CTF Resources
This repository aims to be an archive of information, tools, and references regarding CTF competitions. CTFs, especially for beginners, can be very daunting and almost impossible to approach. With some general overviews of common CTF subjects and more in-depth research and explanation in specific topics both beginners and veterans can learn, contribute, and collaborate to expand their knowledge. What is a CTF? CTFs are computer security/hacking competitions which generally consist of participants breaking, investigating, reverse engineering and doing anything they can to reach the end goal, a 'flag' which is usually found as a string of text. DEF CON hosts what is the most widely known and first major CTF, occurring annually at the hacking conference in Las Vegas. Many different competitions have branched off since then, and numerous ones are available year-round. One of the best places to see when CTFs are being scheduled is ctftime, an active website with calendars and team rankings. Example: A very simple type of CTF challenge consists of looking at the source code of websites or programs to find flags and/or hints.
FEATURES
ALTERNATIVES
A comprehensive guide to Nessus, a vulnerability scanner, covering data directories, binary directories, logs directories, plugin directories, advanced settings, API, and good practices.
Deliberately vulnerable CI/CD environment with 11 challenges to practice security.
A collection of security vulnerabilities in regular expressions used in WAFs with a focus on bypass examples and high severity issues.
The best security training environment for Developers and AppSec Professionals.
A repository aiming to archive all Android security presentations and whitepapers from conferences.
Level 400 training to become a Microsoft Sentinel Ninja.
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Mandos Brief Newsletter
A weekly newsletter providing cybersecurity leadership insights, industry updates, and strategic guidance for security professionals advancing to management positions.
Kriptos
An AI-driven data classification and governance platform that automatically discovers, analyzes, and labels sensitive information while providing risk management and compliance capabilities.
System Two Security
An AI-powered platform that automates threat hunting and analysis by processing cyber threat intelligence and generating customized hunt packages for SOC teams.
Aikido Security
Aikido is an all-in-one security platform that combines multiple security scanning and management functions for cloud-native applications and infrastructure.
Permiso
Permiso is an Identity Threat Detection and Response platform that provides comprehensive visibility and protection for identities across multiple cloud environments.
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.