WizardsOfDos

Getting Started

Communication

• Subscribe to the mailing list for announcements like upcoming CTFs
• Join the IRC #wizardsofdos @ irc.hackint.org
  • Webclient
  • Your favorite IRC Client Guide

• For communication and coordination during a CTF we mostly use Mattermost

  • Invites are handed out on your first CTF with us, just ask

• We also have a CTFPad instance which is hosted at pads.ctf.darmstadt.ccc.de
  • The authkey is handed out on request

Resources

Not sure where to start learning and training?

CTF challenges are commonly seperated into different categories. Below, we explain some categories and provide learning materials for them. If you don't know which category you prefer or are new to all of this read the Beginner category.

Beginner

The following have no specific order, pick whatever interests you most first and switch as you prefer.

Basic Intrudction to wargames and the Linux CLI

Knowing how to navigate a Linux system is an important skill in general. This wargame will teach you some concepts typically encountered on a Linux system and the general mindset for wargames and CTFs.

Over the Wire: Bandit

Pico CTF

Pico CTF is a CTF designed for high school and early college Students and covers the typical CTF categories.

Current Pico CTF

PicoCTF 2017

Specific Categories

Binary

In the Binary category you are given some kind of executable program that is already compiled and have to reverse engineer or exploit it. Reverse engineering means understanding what the program does and finding some input which generates the flag. Exploiting means finding some flaw in the program that allows you to take control over the process and get a shell on the system where you then often just read a file 'flag' or 'flag.txt' that contains the flag

• Intro to Binary Hacking by LiveOverflow
• Intro to Modern Binary Exploitation
• Book (Intro to classic Binary Exploitation): Hacking - The Art of Exploitation

Crypto

In the Crypto category, you need to attack cryptographic operations, e.g. decrypt a ciphertext without knowing the key or generating a signature for a certain input. Sometimes, this includes "classical" codes like Vigenere cipher, but the more interesting challenges are based on modern crypto systems.

The higher rated crypto challenges commonly require you to read papers about attacks on some crypto system and implementing these attacks. As cryptographic primitives are often based on mathematical problems, a solid understanding of mathematics helps, too.

• In Cryptopals, you learn a number of classical attacks against crypto systems by first implementing the crypto and attacking it afterwards. It does not require any previous knowledge and you can use any programming language you like.
  • Filippo Valsorda has created a series of videos solving the Cryptopals Challenges with Go

Web

• Web Application for playing around with Web exploitation https://www.owasp.org/index.php/OWASP_Juice_Shop_Project

• Web Security Basics (XSS and CSRF)

• AngularJS Sandbox Bypasses

Play CTFs

Online CTFs

• Overview (past and upcoming events): CTFtime
• PicoCTF: A beginner friendly CTF. It is already "over", i.e., you can't win any prices anymore, but you can still play it.

Wargames

• RingZer0Team