Skip to content

CTF Competition Topics

Because the topics covered in CTF questions are broad, there are no clear boundaries as to what will be tested. Based on the current CTFs questions, topics mainly include these six categories: Web – Web Application Exploitation, RE - Reverse Engineering, Pwn - Binary Exploitation, Crypto - Cipher Attacks, Mobile - Mobile Security and Misc - Miscellaneous

  • Web – Web Application Exploitation

The Web topic mainly introduces common vulnerabilities in web apps, such as SQL injection, XSS, CSRF, file inclusion, file uploading, code auditing, PHP weaknesses, etc. Also, the common problem types, solving methods, and tools used.

  • RE - Reverse Engineering

The RE topic mainly introduces common types of questions seen in RE challenges, reversing platforms, and solving methods. The advanced section introduces software protection, decompilation, anti-reversing, and packing and unpacking techniques.

  • Pwn - Binary Exploitation

The Pwn topic mainly introduces the exploitation and utilization of binary vulnerabilities, which requires a understanding of the underlying operating system. In the CTFs, the pwn problems are mainly on Linux.

  • Crypto - Cipher Attacks

The Crypto topic mainly includes two parts: classical ciphers and modern cryptography. Classical ciphers are interesting and diverse. Modern cryptography has high security and requires a deeper understanding of the algorithms used.

  • Mobile - Mobile Security

The Mobile topic mainly introduces the common tools and problems types in Android reverse engineering. Android reverse engineering often requires some Android development knowledge. IOS reverse problems rarely appear in CTFs, so it won’t be covered.

  • Misc - Miscellaneous

The Misc topic mainly includes information gathering, coding, forensics, steganography, and etc.

National College Student Information Security Contest - Challenges Topics

In 2016, the National College Students Information Security Contest began to hold innovative practical skills competitions, which adopts the traditional CTF competition system. In the "2016 National College Students Information Security Contest Guide&quot, the following topics are given by the organizer:

  1. System security. Involves operating system and web system security, including code audit in multiple languages (especially PHP), database management and SQL operations, web vulnerability discovery and exploit (such as SQL injection and XSS), getting shell on server, patching security vulnerabilities.
  2. Reverse engineering. Involves the use of multiple programming languages on Windows/Linux/Android platforms to analyze source code and binary files with tools, Reverse engineering Android mobile application and APK files, encryption and decryption, kernel programming, algorithm, debugging, and code obfuscation technologies.
  3. Binary Exploitation. Involves using languages such as C/C++/Python/PHP/Java/Ruby/Assemble, explore Windows/Linux (x86/x86_64 platform) binary bugs, understand buffer overflows and format string attacks, and writing shellcode.
  4. Cryptography. Involves classical ciphers and modern cryptography, analyze cryptographic algorithms, calculate keys to perform encryption and decryption operations.
  5. Miscellaneous. Involves information gathering, programming, mobile security, cloud computing security, trusted computing, autonomous controllable, steganography, forensics, file recovery, computer network foundation, and network traffic analysis.