Useful resources for learning hacking with CTFs.
There are easier and harder CTFs:
- CSCG (There is no challenge archive sadly.)
- Google CTF Beginners Quest
- Bambi CTF (Attack-Defense CTFs for beginners)
Free courses with challenges
- CTF like challenges form all categories with explanation on how to approach them
- Binary exploitation and reverse engineering course with many progressively harder challenges along with videos. By zardus former Shellphish captain and DefCon CTF organizer.
- ProtSwigger Web Security Academy
- Explanation and challenges about the most common web vulnerabilities. Unfortunately you need a Burp Pro Licence to complete some challenges.
- Open Security Training 2
- Growing number of courses about reverse engineering and binary exploitation. With videos, text-explanations and hands-on tasks. Good place to start if you want to get into firmware and operating system security.
- Learn modern cryptography starting from the basics with challenges and explanations.
- John Hammond
- Day Podcast
There are just way to many good blogs to list them all here, but r/netsec is a good aggregator.
We prefer hands-on-learning, but these are some classics recommended by a lot of people:
- The Art of Software Security Assessment (ISBN: 978-0321444424)
- Hacking: The Art of Exploitation (ISBN: 1-59327-007-0)
Here at KIT there are a some good security courses. We do not want to recommend specific ones here, because we haven’t taken all of them. Check the “Modulhandbuch”. Not only security courses are relevant for CTFs, but having a broad knowledge about computers and cryptography really helps.