Welcome to CTF101, a site documenting the basics of playing Capture the Flags. This guide was written and maintained by the OSIRIS Lab at New York University in collaboration with CTFd. In this handbook you'll learn the basics™ behind the methodologies and techniques needed to succeed in Capture the Flag competitions. Ready? What is a CTF?

What is a CTF? Capture the Flags, or CTFs, are computer security competitions. Teams of competitors (or just individuals) are pitted against each other in various challenges across multiple security disciplines, competing to earn the most points. Why play CTFs?

2024年1月26日 · An important part of forensics is having the right tools, as well as being familiar with using them. Approach forensics challenges with an open mind. It's not uncommon to have obscure CTF challenges hide flags in the darkest of corners!

Capture the Flag Competition Wiki. Cryptography. Cryptography is the reason we can use banking apps, transmit sensitive information over the web, and in general protect our privacy.

2024年1月26日 · Web Exploitation. Websites all around the world are programmed using various programming languages. While there are specific vulnerabilities in each programming langrage that the developer should be aware of, there are issues fundamental to the internet that can show up regardless of the chosen language or framework.

2024年10月15日 · Capture the Flag Competition Wiki. Steganography. Steganography is the practice of hiding data in plain sight.

2024年1月26日 · Capture the Flag Competition Wiki. Because the ping command is being terminated and the ls command is being added on, the ls command will be run in addition to the empty ping command!. This is the core concept behind command injection. The ls command could of course be switched with another command (e.g. wget, curl, bash, etc.). Command …

Wireshark is a network protocol analyzer which is often used in CTF challenges to look at recorded network traffic. Wireshark uses a filetype called .pcap, or "packet capture", to record traffic.

Capture the Flag Competition Wiki. You can see the XSS exploit provided in the data GET parameter. If the application is vulnerable to reflected XSS, the application will take this data parameter value and inject it into the DOM.

2024年1月26日 · Reverse Engineering in a CTF is typically the process of taking a compiled (machine code, bytecode) program and converting it back into a more human readable format. Very often the goal of a reverse engineering challenge is to understand the functionality of a given program such that you can identify deeper issues.