Getting Started playing CTFs:


Since I'm the webmaster (hi) I'm going to structure this how I want. Up to you whether to take these recommendations or completely ignore them. I'll be recommending a single piece of software that I think best serves the uses of a new or relatively new CTF player in each category of software that you'll use in almost every CTF. I'm not going to mention things that you download one time for a super weird random challenge. So, here's the things I (we?) recommend you get set up before playing CTFs:

Operating System

Telling everybody to install arch on their laptop isn't realistic, nor would any reasonable person expect a total newbie to be able to do it in a timely or painless manner. So, we recommend Ubuntu (preferably 16.04 LTS) as your primary hacking operating system. It's versatile and supports all of the tools mentioned below, but more importantly it is easy to use and well supported.

Ideally, you'll switch over to running Linux as your main OS at some point. If you aren't willing to do that, install virtualbox, download a Linux ISO, and set up a new VM to work on.


The only debugger we can easily recommend is GDB, which will be installed on any competent Operating System by default. However, the basic GDB lacks several features, so we recommend using GDB-Peda to enhance it visually and functionally.


For a disassember, we recommend Binary Ninja. Binja is paid software, but affordable given the alternatives and handily the easiest to use in the category. There are free disassemblers, but new players will be just fine using GDB until they decide to purchase or find their own niche.

Scripting Language

As a rule, we use python (2, unforunately) as our de facto standard for developing scripts and exploits for several reasons. Most importantly, the libraries we use for most of our hacking are in python. Secondly, everyone in the club knows it, and it's easy for new members to pick up. Finally, it's easy to read.

Exploit Development

Most of the team uses pwntools for developing exploits. It's easy, it's fast. That's about it.