I know I know nothing*
Learning for CTF is hard. Different type of puzzles and lack of You never know what you can expect so you need to sharpen your saw constantly.
With some difficult challenge presented during CTF probably everyone feels that they don't know enough. I had this feeling during the last CTF weekend (#WhiteHat, #SharifCTF).
I've decided to list all the places where I can find useful knowledge. I don't want to keep that to myself so here's the list.
Puzzles/Coding tasks
Puzzles are not directly related to CTFs but you can practice your programming skills. It is often required to think about better than naïve solutions to a particular problem as those might take huge amount of time.
- Project Euler - mathematical puzzles. More then 500 of them. From some simple ones to a bit more difficult.
- Top Coder - programming tasks
- Hacker Rank - as above
Writeups
Writeups are very useful way of learning new tricks of fellow CTFers. It is useful to check a writeup no matter if you solved a task in the CTF or not. If you did, you can learn a new, useful technique that might speed you up next time. If you didn't solve the task - well then it's obvious you want to learn how to do it - especially if you felt you were almost there during the CTF.
-
CTF repo - probably the biggest place where you can find write-ups or link to write-ups from CTFS for the past 4 years. It's not complete - some competitions or task within CTF are missing but anyway it's a good source of learning material
-
CTF Time write-ups - also a big source for solutions. I find it a bit less organized but any
Bug Bounties
Finding a bug and taking part in bug bounty programs is probably something only an experienced CTF player might consider but that is also something can help you sharpen you saw.
HackMe-s/CrackMe-s
Hackmes/Crackmes are similar to CTFs but without time pressure and deadlines. You can develop a skill for new type of task, create tools needed for particular problem without restricting yourself to be ready before the CTF ends.
- Hack.me - hacking challenges from different categories
- WeChall - this is also an aggregator for your points from numerous sites with crackmes/hackmes
- Exploit Excercises - a set of exploiting challenges to test your skills. Distributes as self-contained iso images
- Root-me - even more hacking challenges. Not all related to "rooting" a system
YouTube
Recently there are more and more resources on YouTube. I'm not a big fun of this way of learning as one needs to pause a lot if you want to follow the material but anyway it's also a way to get familiar with the skills. Few particular channels I follow:
- LiveOverflow - quite nice tutorials focuses on CTFs and
- JackkTutorials - Kali Linux and BackTrack - tutorial focused on Kali Linux and Back Track, a particular distro with a lot of useful tools preinstalled
- Gynvael Coldwind's channel - Gynvael is a captain of Dragon Sector CTF team. The channel is unfortunately in Polish but it contains quite few interesting videos. There's also an EN version but not as resourceful as the polish one.
Misc
- Radare2 book - r2 is a great disassembler, debugger and hexeditor. It's a bit steep learning curve but there's a book describing its features and options. Highly recommended.
Summary
A lot has changed in the recent years and there are lot's of places where one can lear useful CTFs skills. The best is, of course, just play CTFs. Nothing builds your knowledge like the actual competition.
Of course the list is not near being complete. I've listed most of the places I've check for resources + some additional ones I know.
What do you use? If there's a particular place you learn from - let me know so I can add it to the list and of course learn! gl! hf!