Skip to content


Capture The Flags, or CTFs, are a kind of computer security competition.

Teams of competitors (or just individuals) are pitted against each other in a test of computer security skill.

Very often CTFs are the beginning of one's cyber security career due to their team building nature and competitive aspect. In addition, there isn't a lot of commitment required beyond a weekend.

In this guide/wiki/handbook you'll learn the techniques, thought processes, and methodologies you need to succeed in Capture the Flag competitions.

Grading Policy

Topics Grade
Lab1: Forensics 10
Lab2: Buffer Overflow 10
Lab3: Web Information Discovery 10
Lab4: Web Vulnerability Exploit 10
Lab5: De-compiling Program 10
Lab6: Attacking WiFi 10
Lab7: Physical Attacks 10
Lab8: Social Engineering 10
Lab9: Privilege Escalation 10
Lab10: Public Key Crypto Attacking 10
Lab11: Attacking Websites 10
Lab12: ROL and ROP 10
Attack and Defense CTF (bonus) 100

Class Schedule

CTFs in CS315 Course aims to provide an experimental environment. Instructions of CTF components in CS315 are as follow:

Date Topic Content File
Week 1 CTF Introduction and Forensics 1. Introduce CTF
2. Basic Forensics
3. Network traffic analysis
Week 2 PWN: Basic Buffer Overflow 1. Introduce PWN
2. Stack and buffer overflow
3. Return to shellcode
Week 2.pdf
Week 3 PWN: Advanced Buffer Overflow 1. Calling conversion
2. Binary security
3. Bypass canary & PIE
Week 4 WEB: Information Discovery 1. Passive information gathering
2. Active information gathering
Week 5 WEB: Vulnerability Exploit 1. Injection
2. Traversal
Week 6 RE: De-compiling Program 1. Assembly
2. From C to assembly
3. Disassemblers and Decompiles
4. Debugging with GDB
Week 7 WLAN: Attacking WiFi 1. WiFi attacking tools
2. Resume attack
3. WiFi crypto attack
4. Evil Twin
Week 8 MISC: Physical Attacks 1. BIOS
2. Bad USB
3. Attack printers
Week 9 MISC: Social Engineering 1. Cloning a website
2. Phishing
Week 10 PWN: Privilege Escalation 1. Gather vulnerabilities
2. Privilege escalation
Week 11 CRYPTO: Public Key Crypto Attacking 1. Traditional crypto
2. Hash functions
3. RSA
Week 12 WEB: Attacking Websites 1. OWASP top 10
2. Proxies vulnerabilities
3. User input vulnerabilities
Week 13 PWN: ROL and ROP 1. ROP
2. Dynamic ROP chain
3. ROL
Week 14 CTF: Attack-Defense CTF 1. Introduction
2. Environment set
3. Grading

Contact me

If you have any questions about the CTF part, feel free to contact me : liz33[at]