Book Image

Kali Linux CTF Blueprints

By : Cameron Buchanan
Book Image

Kali Linux CTF Blueprints

By: Cameron Buchanan

Overview of this book

Table of Contents (14 chapters)
Kali Linux CTF Blueprints
About the Author
About the Reviewers

Further reading

There are so many books that I could recommend you go and read. It's very difficult to cut it down to a few specific ones, but if I have to, it'll be the following:

  • The Web App Hacker's Handbook, Dafydd Stuttard and Marcus Pinto, John Wiley & Sons, Inc.

    This is the key book for the web app testing world. Dafydd (the man behind Burp) and Marcus cover just about everything you need to know. They also do live readings and give the occasional update. It covers a lot in depth and weighs as much as you would expect. If you would like to learn more about web app testing, read this book.

  • Network Security Assessment, Chris McNab, O'Rielly Media.

    This book is a guide to infrastructure that I wish I'd read when I was still in school. This is one of the best guides to network security testing I've encountered.

  • Backtrack 5 Wireless Penetration Testing Beginner's Guide, Vivek Ramachandran, Packt Publishing.

    This is a seminal book on wireless testing. Vivek also does training courses all over the world. Handsome chap. The book not only goes more in depth on wireless exploitation than I have, but also covers setting up wireless networks in more depth. This is a good read and a must buy if you're looking to get into wireless testing.

As far as blogs go, the following are the blogs that I would like to recommend:

  • g0tmilk: This is a blog by a guy who collects vulnerable VMs and publishes guides to attack them. If you want an assault course and don't have time to run through it yourself, read one of his guides (just make sure you credit him).

  • nmonkee (Northern Monkey): The writer of this blog covers a broad aspect of everything. This is not a CTF blog exactly, but it is definitely relevant to catching new vulnerabilities and exploits.

A quick rogue's gallery is as follows:

  • ...And you will know us by the trail of bits

  • Daily Dave

  • Darknet

  • DEFCON Announcements!

  • SensePost

  • Neohapsis Labs

  • PaulDotCom

  • PentestMonkey

  • SkullSecurity

  • SpiderLabs

  • The Day Before Zero

  • ThreatPost

  • ZeroDayLabs

  • Carnal0wnage

  • Metasploit

  • Travis Goodspeed

  • Intrepidus Group

  • Security Ninja

  • Nullthreat Security

  • Rapid7 Metasploit

  • DarkOperator

  • gynvael.coldwind

  • Room362

  • The Register (El Reg)

Recommended competitions

The best places to go for ideas are Capture the Flag competitions currently being run around the world. There are some good starter competitions out there and some super hard ones. Here are a few to check out:

  • CSAW CTF: This is one of the best starter competitions. It stands for Cyber Security Awareness Week and is run by some lovely chaps and chapettes at NYU Poly. It usually runs in winter, around November.

  • DEFCON: This is the mother of all CTFs and really the mark by which CTFers judge themselves. There are epic prizes up for grabs, scary people competing, and scarier people running it. This is not for the lighthearted. The finals of this competition are conducted in Las Vegas. Don't shy away from the open qualifiers though; you never know. This competition runs in the months of summer; 2014 qualifier competitions were in May.

  • NotSoSecure: This is a penetration testing company that runs a whole bunch of stuff. They perform an annual CTF, which is pretty fun to do. Check it out if you have the time. This runs in April.

  • 44con: This is an annual penetration testing conference in London. The CTF tends to be pretty heated, though some people win it year-in, year-out. If anyone wishes to unseat 0xBadF00d, go take a shot at them. This conference is held in September.

  • BruCon: This is a Belgian conference. BruCon usually runs several different challenges; if you can make it over to Ghent, it's worth it. Check out the talks while you're there and learn a bit about brewing beer. This conference is held in September.

  • Nuit Du Hack: This is a French conference. It is held in Paris. Frenchmen are there to challenge you to a duel in CTFing. Good fun. Talks here are great. Some of the talks here are in French, but they are still interesting.

Existing vulnerable VMs

This is right at the end because I didn't want you to rely on these from the word go. Most of these are contained in the BWA (Broken Web Apps) project found at the following link:

However, there are some other good options out there, which are as follows:

  • HacMe Banks/Books (web app testing)

  • Kioptrix (infrastructure)

  • Deiced (infrastructure)

  • WebGoat (web app)

  • DVWA (Damn Vulnerable Web App) (web app)

  • Bricks (web app)

  • Metasploitable (infrastructure)