First and foremost, welcome to the Whitehatters Computer Security Club (WCSC)! As a competitive club focused on playing in Capture the Flags (CTFs) both online and at various venues throughout the state, WCSC values members who take initiative, possess a healthy competitive spirit, and have a love for learning. To help you get in the competing spirit and gain the necessary skills, WCSC has gathered a wide variety of hands-on learning resources for you in this roadmap.
The path is long and winding, but the skills you learn here will give you a competitive edge in your future career in security. Remember you can't become an expert overnight; some of the things you learn will be hard to understand at first, and that it is normal! If you get stuck, there are always alumni and current students in our Slack who are more than happy to help and Google is only a single click away.
Now that you're an official member, you're going to need somewhere to practice all these new skills. However, the learning process is messy! You might break something. And that's ok!
CTFs will often require you to install many new technologies that you are unfamiliar with. Instead of installing them all on your "main" or host operating system, most members use a virtual machine.
A virtual machine, at a high level, allows you to run another operating system as an application; it's kind of like having a second computer inside yours. One of the key benefits of this is you can, after some practice, quickly create and destroy virtual machines, allowing you to recover after any mishaps.
The linked articles will walk you through installing a Linux virtual machine in VirtualBox, an application for creating and managing virtual machines. Aren't familiar with Linux? Don't worry about that just yet; we will be going over that next.
Get familiar with virtualization by installing Linux in a VM.
Getting a hardware acceleration error? Check out the solution here! This is usually the trickiest step. Be sure to use Google and ask your friends on Slack!
Now checkout how to use snapshots, which allow you to quickly save and restore your virtual machines.
Why use Linux for CTFs? There are many reasons, but Linux is often expected to be used by challenge developers, as it offers many tools for completing challenges. New tools can be installed and used quickly simply by running terminal commands.
The provided guides all teach the Linux command line through the use of hands-on approaches and real examples. However, each guide is a bit different. Take a look at each of them and decide which one is right for you. Once you feel up to it, try tackling some Linux challenges!
Remember, the only way you will get used to the command line is by using it regularly (preferably while playing CTFs with the club)!
CodeAcademy's command line tutorial provides a hands-on guide for learning the Linux command line using their online terminal
LinuxCommand.org provides a thorough guide that you can step through using your new Linux VM
The USF Library provides free access to The Linux Command Line by William Shotts
Ready to test your skills? Complete the Bandit Wargame
It's time to compete! Now that you have somewhere to play (your Ubuntu VM), the best way to start learning is by jumping in and working on CTF challenges with your fellow Whitehatters.
CTFs typically have challenges from many different security topics, such as reverse engineering, web exploitation, or cryptography. To help familiarize yourself with these topics, resources have been gathered for you to start your CTF journey. Will you focus on one topic? Or try out each of them? The choice is yours! Check out this giant list of 24/7 CTFs (also known as Wargames) or play on the WCSC wargame!
Have a resource you think we should add? Message an EBoard member with the link, a description of why it's great, and what category it best fits under. Want to write a roadmap like the above for a category? Do it, and send it in!