So, I've begun to make some updated ctf stuff. The first big part, deals with heap ctf challs, and can be found here:
https://github.com/guyinatuxedo/Shogun
Nightmare is an intro to binary exploitation / reverse engineering course based around ctf challenges. I call it that because it's a lot of people's nightmare to get hit by weaponized 0 days, which these skills directly translate into doing that type of work (plus it's a really cool song).
It's true there are a lot of resources out there to learn binary exploitation / reverse engineering skills, so what makes this different?
* Amount of Content - There is a large amount of content in this course (currently over 90 challenges), laid out in a linear fashion.
* Well Documented Write Ups - Each challenge comes with a well documented writeup explaining how to go from being handed the binary to doing the exploit dev.
* Multiple Problems per Topic - Most modules have multiple different challenges. This way you can use one to learn how the attack works, and then apply it to the others. Also different iterations of the problem will have knowledge needed to solve it.
* Using all open source tools - All the tools used here are free and open sourced. No IDA torrent needed.
* A Place to Ask Questions - So if you have a problem that you've been working for days and can't get anywhere (and google isn't helping).
I have found that resources that have many of these things to be few and far between. As a result it can make learning these skills difficult since you don't really know what to learn, or how to learn it. This is essentially my attempt to help fix some of those problems.
If you want, there is a static github pages site which people say looks better: https://guyinatuxedo.github.io/
A copy of all of the challenges listed, can be found on the github: https://github.com/guyinatuxedo/nightmare
Special thanks to these people:
noopnoop - For dealing with me
digitalcold - For showing me how good nightmare could look with mdbook
you nerds - For looking at this
If you get stuck on something for hours on end and google can't answer your question, try asking in the discord (or if you just feel like talking about cool security things). Here is a link to it https://discord.gg/p5E3VZF
Also if you notice any typos or mistakes, feel free to mention it in the Discord. With how much content is here, there is bound to be at least one.
Here is the index for all of the content in this course. Feel free to go through the whole thing, or only parts of it (don't let me tell you how to live your life). For the order that you do the challenges in a module, I would recommend starting with the first.
- Intro to assembly
- Sample assembly reverse challs
- gdb-gef
- pwntools
- ghidra
- pico18_strings
- helithumper_re
- csaw18_tourofx86pt1
- csaw19_beleaf
- Csaw18/boi
- TokyoWesterns17/just_do_it
- Tamu19_pwn1
- Csaw18_getit
- Tu17_vulnchat
- Csaw16_warmup
- quick aslr/pie explanation
- Tamu19_pwn3
- Csaw17_pilot
- Tu18_shelleasy
- nx explanation
- dcquals19_speedrun1
- bkp16_simplecalc
- dcquals16_feedme
- stack canary introduction
- relro introduction
- csaw17_svc
- fb19_overfloat
- hs19_storytime
- csaw19_babyboi
- utc19_shellme
- h3_time
- hsctf19_tuxtalkshow
- sunshinectf17_prepared
- backdoor17_bbpwn
- twesterns16_greeting
- pico_echo
- watevr19_betstar
- dcquals16_xkcd
- sawmpctf19_dreamheaps
- sunshinectf2017_alternativesolution
- tokyowesterns17_revrevrev
- tuctf_future
- hsctf19_abyte
- securityfest_fairlight
- plaid19_icancount
- defcamp15_r100
- asis17_marymorton
- hxp18_poorcanary
- tu_guestbook
- Tu17_vulnchat2
- Tamu19_pwn2
- hacklu15_stackstuff
- backdoorctf_funsignals
- inctf17_stupiddrop
- swamp19_syscaller
- csaw19_smallboi
- defconquals19_speedrun4
- insomnihack18_onewrite
- xctf16_b0verfl0w
- ropemporium_ret2csu
- 0ctf 2018 babystack
- defconquals19_s3
- Csaw18_shellpointcode
- defconquals19_s6
- dcquals18_elfcrumble
- plaid19_plaid_part_planning_III
- csaw16_gametime
- csaw13_dotnet
- csaw13_bikinibonanza
- whitehat18_re06
- sawmpctf19_future
- asis18quals_babyc
- other_movfuscated
- h3_challenge0
- h3_challenge1
- h3_challenge2
- h3_challenge3
- protostar_heap1
- protostar_heap0
- protostar_heap2
- explanation
- explanation
- swamp19_heapgolf
- pico_areyouroot
- Use After Free
- Double Free
- Null Byte Heap Consolidation
- explanation
- 0ctf18_babyheap
- csaw17_auir
- explanation
- dcquals19_babyheap
- plaid19_cpp
- explanation
- hitcon14_stkof
- zctf16_note
- explanation
- hitcon_magicheap
- 0ctf16_zer0storage
- largebin0_explanation
- largebin1_explanation
- csawquals17_minesweeper
- csawquals18_AliensVSSamurai
- csawquals19_traveller
- csaw18_tour_of_x86_pt_2
- csaw15_hackingtime
- csaw17_realism
- puzzle
- int_overflow_post
- signed_unsigned_int_expl
- csaw15_wyvern
- csaw17_prophecy
- bkp16_unholy
- swamp19_badfile
- csaw18_doubletrouble
- hackim19_shop
- unit_vars_expl
- csaw19_gibberish
- explanation
- hacklu14_oreo
- explanation
- explanation
- bkp16_cookbook
- explanation
- explanation
- csaw19_poppingCaps0
- csaw19_poppingCaps1
- csaw20_rop
- References
- What's next