tips-for-getting-started — Practice makes perfect! All our past challenges are
available for you to play. Solutions published by various past teams are also available.
Challenges requiring backend services are packaged using Docker.
Checkout our 2017 or 2018
- Some challenges are going to require and/or be easier to solve with Linux. If you don’t have a native Linux install, you can either use a Liveusb or a virtualizer (e.g. VirtualBox). You can use Ubuntu or any other distribution.
- You can save some time by pre-installing common programming languages, such as gcc (or llvm), golang, perl, ruby, python.
- Vagrant-CTF is a VM filled with useful tools.
Common linux command line tools
- curl and wget let you download files and data
- xxd or od let you convert files to hex and the other way around
- file and strings let you get a sense of the type of the file
Web tools and web security
- Learn to use your browser's developer console (enables debugging web apps, copy network requests as curl commands, etc.)
- The Tangled Web and Browser Security Handbook are useful resources
- OWASP maintains information on web vulnerabilities, and this blog post discusses the top 10 most common flaws
Practice, practice, practice!
- Cryptopals is a collection to ~50 cryptography challenges. They become progressively
harder and they cover topics related to modern ciphers.
- Overthewire has been around for over 10 years and has some great challenges.
- Wechall - list of wargame websites.
- CTFtime - calendar of past and upcoming CTF events.
- A great list on security.stackexchange.com.
- Advent Of Code - annual programming event. The puzzles are not security related, but the event and subreddit are fun.