picoCTF

About CTF

“Capture The Flag” (CTF) competitions (in the cyber security sense) are not related to running outdoors or playing first-person shooters. Instead, they consist of a set of computer security puzzles (or challenges) involving reverse-engineering, memory corruption, cryptography, web technologies, and more. When players solve them they get a “flag,” a secret string which can be exchanged for points. The more points a team earns, the higher up it moves in rank.

There are several objectives of CTF games: solve problems, learn learn learn, and have fun. There are different styles of CTF games. Jeopardy and Attack & Defense are the two most common. In CSA we focus on the Jeopardy style.

Each challenge is designed so that when the competitor solves it, a small piece of text or “flag” is revealed. The flag is then submitted to a website or scoring engine in exchange for points. The amount of points rewarded is typically relative to the perceived difficulty of the challenge.

CTF 101

https://ctf101.org/

Introduces the concepts and several different security areas. Then you can go to picoCTF to practice and apply what you have learned. The content is built by The NYU Tandon School of Engineering.

Forensics
Cryptography
Web Exploitation
Reverse Engineering
Binary Exploitation

https://play.picoctf.org/ No experience required

picoCTF is one of the largest CTF challenges. It is an entry level-CTF game. It’s not easy, but you don’t need a PhD either. picoCTF is a free computer security game targeted at middle and high school students, created by security experts at Carnegie Mellon University. The game consists of a series of challenges centered around a unique storyline where participants must reverse engineer, break, hack, decrypt, or do whatever it takes to solve the challenge.

Getting Started

INSTRUCTIONS: https://picoctf.com/students

REGISTER (FREE) – https://play.picoctf.org/ (Let us know when you join and we’ll get you connected on the team room)

LEARNING MATERIAL: – https://picoctf.com/resources

https://picoctf.com/learning_guides/Book-1-General-Skills.pd
https://picoctf.com/learning_guides/Book-2-Cryptography.pdf
https://picoctf.com/learning_guides/Book-3-Web-Exploitation.pdf
https://picoctf.com/learning_guides/Book-4-Forensics.pdf
https://picoctf.com/learning_guides/Book-5-Binary-Exploitation.pdf
https://picoctf.com/learning_guides/Book-6-Reversing.pdf
(Really Good) https://ctf101.org/ – Discusses: forensics (digital evidence), Crypotography (secret codes), web exploitation (website weaknesses), Reverse Engineering (breaking apart computer code), and binary exploitation (breaking computer code)

Cryptography Starter Tools

Google.com (because it’s amazing to search and learn for stuff)
CyberChef – https://gchq.github.io/CyberChef/ (I’ll be doing a demo video to show how to use this amazing free tool)
Dcode – They have SO many ciphers). https://www.dcode.fr/ascii-code
Decode – Alphabet Cipher – https://www.dcode.fr/letter-number-cipher
Rumkin (lots of classic ciphers) http://rumkin.com/tools/cipher/

Common CTF Ciphers:

base-2 (binary). Only Uses 1’s and 0’s > “01100010” = b
base-8 (octal) Uses numbers 0 to 7 >
base-16 (hexadecimal) – Uses 07 and letters A-F and sometimes start with a “0x“
base-64 (base64) – Uses numbers and letters (upper and lower case). Many times it ends with an “=” or “==” > Q1NB = CSA

Solutions (aka Write-Ups)

WRITTEN FORMAT:

2019 Edition: https://ctftime.org/event/914/tasks/

VIDEOS WALK-THROUGHS: