trailofbits / ctf Goto Github PK
View Code? Open in Web Editor NEWCTF Field Guide
Home Page: https://trailofbits.github.io/ctf/
License: Creative Commons Attribution Share Alike 4.0 International
CTF Field Guide
Home Page: https://trailofbits.github.io/ctf/
License: Creative Commons Attribution Share Alike 4.0 International
I know that you have the instructions at #6, but it would be easier if the pdf was available for download
Also, any plans to actually put the book for sale?
I for one would prefer to buy the physical copy of the book (which would also be an nice/easy way yo contribute some money to the project)
Hi, I registered for the capstone ctf last week and I ended up forgetting my username to the team name I created, I know the password and the email it is linked to. Please help!
I couldn't find a license and wanted to better understand how this may be used. Could you share the license details or add one (e.g. Public Domain, MIT, BSD, Apache 2, etc.)
in the solution code of Algo 200 - A substring
public static int count(String s){
int found = 0;
for(int i = 0; i < s.length() - 1; i++){ //We skip the last character as it cannot be a valid first character of a sequence
if(i == 0)
if(s.charAt(i) == 'a' && s.charAt(i + 1) == 'a')
found++;
else
if(s.charAt(i - 1) != 'a' && s.charAt(i) == 'a' && s.charAt(i + 1) == 'a')
found++;
}
return found;
}
you canno't use if(s.charAt(i - 1) != 'a' && s.charAt(i) == 'a' && s.charAt(i + 1) == 'a')
for simple reason which in the first iteration inside for loop i = 0, hence s.charAt(i-1) = -1, and it will generate
String index out of range: -1
Is it possible to get this site fully offline?
Hi;
Thank you for your effort to supply us with this Guide. I just want to inform you that there are a lot of links that are not available in the resources section on many modules, So if you could update those links it will be a great move from your side, as from my little perspective on the field and from my researches online i have found that your guide in my point of view is the most complete guide on the internet. I hope that you could update the broken links so we can benefit from this near perfection hard work.
Thank you.
The malware analysis course by TML is down right now. I was able to get the link from Internet Archive. However, I just wanted to ask whether you could replace it with RPISEC's course. Is the TML course significant enough to keep it? Does it offer something different? I really don't know how to judge, I defer to your infinitely better judgement.
If it is, I'll submit a PR to update the TML course links.
Thanks for this wonderful resource!
i've spent more time than i'd like to admit trying to build one, and finally did successfully, and here is how to do it on osx:
npm install gitbook-cli -g
calibre.app
to your Applications foldersudo ln -s /Applications/calibre.app/Contents/MacOS/ebook-convert /usr/local/bin
export PATH=$PATH:/Applications/calibre.app/Contents/MacOS
gitbook pdf
i think thats about it, good luck.
Any way to get this as PDF?
In several places throughout the guide, there are links to PDFs that point to files stored in this repo. Some of those links are wrong, because the 'ctf' directory in the path sometimes appear twice, for example Vulnerability Discovery -> Auditing Source contains links to PDFs for Essential C and TAOSSA Chapter 6: C Language Issues. Those links are:
https://trailofbits.github.io/ctf/ctf/vulnerabilities/references/EssentialC.pdf
https://trailofbits.github.io/ctf/ctf/vulnerabilities/references/Dowd_ch06.pdf
They should be:
https://trailofbits.github.io/ctf/vulnerabilities/references/EssentialC.pdf
https://trailofbits.github.io/ctf/vulnerabilities/references/Dowd_ch06.pdf
Other pages have the same issues, they are:
Vulnerability Discovery -> Auditing Webapps
https://trailofbits.github.io/ctf/ctf/web/workshop/siberia.zip
Should be:
https://trailofbits.github.io/ctf/web/workshop/siberia.zip
Exploit Creation -> Binary Exploits 1
https://trailofbits.github.io/ctf/ctf/exploits/references/formatstring-1.2.pdf
https://trailofbits.github.io/ctf/ctf/exploits/references/tr-2007-153.pdf
Should be:
https://trailofbits.github.io/ctf/exploits/references/formatstring-1.2.pdf
https://trailofbits.github.io/ctf/exploits/references/tr-2007-153.pdf
Exploit Creation -> Binary Exploits 2
https://trailofbits.github.io/ctf/ctf/exploits/references/no-nx.pdf
https://trailofbits.github.io/ctf/ctf/exploits/references/acsac09.pdf
Should be:
https://trailofbits.github.io/ctf/exploits/references/no-nx.pdf
https://trailofbits.github.io/ctf/exploits/references/acsac09.pdf
Those are the links that I found, but I'm sure I could have missed a few. Thanks for the awesome resource!
Hello, my name is Torin and I forgot the name I gave my team. I know my password, but it's the team name I forgot. Is there anyway I can get it back?
Basic instructions for getting started with gitbook, installing dependencies, and working with the master and gh-pages branches.
This assumes knowledge of what CTF is. Maybe you're okay with that but I thought I'd point it out.
first,i overwrite both ebp and return addr in stack,immediately write three args for second call fgets function,and make the overflow_len size bigger.
however,because of ASLR,the ebp is hard to guess.
when i close ASLR,this is work!!
so,any other idea can you offer??
thanks a lot.
Pull request #40 supposedly fixes broken links, but this change isn't reflected in the web-facing version.
First, thank you so much for putting the CTF Field Guide together. I'm just starting to get my feet wet and this looks like an awesome resource.
I wanted to find out if there is (or request) links to solutions for the workshops, as while learning it often helps to validate my answers or get a nudge if I'm completely stuck. I realize these are spoilers so I do think they should be in a separate section so they are not accidentally viewed, but still available somewhere for those who need it.
Nat
How to install trailofbits/CTF source in kali linux
key_buf (32bytes) is too small to hold the all content of the key file (56bytes).
In particular, cover this section: https://github.com/GitbookIO/gitbook#output-formats
url:https://trailofbits.github.io/ctf/vulnerabilities/source.html
Resources
Essential C - Programming in C primer ------->https://trailofbits.github.io/ctf/ctf/vulnerabilities/ctf/vulnerabilities/ctf/vulnerabilities/ctf/vulnerabilities/references/EssentialC.pdf
is 404
ture --->https://github.com/trailofbits/ctf/blob/master/vulnerabilities/references/EssentialC.pdf
Good Evening/Morning/Afternoon,
I hope this is somewhat relevant and not an annoyance of a question, but I wish to find a team or just simply a group of people to converse with during CTFs. I've done a few alone and only a slim few on voice chats. I've found that the connection is valuable, and I learn loads more. So if you're able to provide resources, or even a strategy, to help dive into the community that would help me (and I suppose many others) out so much.
Thanks for the read
i started participating in ctf recently. I don't know much about this. i have to participate in a competition next month in which i have to attack others system for the flag and defend my system from their attack. please tell me some resources from where i should practice.
I made virtualmachine ubuntu and kali inside virtualbox and started program easy32 at ubuntu but my kalis nmap says all ubuntu ports are closed and netcat says connect refused at ubuntu port 12346. I allso installed socat at ubuntu btw.
in the exploit easy ,i encounter a problem.
i want to overwrite the pikachy variable into 0xfa75beef,but fgets() cannot read 0xfa75beef.
although i used the escape char '',just like \xef\xbe\x75\xfa,fgets() cannot identify the escape char ''.
so ,how can i make fgets() read the hexadecimal number.
This note has there for quite a while. I think the table should be up by now.
Where can I edit or set the flags to my choosing say if I wanted to make my own CTF game.
thanks.
Each lecture and each exercise should have its own, independent subsection. That would both make the guide easier to read and lower the bar for people to contribute modules.
Hello guys,im trying to learn from the start,but it seems the depth of each section is beyond what i imagined,i will certainly go through all of them later, but now i don't have time for all of the lessons,can you guys suggest which part is best for learning pentesting(source auditing/reverse engineering/pentesting are different jobs right?)
It'd be nice to take this offline on my kindle for reading. Any way to make this a single-page? maybe a Print-view?
(I have not read the whole thing, so I don't know how many videos/etc are in here).
Is it possible to make the page white instead of using the dark color scheme it currently has?
in web siberia.zip is password protected, what is the password?
I am writing a tool that uses CTF writeups for solving another CTF problems and hacking also via commands inside writeups
but still new and need improving code and looking for other similar tools for comparing it with my tool(open source is good and maybe with some ai) but can't find it do you know any tools?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.