Getting Started playing CTFs:

Cryptography

Cryptography is generally a math heavy category, so be prepared for a little discrete math!

b00tc4mp presentations

These streams are from the 2020 b01lers b00tc4mp!

Tool: Pencil and Paper

This is an important tool that can be used in any challenge, but it can help organize some math thoughts.

Tool: Sage Math

This is a big library of math functions, for crypto problems that need to systematically do math operations, this is a great library to do those.

Binary Exploitation and Reverse Engineering

Since Binary Exploitation and Reverse Engineering use similar tools, they will be lumped in together.

b00tc4mp presentations

These streams are from the 2020 b01lers b00tc4mp!

Tool: Debugger

The only debugger we can recommend is GDB, which will be installed on any competent Operating System by default. However, the basic GDB lacks several features, so we recommend using GDB-Peda to enhance it visually and functionally.

Tool: Reverse Engineering Platform / Framework

A reverse engineering platform / framework is just a tool that shows the assembly of a compiled program so you don't have to read a bunch of 0s and 1s. Most of these tools have a bunch of other features like a graph of the program's control flow, search for symbols, disassemblers, etc. Ghidra. Ghidra is a disassembler and that just got released that you can mess around with too. It's free and open source, plus it comes with a decompiler.

Another popular disassember, we recommend is Binary Ninja. Binja is paid software, but affordable given the alternatives and handily the easiest to use in the category. There are free disassemblers, but new players will be just fine using GDB until they decide to purchase or find their own niche.

Practice: Protostar

Protostar is a reverse engineering / binary exploitation tutorial series that is excellent for beginners. There is also a YouTube walkthrough if you get stuck!

Web Exploitation

b00tc4mp presentations

These streams are from the 2020 b01lers b00tc4mp!

Tool: Traffic Interceptor

For web exploitation the tool recommended is Burp Suite. Note: there is a free and a paid version, the free version has all the features you'll need. Anyway Burp Suite has a nice set of free tools that help you understand how a website is working.

Practice: OverTheWire Natas

Natas teaches the basics of serverside web-security in a format that progressively increases in difficulty.

General suggestions

OverTheWire

OverTheWire (OTW) is a good place for people to start. It has a progression of challenges in each of its many wargames and it allows people to get the feel for the type of thinking that goes into solving CTF challenges. The later challenges get quite difficult as well so even experienced players will enjoy these challenges.

Bandit is a good intro wargame from OTW.

Operating System

Telling everybody to install arch on their laptop isn't realistic, nor would any reasonable person expect a total newbie to be able to do it in a timely or painless manner. So, we recommend Ubuntu (preferably 16.04 LTS) as your primary hacking operating system. It's versatile and supports all of the tools mentioned below, but more importantly it is easy to use and well supported.

Ideally, you'll switch over to running Linux as your main OS at some point. If you aren't willing to do that, install virtualbox, download a Linux ISO, and set up a new VM to work on.

Scripting Language

We use python as our de facto standard for developing scripts and exploits for several reasons. Most importantly, the libraries we use for most of our hacking are in python, everyone in the club knows it, and it's easy for new members to pick up!

Exploit Development

Most of the team uses pwntools for developing exploits. It's easy, it's fast. That's about it.