CTF Competitor

Bash, file manipulation, permissions, piping, grep/awk/sed

Scripting for automation, pwntools, requests library, socket programming

Hex, binary, octal, Base64, URL encoding, ASCII table

TCP/IP, DNS, HTTP, Wireshark packet analysis fundamentals

Jeopardy-style vs Attack-Defense, flag formats, scoring, team dynamics

Union, blind, error-based SQLi, filter evasion, NoSQL injection

Reflected, stored, DOM XSS, cookie stealing, CSP bypass

SSTI, SSRF, LFI/RFI, command injection, path traversal

Session fixation, JWT cracking, cookie manipulation, brute force

PHP/Python/Java deserialization, prototype pollution, race conditions

Caesar, Vigenere, substitution, transposition, frequency analysis

AES (ECB/CBC/CTR), DES, block cipher attacks, padding oracle

RSA attacks (small e, Wiener, Hastad), Diffie-Hellman, ECC basics

MD5/SHA collisions, length extension, hash cracking, rainbow tables

Weak RNG, timing attacks, reused nonces, custom crypto analysis

Registers, instructions, calling conventions, stack frames

Stack smashing, return address overwrite, NOP sled, shellcode

ROP chains, gadget finding, ret2libc, ret2plt, GOT overwrite

Arbitrary read/write, GOT overwrite via format strings

Use-after-free, double free, tcache poisoning, heap feng shui

ASLR, NX, Stack canaries, PIE, RELRO -- bypass techniques

IDA Pro, Ghidra, Binary Ninja -- disassembly and decompilation

GDB, ltrace, strace, debugging techniques, breakpoints

Obfuscation, packing (UPX), anti-debug, VM detection

ELF, PE structure, sections, imports/exports, symbol resolution

.NET/Java decompilation, Android APK reversing, firmware analysis

Magic bytes, binwalk, file carving, steganography, metadata

Volatility, Autopsy, file system analysis, deleted file recovery

PCAP analysis, protocol reconstruction, traffic pattern analysis

LSB encoding, image/audio stego, zsteg, stegsolve, spectrograms

Metadata extraction, social media recon, geolocation, Wayback Machine