Workshop Resources

Binary Exploitation

The binary exploitation workshop resources can be found here: https://github.com/kablaa/CTF-Workshop/blob/master/guide.md

Web Application Security

Until we compile a well structured list, here’s a bunch of loosely categorized links and pieces of advice: Learn

• How to make a database-connected webapp with authentication. No ORM.

• How to administer a webapp running on Linux. And Windows, if you’re feeling adventurous.

• The all-encompassing OWASP Top Ten – https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

Testing yourself (self-hosted)

• bWAPP – http://www.itsecgames.com/

• WebGoat – https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project

Testing yourself (remote)

• OverTheWire Bandit – http://overthewire.org/wargames/bandit/

• OverTheWire Natas – http://overthewire.org/wargames/natas/

Automating/tooling what you know

• Burp Suite – https://portswigger.net/burp/

• sqlmap – http://sqlmap.org/

• metasploit (link to guide) – https://www.offensive-security.com/metasploit-unleashed/