“I want to learn about exploitation! Where do I start?”

March 25, 2020

We’ve heard this question a lot. We’re even young enough to remember having asked it. The standard answer is often an embarrassed mumble that there are no golden rules, and that you should probably follow this or that person on Twitter to get tips, then “go practice, like maybe do some CTF exercises, I don’t know.”
CTF exercises are basically self-contained challenges that require the player to crack some problem and recover some piece of text (the “flag”) as a proof of having cracked the problem.

 

Beginners can try solving CTF exercises, but they don’t necessarily end up having a good experience. These exercises are often challenging but not very educational; many of them are full of technical gotchas and pure caprice, confusing beginners who often have difficulty telling these apart from the core of the problem.
If you fail to find a solution to a CTF challenge, it usually means you have wasted a few hours and gained zero knowledge – certainly a frustrating experience.
Even if you do succeed, it is not uncommon to find that a lot of excellent learning opportunities go to waste in the process.

 

This is why we Love, with a capital L, a well-motivated CTF exercise with a thorough solution write-up. These allow you to contend with the problem on your own — but also explain why you should even care about the problem, as well as illustrate what mindset and toolset might be required to approach the problem correctly. Even if you do not succeed, a good write-up clearly walks you through the correct solution; and at every step of the way, it answers the question that troubles students everywhere the most: “But how was *I* supposed to think of that?”

 

Georgia Tech’s “Toddler’s Bottle” exercises are very close to the ideal of a well-motivated exploitation CTF exercise – they are short, distilled and to the point. To complement them, we’ve authored the below-linked document — a sequence of guided solutions and lecture notes that walk the reader through the challenges, provide context and perspective and try to live up to the ideal described above.

 

So, “Where do I start?” — there really is no straightforward solution, but hopefully this guide will get you going. Good luck!

 

A First Introduction to System Exploitation