Useful resources for learning hacking with CTFs.

Playing CTFs

There are easier and harder CTFs:

Most CTFs have at least some easier challenges. Try and read writeups.

Free courses with challenges

  • OverTheWire
    • CTF like challenges from all categories with explanation on how to approach them
  • pwn.college
    • Binary exploitation and reverse engineering course with many progressively harder challenges along with videos. By zardus former Shellphish captain and DefCon CTF organizer.
  • ProtSwigger Web Security Academy
    • Explanation and challenges about the most common web vulnerabilities. Unfortunately you need a Burp Pro Licence to complete some challenges.
  • Open Security Training 2
    • Growing number of courses about reverse engineering and binary exploitation. With videos, text-explanations and hands-on tasks. Good place to start if you want to get into firmware and operating system security.
  • CryptoHack
    • Learn modern cryptography starting from the basics with challenges and explanations.

Videos

Reading stuff

Magazines

Blogs

There are just way to many good blogs to list them all here, but r/netsec is a good aggregator.

Books

We prefer hands-on-learning, but these are some classics recommended by a lot of people:

Conferences

KIT Courses

Here at KIT there are a some good security courses. We do not want to recommend specific ones here, because we haven’t taken all of them. Check the “Modulhandbuch”. Not only security courses are relevant for CTFs, but having a broad knowledge about computers and cryptography really helps.