ECSC oskused
Kategooriad
Binary Exploitation (pwn)
x86_64, ARM, MIPS, binaries, shared objects, kernel exploitation, buffer overflows, heap exploitation, ASLR bypass, NX / PIE bypasses, ret2libc, ROP. Linux & Windows. Pwntools
Reverse Engineering (rev)
Binary, Android, iOS, obfuscated / minified Javascript
Cryptography (crypto)
Classical cryptography, RSA, AES, EC. Known plaintext, known ciphertext, chosen plaintext, chosen ciphertext, etc. Padding oracle, Hastad's, Chinese remainder, etc.
Web Exploitation (web)
XSS, CSP bypass, admin bot type challenges. CSRF, SSRF, XXS, Command injection, SQL injection, path traversal, XS-Leaks etc. Authentication & authorization bypasses. IDOR. Known vulnerabilities (Drupalgeddon et al)
Forensics (foren)
Memory forensics (Volatility), Windows & Linux. Volatility profile creation. Network & USB forensics (Wireshark, etc). Disk forensics, file carving etc. Log analysis, timeline creation, analysis, finding IPs and other DFIR activities.
Boot2root (htb)
Metasploit, known CVEs, exploits, POCs, privilege escalation, checksec, LinPEAS, scripting, footholds and persistence.
Admin
Linux, Docker, firewalls, networking, WireGuard, OpenVPN, IDS/IPS, Suricata. Scripting & automation
Misc
OSINT, Steganography, jt varia-kategooriad. Põgenemistuba
Hardware
ARM, AVR, STM*, ESP32/ESP8266, Arduino etc. Wire protocols, voltage glitching, side channels, coprocessors, undocumented instructions, flash dumping, JTAG, soldering/desoldering, debug interfaces, SWD
Muud teemad
Privaatsus ja turvalisus, tsensuur, juhtimine, esinemine, social engineering, jt
Õppekeskkonnad
Top harjutuskeskkonnad, kust saada head baasteadmised:
Kuidas oskusi viimistleda
Osale CTF-idel! Mida rohkem, seda parem.
- Otsi CTFTime'ist CTF võistlusi, millel on kõrge Weight või palju osalevaid tiime
- Liitu Eesti küberturvalisuse kogukonna Discordiga
- Kutsu kokku sõbrad, hõika Discordis välja, ühiselt on toredam lahendada
- Võistle teiste ECSC võistkondade vastu OpenECSC ja muudel üritustel