CTF
Getting Started
CTF can feel daunting at the beginning. These can help get started:
- Blog post by Jaime Lightfoot
- Describes what CTFs are, how to get involved, and points to many more resource recommendations.
- PicoCTF
- An annual CTF for high school students (but available to anyone) that maintains all previous challenges which can be used to learn and practice new skills.
- CTFtime
- A database of past and future scheduled CTF competitions. I learn from reviewing the write-ups of solutions from past competitions that are hosted here.
Binary Reverse Engineering and Exploitation
- Hacking: The Art of Exploitation, by Jon Erickson
- An introductory book with practical (but dated) examples for learning binary exploitation.
- begin.re
- Reverse engineering course with slides and exercises for complete beginners, created by Ophir Harpaz.
- pwn.college
- Free content and lectures developed for ASU’s Computer Systems Security course, created by Zardus and kanak of the shellphish CTF team.
- RPISEC Modern Binary Exploitation
- Free content and lectures developed by RPISEC CTF team and taught as a full course at RPI.
- pwnable.kr
- Set of binary exploitation CTF challenges that range from introductory to expert.
Cryptography
- cryptopals (sometimes referred to as the Matasano crypto challenges)
- A set of applied cryptography challenges that build on fundamental concepts.
Misc
- Reddit AMAs
- Multiple DEF CON CTF winners and organizers have posted Reddit AMAs (Ask-me-anythings) describing their experiences, including PPP, Samurai, and LegitBS.
- CTF Radiooo
- Podcast series run by zardus and adamd that covers the history of CTF, among other things, by interviewing many of folks who were involved in the major teams as they got started.
News
- Risky Business
- Podcast hosted by Patrick Gray covering computer security current affairs and often has insightful sponsor interviews.
- r/netsec
- Reddit security community.
- Lots of noise, but also occasional quality insights from people I respect.
Books
Programming Best Practices
The Pragmatic Programmer: From Journeyman to Master, by Andy Hunt and Dave Thomas
A Philosophy of Software Design, by John Ousterhout
Engineering Software as a Service: An Agile Approach to Using Cloud Computing, by Armando Fox and David Patterson
Computer Systems
Operating Systems: Three Easy Pieces, by Andrea & Remzi Arpaci-Dusseau
Linkers and Loaders, by John R. Levine
Linux Device Drivers, by Jonathan Corbet, Alessandro Rubini, and Greg Kroah-Hartman
Container Security, by Liz Rice
Computer Theory
Introduction to the Theory of Computation, by Michael Sipser
The Formal Semantics of Programming Languages, by Glynn Winskel
Exploitation and Reverse Engineering
Hacking: The Art of Exploitation, by Jon Erickson
The Shellcoder’s Handbook, by Chris Anley, John Heasman, Felix Lindner, and Gerardo Richarte
Learning Linux Binary Analysis, by Ryan “Elfmaster” O’Neill
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, by Bruce Dang, Alexandre Gazet, Elias Bachaalany, Sebastien Josse
Practical Binary Analysis: Build Your Own Linux Tools for Binary Instrumentation, Analysis, and Disassembly, by Dennis Andriesse
A Guide to Kernel Exploitation: Attacking the Core, by Enrico Perla and Massimiliano Oldani
The Tangled Web: A Guide to Securing Modern Web Applications, by Michal Zalewski (lcamtuf)
Hardware and Embedded Systems
An Embedded Software Primer, by David E. Simon]
Designing Embedded Hardware, by John Catsoulis
The Hardware Hacker: Adventures in Making and Breaking Hardware, by Andrew “bunnie” Huang
Inside the Machine: An Illustrated Introduction to Microprocessors and Computer Architecture, by John Stokes
Writing
The Elements of Style, by William Strunk, Jr. and E.B. White
On Writing Well: The Classic Guide to Writing Nonfiction, by William Zinsser
BUGS in Writing, by Lyn Dupre