phdctf-2017 - PHDays Online CTF 2017. Developed with ♥ by Hackerdom team

  •        11

PHDays CTF2017 is an online international challenge in the information security. Developed by Hackerdom team for PHDays VII forum. The contest is driven by classic rules (Attack-Defense CTF) Each team is given a set of vulnerable services. Organizers regulary fill services with private information — the flags. The goal of each team is to find vulnerabilities, fix them in their services and exploit them in order to get flags from other teams.

https://phdays.com
https://github.com/HackerDom/phdctf-2017

Tags
Implementation
License
Platform

   




Related Projects

Exploit-Writeups - A collection where my current and future writeups for exploits/CTF will go

  •    

Welcome to my collection of exploit writeups. This repo is where my current and future writeups for public exploits, vulnerability research, and CTF challenge solves will go. Below is a directory of the current writeups that I've published. An overview of the PS4 kernel exploit codenamed "namedobj", which targets a type confusion vulnerability in the sys_namedobj_* Sony system calls. This overview covers the basic exploit strategy required to leverage the type confusion bug into a fully fledged exploit.

fbctf - Platform to host Capture the Flag competitions

  •    Hack

The Facebook CTF is a platform to host Jeopardy and “King of the Hill” style Capture the Flag competitions.The FBCTF platform was designed with flexibility in mind, allowing for different types of installations depending on the needs of the end user. The FBCTF platform can be installed either in Development Mode, or Production Mode.

payloads - Git All the Payloads! A collection of web attack payloads.

  •    Shell

run ./get.sh to download external payloads and unzip any payload files that are compressed. Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.

stripe-ctf-2.0 - Capture the Flag: Web Edition https://stripe.com/blog/capture-the-flag-20

  •    Python

This repository contains the source code to the levels from the Stripe CTF 2.0, which ran from August 22-29, 2012.

awesome-ctf - A curated list of CTF frameworks, libraries, resources and softwares

  •    Javascript

A curated list of Capture The Flag (CTF) frameworks, libraries, resources, softwares and tutorials. This list aims to help starters as well as seasoned CTF players to find everything related to CTFs at one place.Please take a quick look at the contribution guidelines first.


Zeratool - Automatic Exploit Generation (AEG) and remote flag capture for exploitable CTF problems

  •    Python

This tool uses angr to concolically analyze binaries by hooking printf and looking for unconstrained paths. These program states are then weaponized for remote code execution through pwntools and a series of script tricks. Finally the payload is tested locally then submitted to a remote CTF server to recover the flag. Zeratool has room to grow and future iterations of Zeratool will include information disclosure discovery and linking those leaks to an offset for general ASLR bypasses.

pwntools - CTF framework and exploit development library

  •    Python

Pwntools is a CTF framework and exploit development library. Written in Python, it is designed for rapid prototyping and development, and intended to make exploit writing as simple as possible. You can now do a live demo of Pwntools, right in your browser.

write-ups-2017 - Wiki-like CTF write-ups repository, maintained by the community. 2017

  •    Python

This repository aims to solve those problems. It’s a collection of CTF source files and write-ups that anyone can contribute to. Did you just publish a CTF write-up? Let us know, and we’ll add a link to your post — or just add the link yourself and submit a pull request. Spot an issue with a solution? Correct it, and send a pull request.

OpenARC

  •    C++

A clone of Attack, Retrieve, Capture, the best game of 1997: a top-down 2D capture-the-flag game in which you pilot a small well-armed spaceship!

janusec - Janusec Application Gateway, a Golang based application security solution which provides WAF (Web Application Firewall), CC attack defense, unified web administration portal, private key protection, web routing and scalable load balancing

  •    Go

Janusec Application Gateway, an application security solution which provides WAF (Web Application Firewall), CC attack defense, unified web administration portal, private key protection, web routing and scalable load balancing. With Janusec, you can build secure and scalable applications. Detailed documentation is available at Janusec Application Gateway Documentation.

XNA Capture the Flag for the Microsoft Zune

  •    

Capture the Flag is a 2d Capture the flag game made for the Zune platform using XNA 3.0 CTP. Players choose to join or start a network session in the main menu. When in game, the player uses left or right on the DPad to choose the team on which to play with. Once sides have b...

CTF

  •    

A multi-agent capture-the-flag package designed for teaching artificial intelligence concepts.

Outgun

  •    C++

Outgun is a free, cross-platform 32-player capture-the-flag (CTF) 2D action game.

mesalink - MesaLink is a memory-safe and OpenSSL-compatible TLS library.

  •    Rust

MesaLink is a memory-safe and OpenSSL-compatible TLS library. Since 2014, the industry has seen a huge impact and loss due to memory vulnerabilities in TLS stacks; such as the infamous "Heartbleed" bug. MesaLink is born with the goal of eradicating memory vulnerabilities in TLS stacks; and it is written in Rust, a programming language that guarantees memory safety. This significantly reduces the attack surfaces; which further facilitates auditing and restricting the remaining attack surfaces. MesaLink is cross-platform and provides OpenSSL-compatible APIs. It works seamlessly in desktop, mobile, and IoT devices. With the growth of the ecosystem, MesaLink would also be adopted in the server environment in the future. To get better functionality along with strong security guarantees, MesaLink follows the following rules-of-thumb for hybrid memory-safe architecture designing proposed by the Rust SGX SDK project.

w3af - Web Application Attack and Audit Framework

  •    Python

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities. It can find Cross site scripting, SQL Injection and lot more. The framework implements web and proxy servers which are easy to integrate into your code in order to identify and exploit vulnerabilities.

ctf - CTF Field Guide

  •    C

We’re glad you’re here. We need more people like you. If you’re going to make a living in defense, you have to think like the offense.

capture the flag

  •    C++

A really really good Capture the Flag computer game.

BinExp - Linux Binary Exploitation

  •    C

I am quite passionate about exploiting binary files. First time when I came across Buffer Overflow(a simple technique of exploitation) then I was not able to implement the same with the same copy of code on my system. The reason for that was there was no consolidated document that would guide me thoroughly to write a perfect exploit payload for the program in case of system changes. Also there are very few descriptive blogs/tutorials that had helped me exploiting a given binary. I have come up with consolidation of Modern exploitation techniques (in the form of tutorial) that will allow you to understand exploitation from scratch. Lecture 1.

adversarial-robustness-toolbox - This is a library dedicated to adversarial machine learning

  •    Jupyter

This is a library dedicated to adversarial machine learning. Its purpose is to allow rapid crafting and analysis of attacks and defense methods for machine learning models. The Adversarial Robustness Toolbox provides an implementation for many state-of-the-art methods for attacking and defending classifiers.