tips-for-getting-started - Practice makes perfect. Checkout our 2017 or 2018 challenges
(all past challenges are available for download, some require Docker).
- Some challenges are going to require and/or be easier to solve with Linux. If you don’t have a native Linux install, you can either use a Liveusb or a virtualizer (e.g. VirtualBox). You can use Ubuntu or any other distribution
- You can save some time by pre-installing common programming languages, such as gcc (or llvm), golang, perl, ruby, python
- Vagrant-CTF is a VM filled with useful tools
Common linux command line tools
- curl and wget let you download files and data
- xxd or od let you convert files to hex and the other way around
- file and strings let you get a sense of the type of the file
Web tools and web security
- Learn to use Chrome’s developer console (helps with debugging web apps, allows copying network requests as curl commands)
- The Tangled Web and Browser Security Handbook are useful resources
- OWASP maintains information on web vulnerabilities, and this blog post discusses the top 10 most common flaws
Practice, practice, practice!
- Cryptopals is a collection to ~50 cryptography challenges. They become progressively
harder and they cover topics related to modern ciphers.
- Overthewire has been around for over 10 years and has some great challenges.
- Wechall - list of wargame websites.
- CTFtime - calendar of past and upcoming CTF events.
- A great list on security.stackexchange.com.
- Advent Of Code - annual programming event. The puzzles are not security related, but the event and subreddit are fun.