I know that you have the instructions at #6, but it would be easier if the pdf was available for download

Also, any plans to actually put the book for sale?

I for one would prefer to buy the physical copy of the book (which would also be an nice/easy way yo contribute some money to the project)

Is it possible to get this site fully offline?

Is it possible to make the page white instead of using the dark color scheme it currently has?

in the exploit easy ,i encounter a problem.
i want to overwrite the pikachy variable into 0xfa75beef,but fgets() cannot read 0xfa75beef.
although i used the escape char '',just like \xef\xbe\x75\xfa,fgets() cannot identify the escape char ''.

so ,how can i make fgets() read the hexadecimal number.

First, thank you so much for putting the CTF Field Guide together. I'm just starting to get my feet wet and this looks like an awesome resource.

I wanted to find out if there is (or request) links to solutions for the workshops, as while learning it often helps to validate my answers or get a nudge if I'm completely stuck. I realize these are spoilers so I do think they should be in a separate section so they are not accidentally viewed, but still available somewhere for those who need it.

Nat

first,i overwrite both ebp and return addr in stack,immediately write three args for second call fgets function,and make the overflow_len size bigger.
however,because of ASLR,the ebp is hard to guess.
when i close ASLR,this is work!!

so,any other idea can you offer??
thanks a lot.

Basic instructions for getting started with gitbook, installing dependencies, and working with the master and gh-pages branches.

url:https://trailofbits.github.io/ctf/vulnerabilities/source.html
Resources
Essential C - Programming in C primer ------->https://trailofbits.github.io/ctf/ctf/vulnerabilities/ctf/vulnerabilities/ctf/vulnerabilities/ctf/vulnerabilities/references/EssentialC.pdf
is 404
ture --->https://github.com/trailofbits/ctf/blob/master/vulnerabilities/references/EssentialC.pdf

Any way to get this as PDF?

in web siberia.zip is password protected, what is the password?

How to install trailofbits/CTF source in kali linux

Ie, https://trailofbits.github.io/ctf/vulnerabilities/README.html

In particular, cover this section: https://github.com/GitbookIO/gitbook#output-formats

It'd be nice to take this offline on my kindle for reading. Any way to make this a single-page? maybe a Print-view?

(I have not read the whole thing, so I don't know how many videos/etc are in here).

Each lecture and each exercise should have its own, independent subsection. That would both make the guide easier to read and lower the bar for people to contribute modules.

key_buf (32bytes) is too small to hold the all content of the key file (56bytes).

This assumes knowledge of what CTF is. Maybe you're okay with that but I thought I'd point it out.

Where can I edit or set the flags to my choosing say if I wanted to make my own CTF game.
thanks.

In several places throughout the guide, there are links to PDFs that point to files stored in this repo. Some of those links are wrong, because the 'ctf' directory in the path sometimes appear twice, for example Vulnerability Discovery -> Auditing Source contains links to PDFs for Essential C and TAOSSA Chapter 6: C Language Issues. Those links are:

https://trailofbits.github.io/ctf/ctf/vulnerabilities/references/EssentialC.pdf
https://trailofbits.github.io/ctf/ctf/vulnerabilities/references/Dowd_ch06.pdf

They should be:

https://trailofbits.github.io/ctf/vulnerabilities/references/EssentialC.pdf
https://trailofbits.github.io/ctf/vulnerabilities/references/Dowd_ch06.pdf

Other pages have the same issues, they are:

Vulnerability Discovery -> Auditing Webapps
https://trailofbits.github.io/ctf/ctf/web/workshop/siberia.zip

Should be:
https://trailofbits.github.io/ctf/web/workshop/siberia.zip

Exploit Creation -> Binary Exploits 1
https://trailofbits.github.io/ctf/ctf/exploits/references/formatstring-1.2.pdf
https://trailofbits.github.io/ctf/ctf/exploits/references/tr-2007-153.pdf

Should be:
https://trailofbits.github.io/ctf/exploits/references/formatstring-1.2.pdf
https://trailofbits.github.io/ctf/exploits/references/tr-2007-153.pdf

Exploit Creation -> Binary Exploits 2
https://trailofbits.github.io/ctf/ctf/exploits/references/no-nx.pdf
https://trailofbits.github.io/ctf/ctf/exploits/references/acsac09.pdf

Should be:
https://trailofbits.github.io/ctf/exploits/references/no-nx.pdf
https://trailofbits.github.io/ctf/exploits/references/acsac09.pdf

Those are the links that I found, but I'm sure I could have missed a few. Thanks for the awesome resource!

The malware analysis course by TML is down right now. I was able to get the link from Internet Archive. However, I just wanted to ask whether you could replace it with RPISEC's course. Is the TML course significant enough to keep it? Does it offer something different? I really don't know how to judge, I defer to your infinitely better judgement.

If it is, I'll submit a PR to update the TML course links.

Thanks for this wonderful resource!

Hello, my name is Torin and I forgot the name I gave my team. I know my password, but it's the team name I forgot. Is there anyway I can get it back?

Hello guys,im trying to learn from the start,but it seems the depth of each section is beyond what i imagined,i will certainly go through all of them later, but now i don't have time for all of the lessons,can you guys suggest which part is best for learning pentesting(source auditing/reverse engineering/pentesting are different jobs right?)

Hi, I registered for the capstone ctf last week and I ended up forgetting my username to the team name I created, I know the password and the email it is linked to. Please help!

I made virtualmachine ubuntu and kali inside virtualbox and started program easy32 at ubuntu but my kalis nmap says all ubuntu ports are closed and netcat says connect refused at ubuntu port 12346. I allso installed socat at ubuntu btw.

i've spent more time than i'd like to admit trying to build one, and finally did successfully, and here is how to do it on osx:

• install gitbook by running npm install gitbook-cli -g
• download this project and extract it
• inside it run 'gitbook install'
• download Calibre application https://calibre-ebook.com/download
• move the calibre.app to your Applications folder
• create a symbolic link sudo ln -s /Applications/calibre.app/Contents/MacOS/ebook-convert /usr/local/bin
• if its still gives an error after creating a symbolic link you can add it to your PATH to fix it export PATH=$PATH:/Applications/calibre.app/Contents/MacOS
• now it should work, inside the directory run gitbook pdf

i think thats about it, good luck.

Good Evening/Morning/Afternoon,

I hope this is somewhat relevant and not an annoyance of a question, but I wish to find a team or just simply a group of people to converse with during CTFs. I've done a few alone and only a slim few on voice chats. I've found that the connection is valuable, and I learn loads more. So if you're able to provide resources, or even a strategy, to help dive into the community that would help me (and I suppose many others) out so much. 

Thanks for the read

https://trailofbits.github.io/ctf/vulnerabilities/binary.html

i started participating in ctf recently. I don't know much about this. i have to participate in a competition next month in which i have to attack others system for the flag and defend my system from their attack. please tell me some resources from where i should practice.

in the solution code of Algo 200 - A substring

public static int count(String s){
        int found = 0;

        for(int i = 0; i < s.length() - 1; i++){ //We skip the last character as it cannot be a valid first character of a sequence
            if(i == 0)
                if(s.charAt(i) == 'a' && s.charAt(i + 1) == 'a') 
                    found++;
            else
                if(s.charAt(i - 1) != 'a' && s.charAt(i) == 'a' && s.charAt(i + 1) == 'a')
                    found++;
        }

        return found;
    }

you canno't use if(s.charAt(i - 1) != 'a' && s.charAt(i) == 'a' && s.charAt(i + 1) == 'a') for simple reason which in the first iteration inside for loop i = 0, hence s.charAt(i-1) = -1, and it will generate
String index out of range: -1

I am writing a tool that uses CTF writeups for solving another CTF problems and hacking also via commands inside writeups
but still new and need improving code and looking for other similar tools for comparing it with my tool(open source is good and maybe with some ai) but can't find it do you know any tools?

Pull request #40 supposedly fixes broken links, but this change isn't reflected in the web-facing version.

Hi;
Thank you for your effort to supply us with this Guide. I just want to inform you that there are a lot of links that are not available in the resources section on many modules, So if you could update those links it will be a great move from your side, as from my little perspective on the field and from my researches online i have found that your guide in my point of view is the most complete guide on the internet. I hope that you could update the broken links so we can benefit from this near perfection hard work.

Thank you.

This note has there for quite a while. I think the table should be up by now.

I couldn't find a license and wanted to better understand how this may be used. Could you share the license details or add one (e.g. Public Domain, MIT, BSD, Apache 2, etc.)