CTF Learning Resources Guide
1. Web Exploitation
Best Learning Resources
- PortSwigger Web Security Academy
https://portswigger.net/web-security - OWASP Top 10
https://owasp.org/www-project-top-ten/ - Hacksplaining
https://www.hacksplaining.com - PayloadsAllTheThings
https://github.com/swisskyrepo/PayloadsAllTheThings - Root Me Web Challenges
https://www.root-me.org - Hack The Box Web Challenges
https://www.hackthebox.com - WebGoat
https://owasp.org/www-project-webgoat/
Tools
- Burp Suite
- ffuf
- sqlmap
- wfuzz
- dirsearch
YouTube
- PwnFunction
https://www.youtube.com/@PwnFunction - LiveOverflow
https://www.youtube.com/@LiveOverflow - NahamSec
https://www.youtube.com/@NahamSec
2. Binary Exploitation (Pwn)
Learn First
- C programming
- Linux internals
- x86/x64 assembly
- GDB
Best Learning Resources
- pwn.college
https://pwn.college - ROP Emporium
https://ropemporium.com - OverTheWire Behemoth/Narnia
https://overthewire.org/wargames/ - how2heap
https://github.com/shellphish/how2heap - Modern Binary Exploitation (RPISEC)
https://github.com/RPISEC/MBE - Pwnable.kr
http://pwnable.kr - Pwnable.tw
https://pwnable.tw
Tools
- pwndbg
- gef
- pwntools
- Ghidra
- gdb
YouTube
- LiveOverflow
https://www.youtube.com/@LiveOverflow - ippsec
https://www.youtube.com/@ippsec
3. Reverse Engineering
Best Learning Resources
- OpenSecurityTraining2
https://opensecuritytraining.info - Crackmes.one
https://crackmes.one - Microcorruption
https://microcorruption.com - Malware Unicorn RE101
https://malwareunicorn.org/workshops/re101.html - Practical Malware Analysis Labs
https://github.com/mikesiko/PracticalMalwareAnalysis-Labs
Tools
- Ghidra
- IDA Free
- Binary Ninja
- x64dbg
- radare2
YouTube
- LiveOverflow
https://www.youtube.com/@LiveOverflow - MalwareTech
https://www.youtube.com/@MalwareTechBlog
4. Cryptography
Best Learning Resources
- CryptoHack
https://cryptohack.org - Cryptopals
https://cryptopals.com - Introduction to Modern Cryptography Notes
https://toc.cryptobook.us
Tools
- CyberChef
- SageMath
- pwntools
- RsaCtfTool
YouTube
- Computerphile
https://www.youtube.com/@Computerphile - LiveOverflow
https://www.youtube.com/@LiveOverflow
5. Forensics
Best Learning Resources
- Blue Team Labs Online
https://blueteamlabs.online - CyberDefenders
https://cyberdefenders.org - DFIR Training
https://training.dfirdiva.com - Wireshark Official Docs
https://www.wireshark.org/docs/ - Volatility Foundation
https://volatilityfoundation.org
Tools
- Wireshark
- Volatility
- Autopsy
- binwalk
- foremost
- exiftool
6. OSINT
Best Learning Resources
- OSINT Framework
https://osintframework.com - SANS OSINT Resources
https://www.sans.org/blog/what-is-open-source-intelligence/ - Trace Labs OSINT CTF
https://www.tracelabs.org
Tools
- Maltego
- Sherlock
- theHarvester
- Google dorks
- Wayback Machine
YouTube
- John Hammond
https://www.youtube.com/@_JohnHammond - The Cyber Mentor
https://www.youtube.com/@TCMSecurityAcademy
7. Steganography / Misc
Best Learning Resources
- StegOnline
https://stegonline.georgeom.net - AperiSolve
https://www.aperisolve.com - CyberChef
https://gchq.github.io/CyberChef/
Tools
- zsteg
- steghide
- binwalk
- foremost
- strings
Best Writeup Sites
- CTFtime Writeups
https://ctftime.org/writeups - HackMD CTF Notes
https://hackmd.io - Nightxade Writeups
https://github.com/nightxade/ctf-writeups
Recommended Beginner Path
- OverTheWire Bandit
https://overthewire.org/wargames/bandit/ - picoCTF
https://picoctf.org - PortSwigger Academy
https://portswigger.net/web-security - CryptoHack
https://cryptohack.org - pwn.college
https://pwn.college - Start joining live events on CTFtime
https://ctftime.org