CTF Literature
Collection of free books, papers and articles related to CTF challenges.
How To Get Started In CTF
CTFtime
Hack.lu (2014) Writeups
Web
Cross-site scripting (XSS)
- OWASP - XSS
- OWASP - XSS Filter Evasion Cheat Sheet
- DOM Clobbering
- HTML Markup Injection
- Testing For Reflected XSS
- Testing For Stored XSS
- Testing For DOM-based XSS
Cross-Site Request Forgery (CSRF)
Local File Inclusion (LFI)
Remote File Inclusion (RFI)
SQL-Injection (SQLi)
- OWASP - SQLi
- Testing For SQL Injections
- SQL Backdoors
- Bypassing Modern SQL Injection Security Measures
- 9.6 Comment Syntax
- Cheat Sheets
- [video] Advanced SQL Injection
- [video] Defcon 18 - You Spent All That Money And You Still Got Owned
LDAP Injection
Path Traversal
Cookies
Command Injection
Languages / Databases
Tools
- w3af - Web Application Attack and Audit Framework (Windows/Linux)
- Firefox - Addon Pack (Web Pen Testing)
Practice
Reverse Engineering
Introduction To Reverse Engineering
Obfuscation
Tools
Practice
Crypto
Introduction To Crypto
Tools
Exploitation
Introduction To Exploitation
- The Linux man-pages Project
- Special File Permissions (setuid, setgid and Sticky Bit)
- Linux Users and Groups