Kali Linux CTF Blueprints - Buchanan, Cam PDF | Infosecwithme

Kali Linux CTF Blueprints - Buchanan, Cam PDF | Infosecwithme

Thanks to Cameron Buchanan


The Topic are really in-depth with scenario based approach. you can refer table of content & download to study it.

I am 100% sure you will have more fun while reading & practicing it. it will enhance your skills very well.

Click on Download button | Infosecwithme

Chapter 1: Microsoft Environments

Creating a vulnerable machine
Securing a machine
Creating a secure network
Basic requirements
Setting up a Linux network
Setting up a Windows network
Hosting vulnerabilities

Scenario 1 – warming Adobe ColdFusion Setup                                                                                  Variations
                                                                           
Scenario 2 – making a mess with MSSQL
Setup                                                                         
Variations                                                                                                   

Scenario 3 – trivializing TFTP
Vulnerabilities                                                                                               
Flag placement and design
Testing your flags
Making the flag too easy
Making your finding too hard
Alternate ideas

Post exploitation and pivoting
Exploitation guides
Scenario 1 – traverse the directories like it ain't no thing
Scenario 2 – your database is bad and you should feel bad
Scenario 3 – TFTP is holier than the Pope
Challenge modes                             

Chapter 2: Linux Environments 

Differences between Linux and Microsoft
Setup

Scenario 1 – learn Samba and other dance forms
Setup
Configuration
Testing                                                                             
Variations
Information disclosure
File upload

Scenario 2 – turning on a LAMP
Setup
The PHP
Variations
Out-of-date
versions
Login bypass
SQL injection
Dangerous PHP
PHPMyAdmin

Scenario 3 – destructible distros
Setup
Variations

Scenario 4 – tearing it up with Telnet
Setup
Variations
Default credentials
Buffer overflows

Flag placement and design
Exploitation guides
Scenario 1 – smashing Samba
Scenario 2 – exploiting XAMPP
Scenario 3 – liking a privilege
Scenario 4 – tampering with Telnet

Chapter 3: Wireless and Mobile 

Wireless environment setup
Software
Hardware

Scenario 1 – WEP, that's me done for the day
Code setup
Network setup

Scenario 2 – WPA-2
Setup                                                                                                           
Scenario 3 – pick up the phone Setup                                                                               
Important things to remember

Exploitation guides
Scenario 1 – rescue the WEP key
Scenario 2 – potentiating partial passwords
Scenario 3.1 – be a geodude with geotagging
Scenario 3.2 – ghost in the machine or man in the middle
Scenario 3.3 – DNS spoof your friends for fun and profit

Chapter 4: Social Engineering 

Scenario 1 – maxss your haxss
Code setup

Scenario 2 – social engineering: do no evil
Setup
Variations

Scenario 3 – hunting rabbits
Core principles
Potential avenues
Connecting methods
Creating an OSINT target

Scenario 4 – I am a Stegosaurus
Visual steganography

Exploitation guides
Scenario 1 – cookie theft for fun and profit
Scenario 2 – social engineering tips
Scenario 3 – exploitation guide
Scenario 4 – exploitation guide

Chapter 5: Cryptographic Projects 

Crypto jargon

Scenario 1 – encode-ageddon
Generic encoding types
Random encoding types

Scenario 2 – encode + Python = merry hell
Setup
Substitution cipher variations

Scenario 3 – RC4, my god, what are you doing?
Setup
Implementations

Scenario 4 – Hishashin
Setup
Hashing variations

Scenario 5 – because Heartbleed didn't get enough publicity as it is
Setup
Variations             

Exploitation guides
Scenario 1 – decode-alypse now
Scenario 2 – trans subs and other things that look awkward in your history
Automatic methods
Scenario 3 – was that a 1 or a 0 or a 1?
Scenario 4 – hash outside of Colorado
Scenario 5 – bleeding hearts

Chapter 6: Red Teaming 

Chapter guide
Scoring systems
Setting scenarios
Reporting                                                                           
        Reporting example
Reporting explanation

CTF-style variations
DEFCON game
Physical components
Attack and defense
Jeopardy

Scenario 1 – ladders, why did it have to be ladders?
Network diagram
Brief
Setting up virtual machines
DMZ
missileman
               secret1                                                                     
               secret2
       secret3

Attack guide
Variations
Dummy devices
Combined OSINT trail
The missile base scenario summary

Scenario 2 – that's no network, it's a space station
Network diagram Brief                                                                               
Setting up a basic network
Attack of the clones
Customizing cloned VMs
Workstation1
Workstation2
Workstation3
Workstation4
Workstation5

Attack guide
Variations
The network base scenario summary Summary                                                                                Appendix                                                                             
Further reading
Recommended competitions
Existing vulnerable VMs

Click on Download button | Infosecwithme