Skip to content

Latest commit

 

History

History
206 lines (165 loc) · 7.72 KB

README.md

File metadata and controls

206 lines (165 loc) · 7.72 KB

b01lers Bootcamp 2020 Training

Table of Contents

  1. General
  2. How To Learn
  3. Web Exploitation
  4. Reverse Engineering
  5. Cryptography
  6. Binary Exploitation
  7. Hardware Hacking + RF
  8. Penetration Testing
  9. Resources + Practice
  10. Tools

General

This repository is the master repo for the b01lers CTF team's training materials. The intent of this material is to teach our team's new members how to play CTF by teaching in as short a time as possible the basics of every category of challenge typically seen.

Disclaimer: Some of the materials contained within may be harmful if misused. b01lers does not endorse using any of this information for evil, it is provided ONLY for educational purposes.

How To Learn

The best way to learn CTF is to practice. To this end, we have provided a self-contained docker container to remove the environment setup barrier of entry. A docker container is similar to a virtual machine and will allow you to run our customized pre-setup machine to go through all the training with.

That docker container's source can be found here along with installation instructions. Our youtube channel has install instructions for MacOS, Linux, and Windows here.

The content in this repository was designed to be used alongside a presenter. You can find the video training sessions here

Our recommendation if you want to learn to play CTF is this:

  • Watch and work along with all of the bootcamp training sessions.
  • Identify which category you are most interested in based on what you've learned.
  • Focusing on that category, use the resources and practice to learn and play as much as possible.

Ultimately, the way to become a 1337 hacker is to play CTF as much as possible, but we hope this is a good introduction. Please feel free to make an issue for any recommendations, edits, etc.

Web Exploitation

  • Basic developer tools:
    • Inspect Element
    • JS Console
    • Builtin Debugger
    • Network and storage
  • Javascript + client side validation
  • HTML + CSS
  • HTTP methods and internet infrastructure
  • CURL + Postman
  • PHP
  • Sessions
  • Hashing and type confusion
  • Databases and SQL Injection
  • Cross-Site Scripting (XSS)
    • Persistent
    • Reflected
    • DOM
  • Burp Suite

Extras:

Reverse Engineering

Day 1 rev/day_1/slides:

  • Hardware and Data Representations
  • Language Types rev/day_1/01-language-types
    • Compiled
    • Intepreted
    • JIT
    • Bytecode compiled
  • Compiled languages
  • The C compiler rev/day_1/02-compilation-steps
  • ELF format rev/day_1/03-readelf-sections
  • Linux system calls + how programs are run rev/day_1/04-running-programs-on-linux
  • Introduction to GDB and debugging
  • The dynamic loader (interpreter) rev/day_1/05-dynamic-call
  • Program images in memory
  • Introduction to assembly language rev/day_1/06-dynamic-call-asm
  • Important x86-64 instructions
  • Stack and Heap
  • Stack frames + function calls
  • Calling convention + ABI
  • High level RE process
  • Assembly construct: selection rev/day_1/07-selection-challenge
  • Assembly construct: selection (review) rev/day_2/00-selection
  • Assembly construct: iteration rev/day_2/02-iteration
  • Structures rev/day_2/03-data-structures
  • Parameter passing rev/day_2/01-function-calls
  • Advanced Ghidra features
    • Decompilation
    • Struct editor
    • CFG
  • Obfuscation, stripping, optimization

Cryptography

  • What is Cryptography:
  • Substitution Ciphers
  • Caesar Ciphers
  • Modular Arithmetic
  • Representation of Data
  • XOR
    • Properties
    • Applications
  • RSA Preview
  • Diffie-Hellman
  • Asymmetric and Symmetric Cryptography
  • RSA

Binary Exploitation

  • pwntools
  • Stack Overflows
  • Return Oriented Programming
  • Partial Overwrites
  • Global Offset Table & Libc
  • Protections Overview
  • Stack Canaries & Ret2Libc
  • printf
  • Intro to Heap

Hardware Hacking + RF

  • Board components
  • Interfaces
  • Firmware acquisition

Penetration Testing

Resources + Practice

General

Web Exploitation

Reverse Engineering

REcommended Reading:

  • Hacking: The Art of Exploitation, by Jon Erickson
  • Reversing: Secrets of Reverse Engineering, by Eldad Eilam
  • Assembly Language for Intel-Based Computers, by Kip R. Irvine
  • Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, by Dang, Gazet, Bachaalany
  • Practical Binary Analysis, by Dennis Andriesse
  • The Ghidra Book, by Chris Eagle and Kara Nance
  • Just look through here really.

REcommended Tutorials + References:

REcommended Practice:

Cryptography

Binary Exploitation

References/Practive:

Practice:

Tools

SEO

Reverse Engineering, RE, Awesome, Tutorial, Guide, Learn, Exploitation, CTF, Capture The Flag, Cryptography, Practical, Pwn, pwn, PWN, Binary Exploitation, Web Exploitation, Web CTF, RE CTF, Pwn CTF, Crypto CTF, Training, Bootcamp, bootcamp, Purdue, University, b01lers, b01lers bootcamp, ctf challenges, practice ctf, ctf teaching