CTFs_Wargames.md

CTFs & Wargames

Table of Contents

• General
• 101
• Beginner Focused CTFs
• Challenge Archives
• Challenges (one-offs)
• Challenge Sites
• Educational
• Handy Tools
• Making Your Own CTF
• Vulnerable Virtual Machines
• Wargames
• Writeups

Contents

• General
  • ctf-time
• 101
  • How to play your first OpenCTF
  • Capture The Flag (CTF): What Is It for a Newbie?
  • Advice for my first CTF? - Reddit Thread
• Beginner Focused CTFs
  • PicoCTF
  • CSAW
• Challenge Archives
  • Archive of old CTFs - shell-storm
• Challenges (one-offs)
  • Forensics Contest
  • List of themed Hacker challenges
  • Sans Community Forensics Challenges
  • Greenhorn
    • Greenhorn is a Windows Pwnable released during CSAW Quals 2014. It's meant to be an introduction to modern Windows binary exploitation.
• Challenge Sites
  • HacktheBox.eu
  • Wechall
    • An amazing site. Tracks, lists, scores, various challenge sites. If you're looking for a challenge or two, and not a wargame, this is the site you want to hit up first.
  • XSS Challenge Wiki
    • A wiki that contains various xss challenges.
  • Halls of Valhalla
  • EnigmaGroup
  • cmdchallenge
    • This repo holds the challenges for cmdchallenge.co - command-line challenges - can add your own/modify existing challenges
  • Canyouhackit
    • Can You Hack It is a Hacking Challenge site designed to not only allow you to test and improve your skills in a wide variety of categories but to socialise both on the forums and on our IRC channel with other security enthusiasts.
  • Tasteless
  • Hack This
  • XSS Challenge Wiki
    • List without spoilers:
• Educational
  • Suggestions on Running a CTF
    • This document describes some of the design decisions and technical details involved in running a CTF competition. It attempts to summarize some opinions held by the CTF community and list some specific pitfalls to avoid when designing problems.
  • The Many Maxims of Maximally Effective CTFs
  • CTF Field Guide - TrailofBits
  • Golden Flag CTF Awards
  • NetWars - SANS
• Handy Tools
  • pngcheck
    • pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs [checksums] and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities.
  • pwntools
  • CTF Scripts and PyInstaller (.py > .exe)
  • RSACtfTool
    • RSA tool for ctf - uncipher data from weak public key and try to recover private key Automatic selection of best attack for the given public key
• Making Your Own CTF
  • AppJailLauncher
    • CTF Challenge Framework for Windows 8 and above
  • CTFd
    • CTFd is a CTF in a can. Easily modifiable and has everything you need to run a jeopardy style CTF.
  • FBCTF
    • The Facebook CTF is a platform to host Jeopardy and "King of the Hill" style Capture the Flag competitions.
  • hack-the-arch
    • This is a scoring server built using Ruby on Rails by the Military Cyber Professionals Association (MCPA). It is free to use and extend under the MIT license (see LICENSE file). The goal of this project is to provide a standard generic scoring server that provides an easy way to add and modify problems and track statistics of a Cyber Capture the Flag event. While it's not recommended, this server can be hosted with your challenges but we do recommend sand-boxing your challenges so they do not affect the scoring server.
  • iCTF Framwork
    • This is the framework that the UC Santa Barbara Seclab uses to host the iCTF, and that can be used to create your own CTFs at http://ictf.cs.ucsb.edu/framework. The framework creates several VMs: one for the organizers and one for every team.
  • NightShade
    • NightShade is a simple security capture the flag framework that is designed to make running your own contest as easy as possible.
  • Mellivora
    • Mellivora is a CTF engine written in PHP
  • picoCTF-Platform-2
    • The picoCTF Platform 2 is the infrastructure on which picoCTF runs. The platform is designed to be easily adapted to other CTF or programming competitions. picoCTF Platform 2 targets Ubuntu 14.04 LTS but should work on just about any "standard" Linux distribution. It would probably even work on Windows. MongoDB must be installed; all default configurations should work.
  • py_chall_factory
    • Small framework to create/manage/package jeopardy CTF challenges
  • Root the Box
    • Root the Box is a real-time scoring engine for a computer wargames where hackers can practice and learn. The application can be easily modified for any hacker CTF game. Root the Box attempts to engage novice and experienced hackers alike by combining a fun game-like environment, with realistic challenges that convey knowledge applicable to real-world penetration testing. Just as in traditional CTF games, each team attacks targets of varying difficulty and sophistication, attempting to collect flags. However in Root the Box, teams can also create "Botnets" by uploading a small bot program to target machines. Teams are periodically rewarded with (in-game) money for each bot in their botnet; the larger the botnet the larger the reward.
  • scorebot
  • SecGen
    • SecGen creates vulnerable virtual machines so students can learn security penetration testing techniques.
  • Flawed Fortress
    • Flawed Fortress is a front end platform for hosting Capture the Flag Event (CTF), it is programmed with PHP, JQuery, JavaScript and phpMyAdmin. Currently, It is designed to import SecGen CTF challenges using marker.xml file (which is generated in the project folder when creating a CTF Challenge)
  • Remediate the Flag
    • RTF is an open source Practical Application Security Training platform that hosts application security focused exercises.
    • Candidates manually find, exploit, and manually remediate the code of a vulnerable application running in a disposable development environment accessed using a web browser. 100% hands-on training, no multiple choice questions involved.
• Vulnerable Virtual Machines
  • Vulnhub
  • The Hacker Games
    • VM Setup to practice VM breakouts/defense. Hack the VM before it hacks you!
    • VM Download
  • VulnInjector
    • Generates a 'vulnerable' machine using the end users own setup files & product keys.
• Wargames
  • Ringzer0 team CTF
    • Description: RingZer0 Team's online CTF offers you tons of challenges designed to test and improve your hacking skills thru hacking challenge. Register and get a flag for every challenges.
  • pwn0 Wargame
    • pwn0 is a network where (almost) anything goes. Just sign up, connect to the VPN, and start hacking. pwn0 on freenode �
  • Microcorruption
    • Awesome wargame.
  • OverTheWire Wargames
    • OverTheWire provides several wargames publicly/freely available. All very good quality. Highly recommended.
  • Smash the Stack Wargames
    • Smash the stack hosts several public wargames of very good quality for free use. Highly recommended.
  • WTHack OnlineCTF
  • IO
  • Pwnable.kr
  • pwnable.tw
  • Gracker
  • ROP Wargames
  • Penetration Test 'test lab'
  • Defcon DFIR CTF 2018 Open to the Public - HackingExposed Computer Forensics
  • DFRWS IoT Forensic Challenge (2018 - 2019)
• Writeups
  • CTF Writeups
  • Pwning (sometimes) with style Dragons' notes on CTFs
  • My CTF-Web-Challenges(orange)
  • DerbyCon CTF writeups
  • Stripe CTF 2.0
  • FlarOn 2018 Wasabi