Titlebook: Handbook for CTFers; Nu1L Team Book 2022 Publishing House of Electronics Industry 2022 CTF (Capture The Flag),.Web.PWN.Reverse.APK.Misc.Cr

機警

使更活躍

APK,eal data based on the characteristics of the system to test the participant’s understanding of Android. The latter mainly examines the player’s ability to reverse Java or C/C++ codes. Challenge designers will often apply obfuscation (ollvm, etc.), reinforcement, anti-debugging, and other techniques

itinerary

Reverse Engineering,ng flow, organizational structure, and functional specifications of the product to produce a product with similar but not identical functions. In CTF, reverse engineering generally refers to software reverse engineering, that is, analyzing compiled executable files, studying program behavior and alg

chance

PWN,resents the “bang” of a hacker gaining access to a computer through a vulnerability. It is a slang term derived from the verb own. In short, the process of gaining access to a computer through a vulnerability in binary is called PWN.

ATOPY

Crypto,developed with people’s growing pursuit of information confidentiality, and has become the foundation of modern cybersecurity. In recent years, the difficulty of cryptography challenges in CTF has been increasing, and the percentage of these challenges is also increasing. Compared with the Web and b

myalgia

adulterant

鋸齒狀

Code Auditing, very close to reality. The essence of code audit is to find defects in the code, this chapter only takes the mainstream PHP and Java languages code audit as an example, so that the reader not only understands the CTF code audit challenges but also can accumulate some real-world code audit experienc

口味

AWD,ultiple challenges, each challenge corresponds to a gamebox (server), the gamebox of each competition team has the same vulnerability environment, the players of each team obtain the flags in the gamebox of other teams through the vulnerability to score, and avoid being attacked by patching the vuln

安定

Virtual Target Penetration Test,Compared to the CTF online competition, the introduction of penetration challenges is as simple as the web challenges, which does not require the participants to know the underlying system principles and have profound programming ability, but only requires the exploits of existing vulnerabilities, s