Getting Started playing CTFs:
Intro:
For each category there will be a recommendation for a single piece of software as well as a resource with practice problems. There will also be a couple extra general recommendations at the end. This software is something we use in almost every CTF. So if you're new to the category, we recommend pre installing these before a competition. There are tools that help for niche challenges, but those are not going to be discussed here. Here's the things we recommend you to get set up for each category before playing CTFs!
Cryptography
Cryptography is generally a math heavy category, so be prepared for a little discrete math!
Tool: Pencil and Paper
This is an important tool that can be used in any challenge, but it can help organize some math thoughts.
Tool: Sage Math
This is a big library of math functions, for crypto problems that need to systematically do math operations, this is a great library to do those.
Binary Exploitation and Reverse Engineering
Since Binary Exploitation and Reverse Engineering use similar tools, they will be lumped in together.
b00tc4mp presentations
These streams are from the 2020 b01lers b00tc4mp!
Reverse Engineering 1 Reverse Engineering 2Tool: Debugger
The only debugger we can recommend is GDB, which will be installed on any competent Operating System by default. However, the basic GDB lacks several features, so we recommend using GDB-Peda to enhance it visually and functionally.
Tool: Reverse Engineering Platform / Framework
A reverse engineering platform / framework is just a tool that shows the assembly of a compiled program so you don't have to read a bunch of 0s and 1s. Most of these tools have a bunch of other features like a graph of the program's control flow, search for symbols, disassemblers, etc. Ghidra. Ghidra is a disassembler and that just got released that you can mess around with too. It's free and open source, plus it comes with a decompiler.
Another popular disassember, we recommend is Binary Ninja. Binja is paid software, but affordable given the alternatives and handily the easiest to use in the category. There are free disassemblers, but new players will be just fine using GDB until they decide to purchase or find their own niche.
Practice: Protostar
Protostar is a reverse engineering / binary exploitation tutorial series that is excellent for beginners. There is also a YouTube walkthrough if you get stuck!
Web Exploitation
Tool: Traffic Interceptor
For web exploitation the tool recommended is Burp Suite. Note: there is a free and a paid version, the free version has all the features you'll need. Anyway Burp Suite has a nice set of free tools that help you understand how a website is working.
Practice: OverTheWire Natas
Natas teaches the basics of serverside web-security in a format that progressively increases in difficulty.
General suggestions
OverTheWire
OverTheWire (OTW) is a good place for people to start. It has a progression of challenges in each of its many wargames and it allows people to get the feel for the type of thinking that goes into solving CTF challenges. The later challenges get quite difficult as well so even experienced players will enjoy these challenges.
Bandit is a good intro wargame from OTW.
Operating System
Telling everybody to install arch on their laptop isn't realistic, nor would any reasonable person expect a total newbie to be able to do it in a timely or painless manner. So, we recommend Ubuntu (preferably 16.04 LTS) as your primary hacking operating system. It's versatile and supports all of the tools mentioned below, but more importantly it is easy to use and well supported.
Ideally, you'll switch over to running Linux as your main OS at some point. If you aren't willing to do that, install virtualbox, download a Linux ISO, and set up a new VM to work on.
Scripting Language
We use python as our de facto standard for developing scripts and exploits for several reasons. Most importantly, the libraries we use for most of our hacking are in python, everyone in the club knows it, and it's easy for new members to pick up!
Exploit Development
Most of the team uses pwntools for developing exploits. It's easy, it's fast. That's about it.