Getting Started
Our CTF consists of challenges in a variety of categories. Each of the categories has its own section on the Wiki with additional information.
Donât worry if you arenât familiar with any of the categories, we will have a talk on each of them targeted at those with no prior experience.
- Web - Vulnerabilities in web applications such as SQL injection, command injection, cross-site scripting (XSS), logic bugs, and more.
- Binary Exploitation - We will primarily focus on identifying and exploiting memory corruption and logic bugs in executable programs. This includes some analysis of machine code.
- Reversing - Reverse engineering includes reverse engineering how a program works, without source code. (includes mobile applications, web applications, IoT firmware, âŠ).
- Crypto - Learn about implementation flaws in encryption schemes that can allow you to decrypt encrypted data sent between two parties (like over the internet).
- Forensics - Forensics is the art of recovering useful information obtained from traffic captures, full disk images, a variety of common file formats (including data hidden in images), and more. This often includes seemingly deleted or covertly recorded data.
Start Here
-
Set up your environment. This may be easy or hard, depending on your primary operating system and computer specs. Feel free to ask on the discord if you need help or want suggestions on what the easiest setup is.
-
Sign up on our CTF scoreboard with your @osu.edu email
-
Join the Discord
-
Choose an easy (low points) problem to start with, and consult the guides linked above for each category. Ask on the discord if you get stuck!
- Check out the challenge titled âSanity Checkâ â it is a free flag.
Help! I canât figure out how to install/run <tool>!
Presumably youâre looking at this section because someone recommended you try out some tool for solving a challenge, and you canât figure out how to install it on your system.
Hereâs some things to try:
- Is the tool available in your operating systemâs package manager?
Info
Debian / Ubuntu (including WSL on Windows)
Apt is your package manager. Google something like â<tool name> aptâ and youâll probably find a command like this:
sudo apt install <tool_name>macOS
Homebrew is a popular package manager. After youâve installed Homebrew, google something like â<tool name> homebrewâ and see if someone has created a package for it. Youâll probably find a command like this:
brew install <tool_name>Other systemsâŠ
If you used another operating system, youâre on your own. Some tools have installers on their website for windows (ex. nmap) but many tools do not, which is why we recommend using a linux distribution. If you use a distribution with
yumorpacmanas package managers, youâll likely find packages for the tools youâll want as well.
- Is the tool available in pip (Pythonâs package manager?)
Info
First, make sure you have the correct version of Python for the tool â usually each tool will specify what version it is written for⊠hopefully everything is on Python 3 by now.
Usually installing python is as simple as installing a package (on Debian/Ubuntu,
sudo apt install python3-pipshould to the trick. On many systems you have to usepython3andpip3to use Python 3 once its installed). You may also find it useful to use a python version management tool such aspyenv.If you already have Python installed, look for an install command in the toolâs README like the following:
sudo pip3 install <tool_name>
- I keep getting an error when I try to install a tool with pip3
Info
Check if you might be missing a dependency for the tool. Many tools are upfront with their dependencies in their README and will frequently provide the exact command to install the dependencies in a variety of package managers. Sometimes googling part of the error can help you find others who have already solved the issue.