5 Steps to Get Started Hacking and CTFing

| Eugene Kolo

1. Install and Learn Linux

Linux is a hackable, and convenient operating system. The internals of it are
very interesting, and the foundation for a lot of engineering. But, they don't
concern you much right now. You just have to be able to navigate around in it,
install programs, and run programs. A virtual machine is easiest.

# Absolute basics
ls - list directory contents  
cd [path] - change directory to [path]  
pwd - print working (current) directory  
man [command- pull up the manual for [command]  
cat [filename] - print [filename] contents  
mv [from_filename] [to_filename] - move a file  
cp [from_filename] [to_filename] - copy a file  
rm [filename] - remove a file  
nano [filename] - open a file for editting

2. Learn Python and C

My advice is to learn the syntax, and then go further in depth by actually programming with it. Some books are fairly decent too.

Syntax

https://learnxinyminutes.com/docs/python3/
https://learnxinyminutes.com/docs/c/

Language

https://automatetheboringstuff.com/chapter0/

3. Learn some basics, and the landscape

There's a collection of great CTF videos here: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/videos.
Each of them is ~5-10 minutes. Additionally, it's very interesting and useful to read write-ups of previous CTF challenges. They give you the mindset, and teach you the skills necessary, here's a basic set: https://ehsandev.com/pico2014/

4. Collect some tools

Security is a very tool oriented field. It's a good idea to know what tools are
out there, and make some of them part of your arsenal.

CTF oriented

https://github.com/isislab?page=1
https://github.com/Gallopsled/pwntools

General security oriented

https://github.com/eugenekolo/sec-tools
https://github.com/eugenekolo/win-sec-tools
https://github.com/zardus/ctf-tools

5. Follow what interests you

Whether it's: game hacking, web security, competing in CTF competitions,
cryptography, reverse engineering, or whatever that interests you, it's up to
you to continue learning about it.

Fall 2016 Announcements

| Eugene Kolo

Hopefully everyone had a great summer, and is at least somewhat excited to return back to school.

0xBU will be continuing this semester! For those unfamiliar, 0xBU is a practical cybersecurity club that revolves around learning through hands on activities, such as reverse engineering, digital forensics, patching of vulnerable systems, applied cryptography, and exploitation of systems. Our primary vehicle to these interests is through Capture The Flag (CTF) competitions and through war games.

In the Spring 2016 semester we participated in ~10 CTFs, and were variously ranked top 10 to 20 in the USA. We’d like to make that top 10 in the world this semester. If you’re interested in participating, or at the very least learning, then please join us this semester. To keep track of us, please use our website, https://0xbu.com and our mailing list http://cs-mailman.bu.edu/mailman/listinfo/builds-list. We typically are either holding a workshop, or participating in a CTF. We meet in the BUILDS room, 111 Cummington Mall, Room B26.

There will be a few changes this semester:

  • Our meeting time will now be every Saturday at 12PM (Noon) to 2PM. Before we met at 7PM on Thursdays, and this caused some students to not be able to attend, due to late classes, and other club commitments.

  • Our focus, and main goal, will be competing (and winning!) in CTF competitions. This is also in line with our meeting time change - most CTFs run through the weekends.

  • Our mail list will be merged with builds, builds-list@cs.bu.edu. Maintaining the old mailing list has proven to be cumbersome. We’ll continue using both for a while though.

  • Our main form of team communication will be https://0xbu.slack.com. Previously we used IRC, which some members are more comfortable with, however requires a special client, and does not support many “modern” expectations such as automatic logging. Whereas Slack requires no special client, handles logging for you, and is easily enhanced with fun modules.

We have prepared some exciting resources, including a Linux virtual machine packed with hacking tools, exciting workshops, and we are working on creating an internal to BU wargame/CTF platform.

Our first meeting of the semester will be Saturday, September 10th at 12PM in 111 Cummington Mall, B26. It will revolve around a workshop of how to reverse engineer different software registration, i.e. cracking.

The week after will be our first CTF participations, as two of the best entry-level CTFs will be happening that weekend, September 16th.

Cheers,
Eugene