CTF Ready ? 

$WHOAMI

• CyberSec member
• Software engineering student
• InfoSec enthusiast
• CTF player
• Debian fan & contributor
• Intern @ Digitus (Blockchain startup)

$Desc ctf

• Capture_The_Flag is a computer security competition

$ls ctf

​Attack/Defense ( classic )

Jeopardy (task-based)

$LS Categories

• PWN
• Web Security
• Cryptography
• Reverse Engineering
• Digital Forensic
• Steganography

PWN

Remote System/service

x86-32, x86-64

Sources: NO

Binary: YES

Discovery vulnerabilities & use exploits
 

Tools:

-GDB , strace , objdump , ...

Web security

Remote Web Application

CGI, PHP, Python, Ruby, Perl, etc..

Discover vulnerabilities and hack the website

Tools :

-BurpSuite , nmap , sqlmap , firebug , ...

Cryptography

- Symmetric/Asymmetric, historical, special cryptosystems

- Decrypt cipher texts, find weaknesses in crypto algorithms

Tools :

-cryptool , hashdump , john the ripper  , ...

Reverse Engineering

- Binary files

- X86-32, X86-64

- Windows, Linux, Android, iOS, etc..

- Analyze binaries and extract the flag

Tools :

-IDA pro , OllyDBG , peda , ...

Digital forensics

- Network dumps, memory dumps, disk image, etc..

- File systems, network protocols, file formats, forensic software, etc..

- Not hard for newcomers

Tools :

-dd , strings , CAINE , Volatily , ...

Steganography

- Media file (vectorial picture, sound file, video file), network dump, etc..

- Classical or special steganography agorithms

- Analyze the source data/container and extract the hidden flag

- Not hard for newcomers

Tools:

-Steghide , pngCheck , Audacity , Gimp , ...

$locate ctf

$Practice

https://www.cybrary.it/course/python/

https://github.com/ctfs

https://github.com/JonathanSalwan/ROPgadget

https://github.com/zardus/ctf-tools

https://github.com/csi-ensi

Let's practice

http://www.bsideslisbon.org/challenge/31337/index.html