ARBCTF Resources

Useful resources for CTFs.

! = Recommended

!! = Must Read

Books

Exploitation

• Hacking: The Art of Exploitation, 2nd Edition (!!)
• The Shellcoder's Handbook: Discovering and Exploiting Security Holes (!)
• A Guide to Kernel Exploitation: Attacking the Core

Reversing

• Reversing: Secrets of Reverse Engineering

Web

• The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws (!!)
• The Browser Hacker's Handbook

Crypto

• Cryptography Engineering: Design Principles and Practical Applications
• Introduction to Modern Cryptography

Tools

• The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler
• Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers
• Black Hat Python: Python Programming for Hackers and Pentesters

Misc

• A Bug Hunter's Diary: A Guided Tour Through the Wilds of Software Security
• Silence on the Wire: A Field Guide to Passive Reconnaissance and Indirect Attacks
• The Tangled Web: A Guide to Securing Modern Web Applications
• The Art of Software Security Assessment
• Red Team Field Manual

Hosting

• CTFd
• FBCTF

Training / Classes

• Modern Binary Exploitation (RPI)
  • Course Materials
• Offensive Computer Security (Florida State)
  • Offensive Computer Security 2.0
• SEEDLabs (Syracuse)
• ISIS Hack Night (NYU Poly)
• Network Security (Stonybrook)
• Computer Systems Security (MIT)
• Computer Security (Berkeley)
• Open Security Training
• Lena's Reversing for Newbies
• Learn Operating Systems Online

Practice

Wargames

Someone else runs these machines and gave YOU permission to exploit them to proceed to the next level. Start at level0 and proceed to become a 1337 hacker.

• Smash The Stack
• Over The Wire
• IO
• Arizona Cyber Warfare Range
• HackTheBox

Exploitable VMs

Download a VM and hack away at it on your own machine. Perfect for those rare times you don't have internet but need to hack something.

• Exploit-Exercises
• Vuln Hub
• Metasploitable

Reversing

Reversing challenges that you can download and reverse engineer to your hearts desire.

• Reversing.Kr
• Challenges.re
• OS X crackmes

Attack / Defend

Attack / Defend style challenges aren't typically hosted online. But these ones are.

• CTF365 (Free version is just sploitable access)

Game hacking

Remember when you were an aspiring computer nerd and said "I want to be a game developer!" well, this is sort of like that except for hackers.

• Pwnadventure 2
• Pwnadventure 3

Web Hacking

The World Wide Web, where "wide" describes the size of the security holes.

• Hack This Site (Web)
• Websec.fr
• Hack.me
• XSS Challenges
• Damn Vulnerable Webapp

Crypto

Do large prime numbers really wet your whistle? Ever dream of having a key exchange with Diffie and Hellman? Does RSA make your toes tingle? These are for you.

• Matasano Crypto Challenges
• Praetorian Crypto Challenges
• PotatoSec Crypto Challenges
• id0-rsa

Misc

Various collections of challenges that don't cleanly fit in one category

• Google Gruyere
• Pwnable (Defunct?)
• Backdoor (Jeopardy)
• Microcorruption (Embedded)
• Starfighter
• Counterhack
• Hellbound Hackers
• RingZer0
• W3Challs

Blogs

• Robert Graham
• Michal Zalewski
• Dan Kaminsky
• Matthew Green
• Bruce Schneier
• Moxie Marlinspike
• Steve Bellovin
• NCC Group
• Breaking Malware

Videos

• LiveOverflow

Tools

Disassemblers

• IDA
• Hopper
• Radare
• Retargetable Decompiler
• Online Disassembler
• Binary Ninja

Misc

• ctf-tools
• awesome-ctf
• pwntools
• Compiler Explorer

Useful Links

• CTF Introduction and Information
• Malloc Exploitation
• Smashing The Stack For Fun and Profit(!!)
• Modern Stack Smashing
• Stack Canaries
• Global Offset Table Hijacking
• Reverse Engineering for Beginners
• Learn Python the Hard Way
• Corelan Security Articles
• Metasploit Unleashed
• Pentester Lab, Web app penetration testing
• ARM memory corruption
• CTFTime Scoreboard & Writeups
• CTF Writeups Repo
• Captf CTF/Wargame List