Recommend challenges for the YDS offensive security workshop

challenges.md

Here is a list of recommended challenes on play.picoctf.org/practice for you to work on.

If you are stuck, it's often a good idea to move on to another challenge and come back later.

Always feel free to work on any challenge that strikes your fancy. These are ones I have taken a look at.

Class Leaderboard

If you are interested in being on a class leaderboard, you can join here:

https://play.picoctf.org/classrooms

Invite code: C7M3rMer6

Web Explotation

• Source searching

  • Insp3ct0r
  • Search source

• Cookie inspection and editing

  • Power Cookie
  • Cookies
  • More Cookies (quite a bit harder, try other sections first)
  • JAuth (quite a bit harder, try other sections first)

• JavaScript reversing

  • dont-use-client-side
  • Client-side-again

• Headers:

  • picobrowser
  • Who are you?

• Command injection

  • caas
  • SQLiLite

Network Eavesdropping and Forensics

• Packets Primer
• Wireshark doo dooo do doo
• Wireshark twoo twooo two twoo
• Eavesdrop
• Trivial Flag Transfer Protocol
• shark on wire 1
• shark on wire 2
• scrambled-bytes
• WPA-ing Out

More CTFs

• picoctf.org
• overthewire.org
• portswigger.net/web-security
• microcorruption.com
• hackthebox.com

Favorite Content

• youtube.com/@LiveOverflow
• Darknet Diaries Podcast
• youtube.com/@DEFCONConference