Scribd
Upload
37 views16 pages

Capture The Flag RoadMap

The document outlines various types of Capture The Flag (CTF) competitions, including normal CTFs and attack-and-defense formats, along with the necessary skills and knowledge required for participation. It covers essential topics such as cryptography, web exploitation, reverse engineering, forensics, and binary exploitation, providing resources for further learning. The presentation is created by Hussein Muhaisen, also known as System Exploited.

Uploaded by

terizet.ss
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
37 views16 pages

Capture The Flag RoadMap

The document outlines various types of Capture The Flag (CTF) competitions, including normal CTFs and attack-and-defense formats, along with the necessary skills and knowledge required for participation. It covers essential topics such as cryptography, web exploitation, reverse engineering, forensics, and binary exploitation, providing resources for further learning. The presentation is created by Hussein Muhaisen, also known as System Exploited.

Uploaded by

terizet.ss
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 16

CTF Road Map

CTF Road Map


Hussein Muhaisen AKA System Exploited

Hussein Muhaisen AKA System Exploited

This Presentation Is Made by Hussein Muhaisen AKA System


1
Exploited
Types Of CTFs
• 1. Normal CTFs

Types: web , crypto , binary-exploitation, forensics, reverse


engineering, mobile hacking.

These CTF Challenges Are in Some Sort Of Chains.

Flag Examples : Flag{FoUnd_Me_AyI}

This Presentation Is Made by Hussein Muhaisen AKA System


2
Exploited
Types of CTFs #2
• 2. Attack and Defense

. Each Team Has His own vulnerable Machine ( Box )


. Patch Your System
. Exploit Your Enemy's System

So When The game starts the teams need to start attacking and
protecting the machines.

This Presentation Is Made by Hussein Muhaisen AKA System


3
Exploited
How To Find a CTF ?

This Presentation Is Made by Hussein Muhaisen AKA System


4
Exploited
Pre-requisites
• Scripting ---> Python , and Bash.
• Linux Commands -
https://overthewire.org/wargames/bandit/
https://tryhackme.com/room/zthlinux
• Web Fundamentals
• Networking Fundamentals
• Understanding Number Bases : Binary , Hex , Octa , etc.

This Presentation Is Made by Hussein Muhaisen AKA System


5
Exploited
Cryptography
• What is Cryptography ?
Ciphers That are needed to be used or broken.

Encoding vs Encryption vs Hashing


Symmetric and Asymmetric Encryption.

This Presentation Is Made by Hussein Muhaisen AKA System


6
Exploited
Cryptography Topics
• Base 64
• Caesar cipher , ROT13
• XOR Encryption
• MD5 Hashing
• RSA
• Frequency Analysis
• Atbash cipher

This Presentation Is Made by Hussein Muhaisen AKA System


7
Exploited
Web Exploitation
• Given a Web Server or Website Link and you need to find the certain
bug in order to exploit it and retrieve the flags.

• What Do You Need to Know ?


• HTML , CSS , Java Script
• Cookies
• Databases , SQL
• Robots.txt ( Web directories )

This Presentation Is Made by Hussein Muhaisen AKA System


8
Exploited
Web Exploitation Topics
• Inspect Element
• Cookie-based authentication
• SQLinjection , SQLmap
• XSS
• Burp Suite
• Remote Code Execution ( RCE )
• Fuzzing ( Dirbuster , GoBuster , Dirb )
• Networking Protocols ( HTTP , HTTPS )
• Jason Web Tokens
• Local File Inclusion ( LFI )
• Server Side and Client Side Authentication
This Presentation Is Made by Hussein Muhaisen AKA System
9
Exploited
Reverse Engineering
• Reverse Engineering is the process of knowing how
an executable work.

• What Do You Need to Know ?


• C/C++
• Java
• Assembly

This Presentation Is Made by Hussein Muhaisen AKA System


10
Exploited
Reverse Engineering Topics
• PE File Format
• ELF Binary Format
• System Calls
• Windows Internals and Linux Internals
• Tools To Know:
Ghidra
IDA Pro
Binary Ninja
Radare2
This Presentation Is Made by Hussein Muhaisen AKA System
11
Exploited
Forensics
• File Format Analysis:
Corrupt File Fixing
File Extensions and File Types
Hidden Files inside other files
• Steganography:
Hidden Text , Files , Images , Ciphers.
• Memory Analysis:
Dumps of Disk Images or Memories To analyze.
• Packet Analysis :
Analyze Network Packets such as wireshark pcap files

This Presentation Is Made by Hussein Muhaisen AKA System


12
Exploited
Forensics Topics
• File Extensions and File Types
• Metadata and Exiftools
• NTFS and FAT32 Formats
• LSB Steganography
• Disk Imaging
• Wireshark Packets
• Steghide , stegcracker , stegsolve , openstego , zsteg , jsteg

This Presentation Is Made by Hussein Muhaisen AKA System


13
Exploited
Binary Exploitation
• Binary exploitation is the process of subverting a compiled
application such that it violates some trust boundary in a way that is
advantageous to you, the attacker.

• Topics Needed :
• Buffer Overflows
• How processes work like RAM etc
• Memory Exploitation
• Learn How to Use Python to Exploit
This Presentation Is Made by Hussein Muhaisen AKA System
14
Exploited
Resources to Get started
• https://blog.tryhackme.com/free_path/
• https://hackthebox.eu
• https://overthewire.org/
• https://ctftime.org/
• HackerSploit
• John Hammond
• The Cyber Mentor
• IppSec
• LiveOverFlow
• zSecurity
• Joe Helle
• Network Chuck
• https://picoctf.org
• https://ringzer0ctf.com/challenges
• https://ctf.hacker101.com/

This Presentation Is Made by Hussein Muhaisen AKA System


15
Exploited
This Presentation Is Made by Hussein Muhaisen AKA System
16
Exploited

You might also like