Challenge Categories
Binary Exploitation (also called pwn, binexp, binary)
What is binary exploitation?
Binary exploitation is basically any problem that is based around exploiting a bug in a program to cause it to give you the flag. This differs from web in that the bugs are mostly low level, and the problems are based around binaries (executable files, normally written in C). Also, unlike reversing, the challenge is based around exploiting vulnerabilities instead of trying to figure out what the binary does. It's normally fairly easy to understand what's going on in a binary exploitation problem compared to reversing. pwn is another name for binary exploitation, taken from old hacker slang where people would say "pwn" instead of hack.
What do I need to know to solve binary exploitation problems?
You should probably understand the basics of Computer Architecture (CS 429) and simple Linux. Knowledge of C and x86/64 assembly is also very useful. Of course, you don't need to know any of this, but anything you don't know you will have to learn on your own in the progress of solving a problem. You should probably do the first few reversing problems first too, so you can learn a disassembler (Ghidra or Cutter) and GDB (plus an extension like Pwntools or GEF).
What does a binary exploitation problem look like?
Most pwn problems involve a single simple program, that you are given. You can run this program locally for testing, but it won't be able to print the flag since the file is located on the remote server. You will also be given a netcat, where you can send or receive data. The goal is then to send the netcat something that causes it to give you the flag. It is generally easier to test the programs locally so you can use gdb, and then to submit the solution to the netcat. Remember that the remote computer may not be set up the same way yours is. Many pwn problems end with you "getting a shell". This means that you have a way to send the remote computer commands to execute, just like you do on your own command line. Once you have done this you can just run cat flag.txt
to get the flag.
What can I do with binary exploitation?
pwn is a great way to learn more about low level programming. Also, when writing C it is much easier to write safe C if you know what kinds of exploits your program could potentially be vulnerable to. pwn can also be useful if you want to become a cybersecurity analyst, as it's really similar to the work you would do on low level programs.
Cryptography (also called crypto)
What is cryptography?
Cryptography is the practice of encrypting data such that it is unreadable and therefore useless to an adversary. It includes all manner of encryption schemes, ciphers, cryptosystems and more. Specifically for CTFs, you are usually trying to break or undo an encryption scheme or cipher. In order to make data harder to recover, lots of encryption schemes rely a lot on math to ensure that it's computationally infeasible to try to recover the plaintext without knowing specific secrets or keys.
What do I need to know to solve cryptography problems?
Easy to medium level cryptography problems usually involve relatively simple ciphers that you can read up about on Wikipedia or find tools to solve online. As the problem difficulty increases, you will usually need to know more math: specifically topics like abstract algrebra and number theory. It's also pretty useful to know how to use Python and/or Sage in order to write code to solve the more math-y problems.
What does a cryptography problem look like?
There are a couple different types of cryptography problems, but one of the most common is having to decipher or decrypt data that is given to you. The prompt or title will usually contain some hint as to what method was used to encrypt the data, and it's up to you to figure out how to undo it. Sometimes it's straightforward deciphering, but other times you may have to take advantage of mistakes or poor choices made (purposefully) by the challenge author in order to recover the flag.
What can I do with cryptography?
Cryptography is an awesome way to get into the more math-y and theoretical side of security. Considering we use things like encryption every day of our lives (whether we're aware of it or not), it's useful to know what types of vulnerabilities different cryptosystems and ciphers have so you know how to apply them properly in practice. Learning more about cryptography can be useful if you want to become a cryptographer, penetration tester, researcher, or if want to work on tools that use and implement cryptographic schemes.
Forensics
What is forensics?
Forensics is a pretty open-ended category, but for the most part it involves all manner of manipulating files to recover data. Sometimes this means recovering data that was hidden inside of the raw bytes of a file (steganography), sometimes it means fixing broken files (file signatures), sometimes it's recovering files hidden in files hidden in files (file carving), the list goes on.
What do I need to know to solve forensics problems?
Honestly there isn't too much background knowledge needed for forensics problems, since you'll usually be learning most of it on the fly. This is due to the varied nature of forensics problems-- one problem could be all about PDF specifications while another is completely perpendicular and requires knowledge of image manipulation. As a result, Google and Wikipedia are your best friends, as well as online tools you may find to help with things like recovering steganographic messages and the like. Overall, understanding different encodings (binary, hexadecimal, Base64, etc.) is something that usually comes in handy no matter what the problem.
What does a forensics problem look like?
Again, since forensics problems are so varied, they can look very different. For the most part, you'll usually be provided with some type of file, and it's usually a good idea to run terminal programs like strings
, xxd
, file
, and binwalk
on any file you get so you can decide what the next steps are. Usually the flag will be encoded or hidden in the file in some way, and your job is to recover it.
What can I do with forensics?
Doing forensics problems will make you very familiar with file formats and specifications, as well as all the different ways in which you can break them. Additionally, you'll learn how to recover data that is thought to be gone forever. While both of these things are useful just as a person who uses a computer, they can also be helpful if you want to go into digital forensics and incident response (DFIR). Being able to recognize what should and shouldn't be in a file, and knowing how attackers might hide malicious programs or data within benign files are skills that will get you far.
Reverse Engineering (also called reversing, rev)
What is reversing?
Reversing is any problem where you are given code / a binary and you need to try to figure out what it does. Often reversing problems are written in a way where it isn't easy to tell what the code is doing, or the code obfuscates itself somehow.
What do I need to know to solve reversing problems?
You should probably understand the basics of Computer Architecture (CS 429) and simple Linux. Knowledge of C and x86/64 assembly is also very useful. Of course, you don't need to know any of this, but anything you don't know you will have to learn on your own in the progress of solving a problem. It's also nice to know your way around a good disassembler / decompiler (like Ghidra or Cutter).
What does a reversing problem look like?
Most reversing problems involve being given a single program to run. You then need to figure out what the program does, and how to make it give you the flag. Sometimes the program will have the flag hidden inside and you just need to get it out. In other problems the program will just validate your input (the program will just tell you if you got the flag right). With those problems you just need to figure out how the program validates the flag so you can create a flag that will pass the checks.
What can I do with reversing?
Reversing is a great way to learn more about low level programming. It will teach you a ton about how computers work, and how programs work. It also teaches you a lot of tools, like GDB and Ghidra, that are useful when debugging.
Web
What is web?
Web problems are any problems based around a web browser, or a webservice / API. They generally involve exploiting some sort of bug or vulnerability in the source code of the website to get the flag. The bug could either be in the frontend of the website, or the backend.
What do I need to know to solve web problems?
At least some amount of knowledge of how websites work is nice, but web is a very approachable category. It's very possible to just know the basic parts of how websites work and solve a few challenges. However, it's nice to know the basics of HTML, JavaScript, and HTTP. Some problems also involve backends written in JavaScript, Python, or PHP.
What does a web problem look like?
Most web problems just start with a single url. Sometimes the problem will give you the backend code for the website,but this isn't particularly common. From there you will have to investigate the website, and figure out what it's doing.Sometimes you can find a vulnerability in the frontend code, or sometimes you can figure out a specific way to make a HTTP request that tricks the server. Often this involves at least some level of guesswork, but a good problem will hinttowards what you should be doing. From there, common vulnerabilities involve tricking the webserver into sending youfiles it's not supposed to (like the flag), or stealing cookies.
What can I do with web?
Web problems are probably the most applicable for the real world. For one, CTF's can be a way for you to be exposed to a wide variety of web technologies, and cause you to deep dive to learn how they work. Also, almost all of the web vulnerabilities you will use are fairly common in the real world. Knowing how to exploit these vulnerabilities can help you write better, more secure code in the future.