Cookie Engineer's Website

Weekly CTF Meetup

I'm organizing a weekly CTF meetup, in which we're taking part in online CTFs and we're implementing the solutions in code for each of the challenges.

As I'm always up for some hacking fun when it comes to implementing exploits and teaching people how exploits and defense mechanisms work, this is usually done in a more casual manner. Practice makes perfect, and I believe only people that implemented the exploits can really understand how they work and how to avoid their flaws and weaknesses in the future.

That's why I also think that Purpleteaming is the best approach of continously improving a Blueteam's defense strategies and security control mechanisms. Without regular CTF events, people tend to get sloppy and the culture in a company tends to shift towards a numbers game where blaming other department becomes the reality of dealing with issues that affect the whole company.

In our regular CTF group, we've been completing the following CTFs so far. There's probably more that we've done as challenges for fun, but these are the ones that I like to remember and recommend the most.

• PicoCTF Beginner Level CTF targeting highschool students
• Overthewire Bandit Beginner level covering Unix/Linux basics
• Overthewire Natas Beginner level covering Web Security and Web Exploitation
• Overthewire Leviathan Beginner Level covering Binary Exploitation basics
• Overthewire Narnia Advanced Level covering Binary Exploitation
• Overthewire Behemoth Advanced Level covering Binary Exploitation
• Overthewire Utumno Advanced Level covering Binary Exploitation
• Overthewire Maze Advanced Level covering Binary Analysis via GDB
• Overthewire Vortex Expert Level covering a mixture of Binary Analysis and Binary Exploitation
• Exploit Education Phoenix Beginner Level covering Binary Exploitation
• Exploit Education Nebula Advanced Level covering Privilege Escalation
• Exploit Education Fusion Advanced Level covering Sidechannel and Timing Attacks

CTF Writeups

The writeups repository contains a mixture of the previously mentioned CTFs, some occasional scavenger hunts that are organized by other organizations, and development notes of all kinds.

I'm currently in the process of writing down everything in Cookie's Cyber Wiki but it's a lot of work if it's even ever completable. Bare with me, my free time is quite limited, and my fulltime job has nothing to do with anything listed on my website, so it's gonna take a while. If you want to help, pull requests are always welcomed!