer overflow
    • PIE (Positional Independent Execution)
    • NX (Non-executable)
    • ROP (for statically compiled binaries)
    • Stack Canary
    • Format String Vulnerabilities
    • Shellcode
    • Return-to-Libc
  • Reverse Engineering
    • SMT Solvers
    • Reversing byte-by-byte checks
    • Searching strings with gef
  • Web
    • Fuzzing input fields
  • Crypto

    • CyberChef

    • Common Ciphers

    • RSA

      • Grab RSA Info with pycryptodome
      • Chinese Remainder Theorem (p,q,e,c)
      • Coppersmith attack (c,e)
      • Pollards attack (n,e,c)
      • Wiener Attack (n,e,c)

    • Base16, 32, 36, 58, 64, 85, 91, 92

  • Box
    • Connecting
    • Enumeration
    • Privilege escalation
    • Listen for reverse shell
    • Reverse shell
    • Get interactive shell
      • Linux
      • Windows / General
  • OSINT
  • Misc

Resources

YouTube Channels

• John Hammond
  • Used to make a lot of CTF videos, but has moved on to other things
  • Still a ton of useful videos. The CTF ones especially are amazing for teaching people brand new to cyber.
• Live Overflow
  • Makes extremely interesting and in-depth videos about cyber.
  • Has an amazing pwn series
• IppSec
  • Makes writeups of every single HackTheBox machine
    • Talks about diff ways to solve and why things work. Highly recommend
• Computerphile
  • Same people as Numberphile, but cooler. Makes really beginner-level and intuitive videos about basic concepts.
• pwn.college
  • ASU professor that has tons of videos on pwn
  • Guided course material: https://pwn.college/
  • Tons of practice problems: https://dojo.pwn.college/
• PwnFunction
  • Very high-quality and easy-to-understand animated videos about diff topics
  • Topics are a bit advanced, but easily understandable
• Martin Carlisle
  • Makes amazing writeup videos about the picoCTF challenges.
• Sam Bowne
  • CCSF professor that open sources all of his lectures and course material on his website
• UFSIT
  • UF Cyber team (I'm a bit biased, but def one of the better YouTube channels for this)
• Gynvael
  • Makes amazingly intuitive video writeups. Has done the entirety of picoCTF 2019 (that's a lot)
• Black Hills Information Security
  • Security firm that makes a ton of educational content
  • Always doing free courses and webcasts about security topics
• stacksmashing
  • Amazing reverse engineering & hardware hacking videos
  • Has a really cool series of him reverse engineering WannaCry
• Ben Greenberg
  • GMU prof with a bunch of pwn and malware video tutorials
  • A bit out-of-date, but still good
• InfoSecLab at Georgia Tech
  • Good & advanced in-depth lectures on pwn
  • Requires some background knowledge
• RPISEC
  • RPI University team meetings
  • Very advanced and assumes a bit of cs background knowledge
• Matt Brown
  • Embedded Security Pentester
  • Makes great beginner-friendly videos about IoT hacking

Talks

Here are some slides I've put together: hackback.zip/presentations

Practice / Learning Sites

CTFs

• PicoCTF
  • Tons of amazing practice challenges.
  • Definitely the gold standard for getting started
• UCF
  • Good overall, but great pwn practice
  • I'm currently working on putting writeups here
• hacker101
  • CTF, but slightly more geared toward pentesting
• CSAW
  • Down 90% the time and usually none of the connections work
  • If it is up though, it has a lot of good introductory challenges
• CTF101
  • One of the best intros to CTFs I've seen (gj osiris)
  • Very succinct and beginner-friendly

General

• HackTheBox
  • The OG box site
    • Boxes are curated to ensure quality
  • Now has some CTF-style problems
  • Now has courses to start learning
• TryHackMe
  • Slightly easier boxes than HackTheBox
  • Step-by-step challenges
  • Now has "learning paths" to guide you through topics
• CybersecLabs
  • Great collection of boxes
  • Has some CTF stuff
• VulnHub
  • Has vulnerable virtual machines you have to deploy yourself
  • Lots of variety, but hard to find good ones imo

Pwn

• pwnable.kr
  • Challenges with good range of difficulty
• pwnable.tw
  • Harder than pwnable.kr
  • Has writeups once you solve the chall
• pwnable.xyz
  • More pwn challenges
  • Has writeups once you solve the chall
  • You can upload your own challenges once you solve all of them
• pwn dojo
  • Best collection of pwn challenges in my opinion
  • Backed up with slides teaching how to do it & has a discord if you need help
• nightmare
  • Gold standard for pwning C binaries
  • Has a few mistakes/typos, but amazing overall
• pwn notes
  • Notes from some random person online
  • Very surface-level, but good intro to everything
• Security Summer School
  • University of Bucharest Security Course
  • Very beginner-friendly explanations
• RPISEC MBE
  • RPI's Modern Binary Exploitation Course
  • Has a good amount of labs/projects for practice & some (slightly dated) lectures
• how2heap
  • Heap Exploitation series made by ASU's CTF team
  • Includes a very cool debugger feature to show how the exploits work
• ROPEmporium
  • Set of challenges in every major architecture teaching Return-Oriented-Programming
  • Very high quality. Teaches the most basic to the most advanced techniques.
  • I'm currently adding my own writeups here
• Phoenix Exploit Education
  • Tons of binary exploitation problems ordered by difficulty
  • Includes source and comes with a VM that has all of the binaries.

Rev

• challenges.re
  • So many challenges 0_0
  • Tons of diversity
• reversing.kr
• crackmes.one
  • Tons of crackme (CTF) style challenges
• Malware Unicorn Workshops
  • Free workshops about Reverse engineering and Malware Analysis

Web

• websec.fr
  • Lots of web challenges with a good range of difficulty
• [webhacking.kr](https:/