Uploaded byHusseinMuhaisen
PDF, PPTX2,775 views

The Complete CTF Road Map

This document is a presentation by Hussein Muhaisen, detailing various types of Capture The Flag (CTF) challenges, prerequisites for participation, and specific areas of focus including cryptography, web exploitation, reverse engineering, forensics, and binary exploitation. It includes resources for getting started in CTF competitions and outlines essential knowledge required in scripting, Linux commands, and various programming languages. Additionally, it provides examples of specific topics within each area, such as SQL injection and memory analysis.

Embed presentation

Download as PDF, PPTX
CTF Road Map Hussein Muhaisen AKA System ExploitedCTF Road Map Hussein Muhaisen AKA System Exploited 1 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
Types Of CTFs •1. Normal CTFs Types: web , crypto , binary-exploitation, forensics, reverse engineering, mobile hacking. These CTF Challenges Are in Some Sort Of Chains. Flag Examples : Flag{FoUnd_Me_AyI} 2 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
Types of CTFs #2 •2. Attack and Defense . Each Team Has His own vulnerable Machine ( Box ) . Patch Your System . Exploit Your Enemy's System So When The game starts the teams need to start attacking and protecting the machines. 3 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
How To Find a CTF ? 4 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
Pre-requisites • Scripting ---> Python , and Bash. • Linux Commands - https://overthewire.org/wargames/bandit/ https://tryhackme.com/room/zthlinux • Web Fundamentals • Networking Fundamentals • Understanding Number Bases : Binary , Hex , Octa , etc. 5 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
Cryptography • What is Cryptography ? Ciphers That are needed to be used or broken. Encoding vs Encryption vs Hashing Symmetric and Asymmetric Encryption. 6 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
Cryptography Topics • Base 64 • Caesar cipher , ROT13 • XOR Encryption • MD5 Hashing • RSA • Frequency Analysis • Atbash cipher 7 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
Web Exploitation • Given a Web Server or Website Link and you need to find the certain bug in order to exploit it and retrieve the flags. •What Do You Need to Know ? • HTML , CSS , Java Script • Cookies • Databases , SQL • Robots.txt ( Web directories ) 8 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
Web Exploitation Topics • Inspect Element • Cookie-based authentication • SQLinjection , SQLmap • XSS • Burp Suite • Remote Code Execution ( RCE ) • Fuzzing ( Dirbuster , GoBuster , Dirb ) • Networking Protocols ( HTTP , HTTPS ) • Jason Web Tokens • Local File Inclusion ( LFI ) • Server Side and Client Side Authentication 9 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
Reverse Engineering • Reverse Engineering is the process of knowing how an executable work. • What Do You Need to Know ? • C/C++ • Java • Assembly 10 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
Reverse Engineering Topics • PE File Format • ELF Binary Format • System Calls • Windows Internals and Linux Internals • Tools To Know: Ghidra IDA Pro Binary Ninja Radare2 11 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
Forensics • File Format Analysis: Corrupt File Fixing File Extensions and File Types Hidden Files inside other files • Steganography: Hidden Text , Files , Images , Ciphers. • Memory Analysis: Dumps of Disk Images or Memories To analyze. • Packet Analysis : Analyze Network Packets such as wireshark pcap files 12 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
Forensics Topics • File Extensions and File Types • Metadata and Exiftools • NTFS and FAT32 Formats • LSB Steganography • Disk Imaging • Wireshark Packets • Steghide , stegcracker , stegsolve , openstego , zsteg , jsteg 13 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
Binary Exploitation • Binary exploitation is the process of subverting a compiled application such that it violates some trust boundary in a way that is advantageous to you, the attacker. • Topics Needed : • Buffer Overflows • How processes work like RAM etc • Memory Exploitation • Learn How to Use Python to Exploit 14 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
Resources to Get started • https://blog.tryhackme.com/free_path/ • https://hackthebox.eu • https://overthewire.org/ • https://ctftime.org/ • HackerSploit • John Hammond • The Cyber Mentor • IppSec • LiveOverFlow • zSecurity • Joe Helle • Network Chuck • https://picoctf.org • https://ringzer0ctf.com/challenges • https://ctf.hacker101.com/ 15 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
16 This Presentation Is Made by Hussein Muhaisen AKA System Exploited

More Related Content

PPTX
Cyber Security Workshop Presentation.pptx
byYashSomalkar
 
PDF
SS & MP lab viva question for computer science and engineering students.pdf
byAkshayS619514
 
PPT
Ch02 System Threats and Risks
byInformation Technology
 
PPTX
BackDoors Seminar
byChaitali Patel
 
PDF
CNIT 121: 8 Forensic Duplication
bySam Bowne
 
PPTX
Rootkits
byTharinduUdaraRanasin
 
PPTX
Protection and security of operating system
byAbdullah Khosa
 
PPTX
Kali linux and hacking
byAbdullahDanish8
 
Cyber Security Workshop Presentation.pptx
byYashSomalkar
 
SS & MP lab viva question for computer science and engineering students.pdf
byAkshayS619514
 
Ch02 System Threats and Risks
byInformation Technology
 
BackDoors Seminar
byChaitali Patel
 
CNIT 121: 8 Forensic Duplication
bySam Bowne
 
Rootkits
byTharinduUdaraRanasin
 
Protection and security of operating system
byAbdullah Khosa
 
Kali linux and hacking
byAbdullahDanish8
 

What's hot

PPT
Black box & white-box testing technique
bySivaprasanthRentala1975
 
PPTX
Play,Learn and Hack- CTF Training
byHeba Hamdy Farahat
 
PDF
HTTP/2 standard for video streaming
byHung Thai Le
 
PPTX
malware analysis
by20CS201AkashR
 
PPT
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
PPTX
Software Maintenance
byAmeer Hasan Malik
 
PPT
extreme Programming
byBilal Shah
 
PPTX
Introduction of CTF and CGC
byKir Chou
 
PDF
EC-Council Certification Roadmap and Course Catalog
byNetCom Learning
 
PPTX
Malware Classification and Analysis
byPrashant Chopra
 
PDF
How to use miniedit
byTakuji IIMURA
 
PPTX
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
bySam Bowne
 
PDF
Software engineering a practitioners approach 8th edition pressman solutions ...
byDrusilla918
 
PPTX
System Security Plans 101
byDonald E. Hester
 
PPTX
Black box testing or behavioral testing
bySlideshare
 
PDF
Black Box Testing
byTestbytes
 
PPTX
Unit testing & TDD concepts with best practice guidelines.
byMohamed Taman
 
PDF
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
bySam Bowne
 
PPTX
Compiler Design Unit 2
byJena Catherine Bel D
 
PPTX
RECURSIVE DESCENT PARSING
byJothi Lakshmi
 
Black box & white-box testing technique
bySivaprasanthRentala1975
 
Play,Learn and Hack- CTF Training
byHeba Hamdy Farahat
 
HTTP/2 standard for video streaming
byHung Thai Le
 
malware analysis
by20CS201AkashR
 
Intrusion Detection Systems and Intrusion Prevention Systems
byCleverence Kombe
 
Software Maintenance
byAmeer Hasan Malik
 
extreme Programming
byBilal Shah
 
Introduction of CTF and CGC
byKir Chou
 
EC-Council Certification Roadmap and Course Catalog
byNetCom Learning
 
Malware Classification and Analysis
byPrashant Chopra
 
How to use miniedit
byTakuji IIMURA
 
Practical Malware Analysis: Ch 0: Malware Analysis Primer & 1: Basic Static T...
bySam Bowne
 
Software engineering a practitioners approach 8th edition pressman solutions ...
byDrusilla918
 
System Security Plans 101
byDonald E. Hester
 
Black box testing or behavioral testing
bySlideshare
 
Black Box Testing
byTestbytes
 
Unit testing & TDD concepts with best practice guidelines.
byMohamed Taman
 
CNIT 126 Ch 0: Malware Analysis Primer & 1: Basic Static Techniques
bySam Bowne
 
Compiler Design Unit 2
byJena Catherine Bel D
 
RECURSIVE DESCENT PARSING
byJothi Lakshmi
 

Similar to The Complete CTF Road Map

PDF
Hack Attack! An Introduction to Penetration Testing
bySteve Phillips
 
PDF
CNIT 129S: 10: Attacking Back-End Components
bySam Bowne
 
PDF
Introduction to Cybersecurity | IIT(BHU)CyberSec
byYashSomalkar
 
PDF
SOHOpelessly Broken
byThe Security of Things Forum
 
PPT
Security & ethical hacking p2
byratnalajaggu
 
PDF
Penetration Testing is the Art of the Manipulation
byJongWon Kim
 
PDF
Lares from LOW to PWNED
byChris Gates
 
PPT
Security & ethical hacking
byAmanpreet Singh
 
KEY
SecTor 2012 The Security Mendoza Line
byEd Bellis
 
PDF
BSides SF Security Mendoza Line
byEd Bellis
 
PPT
Kunal - Introduction to backtrack - ClubHack2008
byClubHack
 
PPT
Kunal - Introduction to BackTrack - ClubHack2008
byClubHack
 
PPS
Workshop on BackTrack live CD
byamiable_indian
 
PDF
Introduction to Exploitation
byUTD Computer Security Group
 
PDF
Why everybody should do CTF / Wargames?
byMiroslav Stampar
 
PDF
Web Exploitation
byUTD Computer Security Group
 
PDF
Web Application Penetration Testing.pdf
bybarayapaten
 
PPTX
Buffer overflow attacks
byJoe McCarthy
 
PDF
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
byFelipe Prado
 
PDF
Hacking school computers for fun profit and better grades short
byVincent Ohprecio
 
Hack Attack! An Introduction to Penetration Testing
bySteve Phillips
 
CNIT 129S: 10: Attacking Back-End Components
bySam Bowne
 
Introduction to Cybersecurity | IIT(BHU)CyberSec
byYashSomalkar
 
SOHOpelessly Broken
byThe Security of Things Forum
 
Security & ethical hacking p2
byratnalajaggu
 
Penetration Testing is the Art of the Manipulation
byJongWon Kim
 
Lares from LOW to PWNED
byChris Gates
 
Security & ethical hacking
byAmanpreet Singh
 
SecTor 2012 The Security Mendoza Line
byEd Bellis
 
BSides SF Security Mendoza Line
byEd Bellis
 
Kunal - Introduction to backtrack - ClubHack2008
byClubHack
 
Kunal - Introduction to BackTrack - ClubHack2008
byClubHack
 
Workshop on BackTrack live CD
byamiable_indian
 
Introduction to Exploitation
byUTD Computer Security Group
 
Why everybody should do CTF / Wargames?
byMiroslav Stampar
 
Web Exploitation
byUTD Computer Security Group
 
Web Application Penetration Testing.pdf
bybarayapaten
 
Buffer overflow attacks
byJoe McCarthy
 
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
byFelipe Prado
 
Hacking school computers for fun profit and better grades short
byVincent Ohprecio
 

Recently uploaded

PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
PDF
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
PDF
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
PDF
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
PDF
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
PDF
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
PDF
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
PPTX
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
PPTX
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
PPTX
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
PPTX
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PPTX
The Landscape of Computer Software Development Companies
byYash Singh
 
PDF
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
PDF
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
PDF
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PPTX
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
PDF
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
PDF
Incident Response Planning with a Foundation Model
byKim Hammar
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
TPPmark2025 Kenta Inoue's answer 12/04/2025
byKenta Inoue
 
TrustArc Webinar - Looking Ahead: The 2026 Privacy Landscape
byTrustArc
 
Accelerating Responsible AI Adoption in Public Sector and Private Organizations.
byYasir Naveed Riaz
 
TrustArc Webinar - Assessing AI Risk with Confidence
byTrustArc
 
Empowering Productivity with Clever Prompts and Intelligent Agents
byUni Systems S.M.S.A.
 
ElyriaSoftware — Powering the Future with Blockchain Innovation
byElyria Software
 
THIS IS CYBER SECURITY NOTES USED IN CLASS ON VARIOUS TOPICS USED IN CYBERSEC...
byMelissaGblinwon
 
Basics of Identity Access Management In mordern Infrastructure
byPrinceXavier18
 
RISE with SAP for Automotive - S4 HANA Value.pptx
byAmira Jemi
 
The Future of IT Service Management AI Automation & Beyond.pptx
byChetu
 
The year in review - MarvelClient in 2025
bypanagenda
 
The Landscape of Computer Software Development Companies
byYash Singh
 
Guided Substation Engineering with CoMPAS: Simplifying IEC 61850
byDanBrown980551
 
Innovative AI Solutions for Business Growth.pdf
byVox Works
 
Digit Expo 2025 - EICC Edinburgh 27th November
byRay Bugg
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Ritesh_kumar_Aatmanirbhar Bharat: Make in India, Make for the World.pptx
byriteshrkgs2008
 
How Mobile Apps Are Shaping the Future of Digital Innovation
byWilliam Taylor
 
Incident Response Planning with a Foundation Model
byKim Hammar
 
In this document
Powered by AI

Introduction slide presenting the roadmap for CTFs and the presenter, Hussein Muhaisen.

Explains two main types of Capture The Flag (CTF) events: Normal CTFs with various challenges and Attack and Defense styles where teams protect and attack systems.

Offers guidance on locations and methods to discover CTF competitions to participate in.

Lists essential skills and knowledge for participating in CTFs, including scripting, web fundamentals, and basic networking.

Defines cryptography, discussing encryption, encoding, and hashing techniques, including symmetric and asymmetric methods.

Discusses web exploitation techniques, necessary languages, and potential vulnerabilities like SQL Injection and XSS.

Introduces reverse engineering and required languages/technologies, including different file formats and tools essential for the process.

Covers digital forensics including file and memory analysis, steganography, and packet analysis.

Defines binary exploitation, the process, and relevant topics such as buffer overflows and memory management.

Provides a list of online resources and platforms where learners can practice and improve their skills relevant for CTFs.

Final slide reiterating the presenter and context without additional content.

The Complete CTF Road Map

  • 1.
    CTF Road Map HusseinMuhaisen AKA System ExploitedCTF Road Map Hussein Muhaisen AKA System Exploited 1 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 2.
    Types Of CTFs •1.Normal CTFs Types: web , crypto , binary-exploitation, forensics, reverse engineering, mobile hacking. These CTF Challenges Are in Some Sort Of Chains. Flag Examples : Flag{FoUnd_Me_AyI} 2 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 3.
    Types of CTFs#2 •2. Attack and Defense . Each Team Has His own vulnerable Machine ( Box ) . Patch Your System . Exploit Your Enemy's System So When The game starts the teams need to start attacking and protecting the machines. 3 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 4.
    How To Finda CTF ? 4 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 5.
    Pre-requisites • Scripting --->Python , and Bash. • Linux Commands - https://overthewire.org/wargames/bandit/ https://tryhackme.com/room/zthlinux • Web Fundamentals • Networking Fundamentals • Understanding Number Bases : Binary , Hex , Octa , etc. 5 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 6.
    Cryptography • What isCryptography ? Ciphers That are needed to be used or broken. Encoding vs Encryption vs Hashing Symmetric and Asymmetric Encryption. 6 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 7.
    Cryptography Topics • Base64 • Caesar cipher , ROT13 • XOR Encryption • MD5 Hashing • RSA • Frequency Analysis • Atbash cipher 7 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 8.
    Web Exploitation • Givena Web Server or Website Link and you need to find the certain bug in order to exploit it and retrieve the flags. •What Do You Need to Know ? • HTML , CSS , Java Script • Cookies • Databases , SQL • Robots.txt ( Web directories ) 8 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 9.
    Web Exploitation Topics •Inspect Element • Cookie-based authentication • SQLinjection , SQLmap • XSS • Burp Suite • Remote Code Execution ( RCE ) • Fuzzing ( Dirbuster , GoBuster , Dirb ) • Networking Protocols ( HTTP , HTTPS ) • Jason Web Tokens • Local File Inclusion ( LFI ) • Server Side and Client Side Authentication 9 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 10.
    Reverse Engineering • ReverseEngineering is the process of knowing how an executable work. • What Do You Need to Know ? • C/C++ • Java • Assembly 10 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 11.
    Reverse Engineering Topics •PE File Format • ELF Binary Format • System Calls • Windows Internals and Linux Internals • Tools To Know: Ghidra IDA Pro Binary Ninja Radare2 11 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 12.
    Forensics • File FormatAnalysis: Corrupt File Fixing File Extensions and File Types Hidden Files inside other files • Steganography: Hidden Text , Files , Images , Ciphers. • Memory Analysis: Dumps of Disk Images or Memories To analyze. • Packet Analysis : Analyze Network Packets such as wireshark pcap files 12 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 13.
    Forensics Topics • FileExtensions and File Types • Metadata and Exiftools • NTFS and FAT32 Formats • LSB Steganography • Disk Imaging • Wireshark Packets • Steghide , stegcracker , stegsolve , openstego , zsteg , jsteg 13 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 14.
    Binary Exploitation • Binaryexploitation is the process of subverting a compiled application such that it violates some trust boundary in a way that is advantageous to you, the attacker. • Topics Needed : • Buffer Overflows • How processes work like RAM etc • Memory Exploitation • Learn How to Use Python to Exploit 14 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 15.
    Resources to Getstarted • https://blog.tryhackme.com/free_path/ • https://hackthebox.eu • https://overthewire.org/ • https://ctftime.org/ • HackerSploit • John Hammond • The Cyber Mentor • IppSec • LiveOverFlow • zSecurity • Joe Helle • Network Chuck • https://picoctf.org • https://ringzer0ctf.com/challenges • https://ctf.hacker101.com/ 15 This Presentation Is Made by Hussein Muhaisen AKA System Exploited
  • 16.
    16 This Presentation IsMade by Hussein Muhaisen AKA System Exploited