Skip to content

CTF Wiki EN

CTF History

mahaloz/ctf-wiki-en

CTF Wiki EN

mahaloz/ctf-wiki-en

Introduction
Introduction
- Getting Started
- CTF History CTF History
  Table of contents
- CTF Competition Types
- CTF Competition Topics
- Attack and Defense Experience Summary
- Learning Resources
Misc
Misc
- Miscellaneous Introduction
- Information Gathering Method
- Encoding Analysis
  Encoding Analysis
- Forensic and Steganography Prerequisite
- Image Analysis
  Image Analysis
- Audio Steganography
- Traffic Packet Analysis
  Traffic Packet Analysis
  - Introduction to Traffic Packet Analysis
  - PCAP File Repairing
  - Protocol Analysis
    Protocol Analysis
    
    Overview of Protocol Analysis
    
    Wireshark
    
    HTTP
    
    HTTPS
    
    FTP
    
    DNS
    
    WIFI
    
    USB
  - Data Extraction
- Compressed Package Analysis
  Compressed Package Analysis
  - ZIP Format
  - RAR Format
- Disk and Memory Analysis
  Disk and Memory Analysis
  - Introduction
Crypto
Crypto
- Introduction to Cryptography
- Basic Mathematics
  Basic Mathematics
  - Introduction
- Classical Cipher
  Classical Cipher
- Stream Cipher
  Stream Cipher
  - Introduction
  - Pseudo Random Number Generator
    Pseudo Random Number Generator
    
    Introduction
    
    Cryptographic Security Pseudo-random Number Generator
    
    Challenge Examples
  - Linear Congruence Generator
    Linear Congruence Generator
    
    Introduction
    
    Example
  - Feedback Shift Register
    Feedback Shift Register
    
    Introduction
    
    Linear Feedback Shift Register
    
    Nonlinear Feedback Shift Register
  - Special Stream Cipher
    Special Stream Cipher
    
    RC4
- Block Cipher
  Block Cipher
  - Introduction to Block Cipher
  - ARX
  - DES
  - IDEA
  - AES
  - Simon and Speck
  - Group Mode
    Group Mode
    
    Introduction
    
    Padding Methods
    
    ECB
    
    CBC
    
    PCBC
    
    CFB
    
    OFB
    
    CTR
    
    Padding Oracle Attack
- Asymmetric Cryptography
  Asymmetric Cryptography
  - Introduction to Asymmetric Cryptography
  - RSA
    RSA
    
    RSA Introduction
    
    Modulo-related Attacks
    
    Public Key Index Related Attacks
    
    Private Key d Related Attacks
    
    Coppersmith Related Attacks
    
    Chosen Plain Cipher Attack
    
    Side Channel Attack
    
    Bleichenbacher Attack
    
    Challenge Examples
  - Knapsack Cipher
  - Discrete Log Correlation
    Discrete Log Correlation
    
    Discrete Logarithm
    
    Elgamal
    
    ECC
  - Lattice-based Cryptography
    Lattice-based Cryptography
    
    Lattice Overview
    
    Introduction to Lattices
    
    Lattice-based Algorithm
    
    CVP
- Hash Function
  Hash Function
- Digital Signature
  Digital Signature
- Summary of Attack Techniques
  Summary of Attack Techniques
- Certificate Format
Web
Web
Assembly
Assembly
- x86_x64
- mips
- arm
Executable
Executable
- ELF file
  ELF file
- PE file
  PE file
Reverse Engineering
Reverse Engineering
- Reverse Overview
  Reverse Overview
- Linux Reverse
  Linux Reverse
  - Linux Reverse Technology
    Linux Reverse Technology
    
    LD_PRELOAD
    
    Incorrect Disassembly Fix
    
    Detecting Breakpoints Bypassing
    
    Detecting Debugging Bypassing
- Windows Reverse
  Windows Reverse
  - Shelling Technique
    Shelling Technique
    
    Introduction to the Protective case
    
    Single Step Tracking Method
    
    ESP Law
    
    One Step to the OEP Method
    
    Memory Mirroring Method
    
    Last Exception Method
    
    SFX Method
    
    DUMP and IAT Reconstruction
    
    Manually Find the IAT and Rebuild It Using ImportREC
    
    DLL File Unpacking
  - Anti-debugging Technique
    Anti-debugging Technique
    
    NtGlobalFlag
    
    Heap Flags
    
    The Heap
    
    Interrupt 3
    
    IsDebuggerPresent
    
    CheckRemoteDebuggerPresent
    
    NtQueryInformationProcess
    
    ZwSetInformationThread
    
    Flower command
    
    Anti-debug Technical Example
Pwn
Pwn
- Pwn Overview
  Pwn Overview
  - Readme
- Linux Pwn
  Linux Pwn
  - Security Protection Mechanism
    Security Protection Mechanism
    
    Canary
  - Stack Overflow
    Stack Overflow
    
    Stack Introduction
    
    Stack Overflow Principle
    
    Basic ROP
    
    Intermediate ROP
    
    Advanced ROP
    
    ROP Tricks
  - Format String Vulnerability
    Format String Vulnerability
    
    Format String Vulnerability Principle
    
    Format String Exploit
    
    Format String Vulnerability Example
    
    Format String Vulnerability Detection
  - Glibc Heap Related
    Glibc Heap Related
    
    Introduction to Heap
    
    Heap Overview
    
    Heap Related Data Structure
    
    In-depth Explanation of Ptmalloc2
    In-depth Explanation of Ptmalloc2
    
    Implementation
    
    Basic Functions in the heap implementation
    
    Heap Initialization
    
    Allocate Heap Memory
    
    Free Heap Memory
    
    Tcache
    
    malloc_state
    
    Other
    
    Heap Overflow
    
    Heap-based Off-By-One
    
    Chunk Extend/Overlapping
    
    Unlink
    
    Use After Free
    
    Fastbin Attack
    
    Unsorted Bin Attack
    
    Large Bin Attack
    
    Tcache Attack
    
    House of Einherjar
    
    House of Force
    
    House of Lore
    
    House of Orange
    
    House of Rabbit
    
    House of Roman
  - IO_FILE Related
    IO_FILE Related
    
    FILE Structure Description
    
    Forged Vtable to Hijack Control Flow
    
    FSOP
    
    Use of IO_FILE Under Glibc 2.24
  - Race Condition
    Race Condition
    
    Race Condition Introduction
    
    Example
  - Integer Overflow
    Integer Overflow
    
    Introduction to The Principle of Integer Overflow
  - Sandbox Escape
    Sandbox Escape
    
    Python Sandbox Escape
  - Linux Kernel
    Linux Kernel
    
    Environment Setup
    
    Basics
    
    Kernel-UAF
    
    Kernel-ROP
    
    ret2usr
    
    bypass-smep
    
    Double Fetch
  - arm-pwn
    arm-pwn
    
    Environment Setup
    
    arm-rop
  - Summary
    Summary
    
    Address Leaking
    
    Hijack Control Flow
    
    Get Shell
- Windows Pwn
  Windows Pwn
  - Overview
  - Stack Overflow
    Stack Overflow
    
    Stack Introduction
    
    Stack Overflow Basics
    
    shellcode-in-stack
Android
Android
- Android Development Basics
- Android Application Operating Mechanism Brief
  Android Application Operating Mechanism Brief
  - Basics
  - The Operating Mechanism of the Java Layer in Android
    The Operating Mechanism of the Java Layer in Android
    
    Andriod Native
    
    Smali Introduction
    
    Dex and ODEX
    Dex and ODEX
    
    DEX
    
    ODEX
  - Android Native Layer Introduction
    Android Native Layer Introduction
    
    Android Shared Object
  - Android Reverse Basic Introduction
    Android Reverse Basic Introduction
    
    Brief Overview
    
    Android Key Part Location
    
    Android Simple Static Analysis
    Android Simple Static Analysis
    
    Android Java Layer Static Analysis
    
    Android Native Layer Static Analysis
    
    Android Static Analysis Hybrid Example
    
    Android Simple Dynamic Analysis
    Android Simple Dynamic Analysis
    
    Dynamic Debugging
    
    Android Dynamic Debugging SO
ICS
ICS

CTF History

The content of this column is taken from the public video "The Past, Present and Future of CTF" by Teacher Zhuge Jianwei in the Spring Festival.

Origin of CTF¶

CTF originated from the competition game between hackers in the fourth DEFCON in 1996.

Early Years of CTF¶

The first CTF (1996-2001) has no clear rules, no professionally built platform or environment. Each team prepares their own objective (defending their own objective, while attacking opponents' objective). Most of the organizers are just enthusiastic non-professional volunteers who assist in manual scoring.

Great controversy and dissatisfaction were due to the lack of an automated scoring system and technical competence among judges, many scoring delays and errors, unreliable network, and improper configuration.

"Modern" CTF Competition¶

A professional organizer will manage the competition platform, create challenges, and implement competitions with an automated scoring system. The participating teams are required to apply for participation and will be selected by the organizers of the DEFCON in a meeting.

During the three years with LegitBS organizing the DEFCON CTF competition, a few modifications have been made:

The competition focuses on the inner workings of the computers, its security features and capabilities. Web exploitation has been completely ignored.
Various CPU architectures, operating systems, and languages.
The "Zero-Sum" scoring rule.
A wider skillset required: reverse engineering, vulnerability discovery, pwning, patching, network traffic analysis, system security, programming and debugging.

本页面的全部内容在 CC BY-NC-SA 4.0 协议之条款下提供，附加条款亦可能应用。

Comments