ctf | CTFd | |
---|---|---|
11 | 15 | |
1,743 | 5,316 | |
0.3% | 1.1% | |
2.5 | 8.8 | |
about 1 year ago | 5 days ago | |
Python | Python | |
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ctf
-
Audio Steganography
Audio can contain dial tones, or it can contain binary/morse code on some particular frequency, or it's not really "audio" but radio-transmission which needs to be decoded, or the audio can contain sounds of keyboard typing or even 3d printer head moving (like https://github.com/p4-team/ctf/tree/master/2020-05-10-spam-and-flags-teaser/3d_printer ), or maybe audio has multiple sources interleaved and you need to separate them and one has the flag, or maybe the audio file itself has specific format and some information can be passed there. There are infinite possibilities and it's impossible to say anything without analysing the file.
-
Failing to understand a flag
It's hard to say anything without actually seeing the page. Was there something inside the CSS files? You can do some crazy stuff there :) You can also do some fancy stuff like bypassing CSRF with CSS injection like in: https://github.com/p4-team/ctf/tree/master/2018-01-20-insomnihack/web_css
- CTF Question - reverse engineering keyboard Morse code
- Question about ECDSA
-
Stuck on a forensics challenge
One thing that immediately comes into mind is that archives are "weird", and an archive file can be also a totally different type of file at the same time. Just to clarify what I mean see: https://github.com/p4-team/ctf/blob/master/2016-04-15-plaid-ctf/web_pixelshop/README.md and specifically the magic file https://github.com/p4-team/ctf/blob/master/2016-04-15-plaid-ctf/web_pixelshop/exploit.png this is totally valid PNG file but at the same time it's also totally valid ZIP file with PHP shell inside.
-
Initial impact report about this week's EdDSA Double-PubKey Oracle attack in 40 affected crypto libs
Funny part is that even in CTF challenges made around this problem challenge authors were introducing some intentional bugs to account for this scenario, because they thought it would be too unrealistic otherwise :D See for example: https://github.com/p4-team/ctf/tree/master/2018-12-08-hxp/crypto_uff
-
Reduced Round AES CTR Attacks
See: https://github.com/p4-team/ctf/tree/master/2016-03-12-0ctf/peoples_square and also https://github.com/TFNS/writeups/tree/master/2020-06-05-DefenitCTF/spn (this one is not AES but some toy SPN, but the idea is exactly the same and maybe easier to understand)
-
Hey I was wondering if anyone knew a good place to post a challenge, a challenge with a reward
If it's some serious interesting cryptography (just to give you an example: https://github.com/p4-team/ctf/tree/master/2019-11-02-google-ctf/fractorization ), then perhaps consider talking to some CTF team to feature your challenge during an upcoming CTF
-
Help with factorizing n=p*q in an vulnerable RSA implementation
Also what you need doesn't require that much code, it's very similar to: https://github.com/p4-team/ctf/tree/master/2017-09-02-tokyo/crypto_rsa
- Cryptopals 2:12 - What real-world application of crypto does the solution actually break?
CTFd
-
Host your own CTF for free 💸 (CTFd Setup Guide)
During the last weekend, a small cyber security club at my town organized their first online CTF competition. I offered to take care of the infrastructure since I've been tinkering with CTFd for a couple of weeks and surprisingly everything went well! (Except two server outages that didn't last long 😁) That's why I'm here sharing with you the process of how I set up, configured, and monitored a CTF platform that handled 150+ users simultaneously totally FOR FREE 💲
-
How to keep an HTTP connection alive for 9 hours
Under the hood, we use the open source CTF platform, CTFd. CTFd has its own system for registration and login. However, we wanted to use our own registration landing event for style and tracking purposes. Here are the requirements from our marketing team:
-
Creating Competition Platforms
Currently we use our CTFd fork, containerised and hosted on DigitalOcean. Major problems are that it's a freemium software, so for questions that might need execution of code in some programming language, we'll have to pay for it (and our club can't afford that). Questions are mostly MCQ or Fill in the Box.
- Creating CTFs for College Club
-
316ctf: Beginner CTF
Thanks to our sponsors Anderson University (SC) & CTFd
-
Building a Hack The Box alternative for educational purposes
Also, I would suggest using ctfd for management, with some plugins you can make it do most of what you need https://ctfd.io/ .
-
CTF Party - Novice to Professional
Are you using ctfd? https://ctfd.io/
-
Announcing Beast - An open source Jeopardy style CTF creation and management tool!
I think it's a misnomer to say that CTFd is proprietary. While CTFd does have a hosting platform that uses closed source code, CTFd itself is open core and open source under the Apache 2 license. My company and I put a lot of effort into maintaining the open source version of CTFd while still being sustainable.
-
Intentionally vulnerable networks for hackers
TryHackMe and CTFd might be worth a look.
-
How To Setup Your CTFd Platform With HTTPS And SSL
If you want to organize and host a CTF event, one of the best and easiest options available for managing this is CTFd.
What are some alternatives?
RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager)
ed25519-unsafe-libs - List of unsafe ed25519 signature libs
Docker Compose - Define and run multi-container applications with Docker
pwntools - CTF framework and exploit development library
awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares
libsodium - A modern, portable, easy to use crypto library.
the-littlest-jupyterhub - Simple JupyterHub distribution for 1-100 users on a single server
pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy
snoop - Snoop — инструмент разведки на основе открытых данных (OSINT world)
pwndra - A collection of pwn/CTF related utilities for Ghidra
Awesome-DevSecOps-Platforms - A curated list of awesome security platforms,including CTF/Security Response Center/Bug Tracker and so on.