This repository contains the solution for various Capture The Flag (CTF) challenges taken during the Offensive and Defensive Cybersecurity Course at Politecnico di Milano along with their writeups.
Challenges are divided into categories, each one of them has its own folder. Each challenge contains a README.md
file with the description of the challenge and the writeup.
The objective of the challenges is to find the flag, which is a string that follows the format FLAG{...}
.
Each challenge has its own flag, and the goal is to find it, either by exploiting a vulnerability, reverse engineering, or by any other means.
The challenges are designed to cover a wide range of topics, from binary exploitation (ROP, heap, shellcode crafting, mitigations bypass, packing, reverse engineering, symbolic execution) to web security (race conditions, serialization, XSS).
The tools used to solve the challenges are mainly:
- Shellcode
- Reverse Engineering
- Mitigation Bypass
- ROP
- Heap Exploitation
- Symbolic Exeuction and Fuzzing
- Race Condition
- Serialization
- XSS
- Packing
The final CTF is a timed event (9 hours) where students have to solve as many challenges as possible. The challenges are divided into the same categories as the ones in this repository. Mine final CTF writeups are available in the CTF folder.
This repository is licensed under the MIT License.
For any questions, feedback, or suggestions, feel free to contact me. See my GitHub profile