CTF Resources

A collection of introductory resources for playing CTFs curated by CSeC

General

• PicoGym - A set of CTF challenges for beginners into CTFs.
• PicoPrimer - A primer into CTF-style challenges and the theory required for them. Great place to start for absolute beginners.
• TrailOfBits - A “CTF Field Guide” comprising challenge walkthroughs, guidance and case studies of adversarial behaviour.
• CTF101 - An introductory handbook covering the basics of each CTF category.
• HackTheBox - Interactive cybersecurity platform with diverse challenges for hands-on practice, covering areas like penetration testing, reverse engineering, and cryptography.
• TryHackMe - Interactive cybersecurity platform featuring beginner-friendly challenges, hands-on labs, and guided learning paths covering various topics such as penetration testing, web exploitation, and network security.
• Blue Team Academy - A cybersecurity training platform focusing on defensive techniques and strategies.
• Awesome CyberSec - A curated list on GitHub featuring a comprehensive collection of resources, tools, and learning materials covering various aspects of cybersecurity.
• OverTheWire Bandit - A place to practice your Linux command-line skills - CTF style.

Cryptography

• CryptoHack - An excellent set of CTF-style challenges in cryptography.
• RSA Common Attacks - Common attacks and their implementation on RSA challenges.

Digital Forensics

• MemLabs - One of the best places to get started in Memory Forensics.
• Popular Tools Used in Digital Forensics - A compilation of tools commonly used in digital forensics.
• Awesome Forensics - An extensive list of various forensics tools and resources.

Reverse Engineering

• The Flare-On Challenge - Though it is a single-player annual CTF, it contains a repository of prior years’ challenges.
• Reverse Engineering Challenges - A set of reverse engineering challenges contrived by Dennis Yurichev.

Binary Exploitation

• Pwn College - For those with a serious interest in starting from basics and going in-depth into binary exploitation.
• CryptoCat - Basic pwn ideas used in challenges.
• Nightmare - Covers many ideas in pwn in detail with examples from CTF challenges.

Web Exploitation

• PortSwigger Labs - Includes plentiful hands-on labs on various web vulnerabilities. Great resource to get started or brush-up on your skills.

Cloud-ish

• flAWS - A set of tutorials and CTF challenges to teach Amazon Web Services security concepts.
• flAWS2 - Sequel to flAWS.