Binary Exploitation (also called pwn, binexp, binary)
What is binary exploitation?
Binary exploitation is basically any problem that is based around exploiting a bug in a program to cause it to give you the flag. This differs from web in that the bugs are mostly low level, and the problems are based around binaries (executable files, normally written in C). Also, unlike reversing, the challenge is based around exploiting vulnerabilities instead of trying to figure out what the binary does. It's normally fairly easy to understand what's going on in a binary exploitation problem compared to reversing. pwn is another name for binary exploitation, taken from old hacker slang where people would say "pwn" instead of hack.
What do I need to know to solve binary exploitation problems?
You should probably understand the basics of Computer Architecture (CS 429) and simple Linux. Knowledge of C and x86/64 assembly is also very useful. Of course, you don't need to know any of this, but anything you don't know you will have to learn on your own in the progress of solving a problem. You should probably do the first few reversing problems first too, so you can learn a disassembler (Ghidra or Cutter) and GDB (plus an extension like Pwntools or GEF).
What does a binary exploitation problem look like?
Most pwn problems involve a single simple program, that you are given. You can run this program locally for testing, but it won't be able to print the flag since the file is located on the remote server. You will also be given a netcat, where you can send or receive data. The goal is then to send the netcat something that causes it to give you the flag. It is generally easier to test the programs locally so you can use gdb, and then to submit the solution to the netcat. Remember that the remote computer may not be set up the same way yours is. Many pwn problems end with you "getting a shell". This means that you have a way to send the remote computer commands to execute, just like you do on your own command line. Once you have done this you can just run
cat flag.txt to get the flag.
What can I do with binary exploitation?
pwn is a great way to learn more about low level programming. Also, when writing C it is much easier to write safe C if you know what kinds of exploits your program could potentially be vulnerable to. pwn can also be useful if you want to become a cybersecurity analyst, as it's really similar to the work you would do on low level programs.
Why is binary exploitation fun?
pwn is fun because it's the most "hackerish" category. I know that sounds a little cringy but it's honestly really cool to hack someone else's server and steal their data. It can be intensely frustrating, but that just makes it even more satisfying when you finish the problem. The feeling of getting a shell after hours of work makes it all worth it.
Cryptography (also called crypto)
What is cryptography?
Cryptography is the practice of encrypting data such that it is unreadable and therefore useless to an adversary. It includes all manner of encryption schemes, ciphers, cryptosystems and more. Specifically for CTFs, you are usually trying to break or undo an encryption scheme or cipher. In order to make data harder to recover, lots of encryption schemes rely a lot on math to ensure that it's computationally infeasible to try to recover the plaintext without knowing specific secrets or keys.
What do I need to know to solve cryptography problems?
Easy to medium level cryptography problems usually involve relatively simple ciphers that you can read up about on Wikipedia or find tools to solve online. As the problem difficulty increases, you will usually need to know more math: specifically topics like abstract algrebra and number theory. It's also pretty useful to know how to use Python and/or Sage in order to write code to solve the more math-y problems.
What does a cryptography problem look like?
There are a couple different types of cryptography problems, but one of the most common is having to decipher or decrypt data that is given to you. The prompt or title will usually contain some hint as to what method was used to encrypt the data, and it's up to you to figure out how to undo it. Sometimes it's straightforward deciphering, but other times you may have to take advantage of mistakes or poor choices made (purposefully) by the challenge author in order to recover the flag.
What can I do with cryptography?
Cryptography is an awesome way to get into the more math-y and theoretical side of security. Considering we use things like encryption every day of our lives (whether we're aware of it or not), it's useful to know what types of vulnerabilities different cryptosystems and ciphers have so you know how to apply them properly in practice. Learning more about cryptography can be useful if you want to become a cryptographer, penetration tester, researcher, or if want to work on tools that use and implement cryptographic schemes.
Why is cryptography fun?
Cryptography is fun because it's awesome to see how some smart math tricks can lead to (theoretically) near-unbreakable systems, and how some dumb math mistakes can send those systems crumbling. Finally seeing that flag pop out after hours of trying to understand some cryptosystem you just learned about the same day in incredibly rewarding. Plus, it makes you feel very big-brained because you get to understand big math words :)
What is forensics?
Forensics is a pretty open-ended category, but for the most part it involves all manner of manipulating files to recover data. Sometimes this means recovering data that was hidden inside of the raw bytes of a file (steganography), sometimes it means fixing broken files (file signatures), sometimes it's recovering files hidden in files hidden in files (file carving), the list goes on.
What do I need to know to solve forensics problems?
Honestly there isn't too much background knowledge needed for forensics problems, since you'll usually be learning most of it on the fly. This is due to the varied nature of forensics problems-- one problem could be all about PDF specifications while another is completely perpendicular and requires knowledge of image manipulation. As a result, Google and Wikipedia are your best friends, as well as online tools you may find to help with things like recovering steganographic messages and the like. Overall, understanding different encodings (binary, hexadecimal, Base64, etc.) is something that usually comes in handy no matter what the problem.
What does a forensics problem look like?
Again, since forensics problems are so varied, they can look very different. For the most part, you'll usually be provided with some type of file, and it's usually a good idea to run terminal programs like
binwalk on any file you get so you can decide what the next steps are. Usually the flag will be encoded or hidden in the file in some way, and your job is to recover it.
What can I do with forensics?
Doing forensics problems will make you very familiar with file formats and specifications, as well as all the different ways in which you can break them. Additionally, you'll learn how to recover data that is thought to be gone forever. While both of these things are useful just as a person who uses a computer, they can also be helpful if you want to go into digital forensics and incident response (DFIR). Being able to recognize what should and shouldn't be in a file, and knowing how attackers might hide malicious programs or data within benign files are skills that will get you far.
Why is forensics fun?
Forensics is fun because you learn just how strict and how unrestricted files and file formats can be. Want to mash up a ZIP file and a JPEG into one file and still have it work as both types of file just fine? You can do that! Want to make an image that shows one image in the file preview and another when you actually open it? Go for it! Want to hide a secret message in the spectrogram of an audio file? No problem! It's just plain awesome how much can be done just by twiddling some bits of a file.
Reverse Engineering (also called reversing, rev)
What is reversing?
Reversing is any problem where you are given code / a binary and you need to try to figure out what it does. Often reversing problems are written in a way where it isn't easy to tell what the code is doing, or the code obfuscates itself somehow.
What do I need to know to solve reversing problems?
You should probably understand the basics of Computer Architecture (CS 429) and simple Linux. Knowledge of C and x86/64 assembly is also very useful. Of course, you don't need to know any of this, but anything you don't know you will have to learn on your own in the progress of solving a problem. It's also nice to know your way around a good disassembler / decompiler (like Ghidra or Cutter).
What does a reversing problem look like?
Most reversing problems involve being given a single program to run. You then need to figure out what the program does, and how to make it give you the flag. Sometimes the program will have the flag hidden inside and you just need to get it out. In other problems the program will just validate your input (the program will just tell you if you got the flag right). With those problems you just need to figure out how the program validates the flag so you can create a flag that will pass the checks.
What can I do with reversing?
Reversing is a great way to learn more about low level programming. It will teach you a ton about how computers work, and how programs work. It also teaches you a lot of tools, like GDB and Ghidra, that are useful when debugging.
Why is reversing fun?
Reversing can be like a puzzle. You work hard, and slowly over time reveal more and more of the program, as you figure out how everything works. It also has the same satisfaction for when you finally finish and can see the whole picture. Also, Reversing can be fun if you want to look at a program on your computer, like a game or app, and figure out how it works.
What is web?
Web problems are any problems based around a web browser, or a webservice / API. They generally involve exploiting some sort of bug or vulnerability in the source code of the website to get the flag. The bug could either be in the frontend of the website, or the backend.
What do I need to know to solve web problems?
What does a web problem look like?
Most web problems just start with a single url. Sometimes the problem will give you the backend code for the website,but this isn't particularly common. From there you will have to investigate the website, and figure out what it's doing.Sometimes you can find a vulnerability in the frontend code, or sometimes you can figure out a specific way to make a HTTP request that tricks the server. Often this involves at least some level of guesswork, but a good problem will hinttowards what you should be doing. From there, common vulnerabilities involve tricking the webserver into sending youfiles it's not supposed to (like the flag), or stealing cookies.
What can I do with web?
Web problems are probably the most applicable for the real world. For one, CTF's can be a way for you to be exposed to a wide variety of web technologies, and cause you to deep dive to learn how they work. Also, almost all of the web vulnerabilities you will use are fairly common in the real world. Knowing how to exploit these vulnerabilities can help you write better, more secure code in the future.
Why is web fun?
Web is super satisfying because once you learn more about it, you get to see how all sorts of real world systems work. Unlike other types of challenges, you can look at the web security systems of real world companies. It's all right there in your web browser. Once you know what to look for you can find out how all sorts of websites work, and how they secure themselves.