Friday, September 8, 2017

CTF Tips and Resources

Introduction:
This post has tips and resources for doing a CTF...

Tips and Resources:
First read Trail of Bits CTF guide. It’s very good. https://trailofbits.github.io/ctf/
Also watch these:

If you’re playing CTF with a team, you can do different type of tasks (web, crypto, reversing, exploitation, etc) or focus on one category. Either way, you should aim to learn more of whatever you’re trying to learn.

Prepare your tools. I recommend setting up a virtual machine with Kali Linux. Kali should contain many of the tools you need. Remnux is also a good VM to have. You can also run a VM on a remote system. I personally have a machine setup on Vultr with docker and ctf-tools (https://github.com/zardus/ctf-tools) I highly recommend installing ctf-tools. You can also install tools such as Pwntools (https://github.com/Gallopsled/pwntools). Depending on what you’re trying to do, you’ll need different tools.

I highly recommend writing your own tools as well. You can keep them to yourself or share them. You might participate in more CTFs and you might get challenges where you can reuse the scripts or tools you ended up writing.

Document all of the things you do. While you’re doing a CTF, you should be documenting how you’ve been solving challenges. I recommend using a tool such as KeepNote. KeepNote also lets you export to HTML. Keeping notes of what you’ve done will help you in the future and you can also share them so other people can learn. Typically, some people will publish write-ups from CTFs on how they solved challenges. When documenting, keep the files you were given for challenges and save the challenge text as well so your audience knows what you were actually trying to solve.

Read write-ups! Read write-ups that other people have written. Everyone approaches problems differently. You’ll notice that people have solved a same challenge differently. You can pick up these techniques to use next time. This github page has organized write-ups from different CTFs https://github.com/ctfs Write-ups get posted on https://ctftime.org/ too. Stuff gets posted on securityCTF subreddit too https://www.reddit.com/r/securityCTF/

Here are some useful sites: