Hobbies
3D Printing
Science Fiction
Top 5 books:
- Children of Time by Adrian Tchaikovsky
- The Forever War by Joe Haldeman
- Old Man's War by John Scalzi
- Ender's Game by Orson Scott Card
- Starship Troopers by Robert Heinlein
Capture the Flags (CTFs)
CTFs are a fun way to force yourself into creative thinking, break up the monotony of structured training, and gamify learning. Sometimes they can be awesome, and other times they can be terrible, but i've never walked away from one without learning something new.
I like to codify my solves in write-ups, as it helps me remember what I did to solve the challenge and also serves as a nice trophy when the competition is over.
Here are some of my favorite CTF-like websites:
| Topic | Resources | Notes |
|---|---|---|
| Live CTFs | CTF Time | Has all of the upcoming CTFs and details about them. Also allows you to create a team and compare performance across multiple CTFs against other teams. |
| Beginner CTFs | PicoCTF | If you find yourself intimidated or running out of time doing live CTFs, PicoCTF allows you to practice on old challenges from previous year's events. If you look hard enough you can usually find write-ups with the solution if you get stuck for too long |
| Bash | bandit overthewire | technically a "wargame" because it's not timeboxed, this is a heavily recommended resource for many people's first foray into bash |
| powershell | century underthewire | a powershell twin to bandit. |
| Hands-on guided Hacking | tryhackme | tryhackme is my #1 recommended resource to cybersecurity beginners. They offer a ton of guided training for free (especially if you vpn from your own box) and many of the rooms have write-ups if you get stuck. They strike a perfect balance of challenging content, but without disheartening new cyber professionals. |
| Unguided Hacking | Virtual Hacking Labs | At a steep price of $99/month VHL offers a very nice 500+ page ebook on pentesting techniques, tools, and procedures. I found their infrastructure to be very stable (compared to Offsec's training range) and labs to be a lot of fun. If you provide write-ups and root enough boxes you even get an obscure certificate. Their training makes for a nice transition to an eJPT or OSCP train-up on Offsec's proving grounds. |
| Hackthebox | Probably the most renowned training on this list. Hackthebox is a nice freemium alternative to VHL. For beginners I recommend first trying hackthebox academy as Hackthebox has a steep learning curve on many of it's regular boxes. | |
| Cryptography | cryptohack | Again, more of a learning platform than a traditional CTF cryptohack does a good job of gamifying learning modern cryptography and maths. |
| Embedded Security | microcorruption | microcorruption is a nice introduction to assembly, buffer overflows, and using a debugger without throwing you into the deep end of GDB. |
| Webapp | OWASP Juice Shop | OWASP juice shop is a great little CTF for web devs, pentesters, and cyber defenders. It's available both as a free standalone and as a room in tryhackme |
| Honorable mentions | vulnhub crackme |
I've only used these once or twice, but have heard good things about them |