Was I the only one who found it hard to figure out what CTF referred to here without having to actually look at the code? I haven't actually looked at a collaborative translation framework before, besides wondering what ctfmon.exe was in my task manager.
My everyday experience with the acronym has been in the context of Capture The Flag, and given that it originated with FPS games (Quake, Unreal, etc), the name pwntools makes it only further misleading (or was it supposed to be clever?). I would have appreciated the github readme filling that acronym in at least one place.
CTF is a common kind of 'hacking competition'. The acronym does, indeed, stand for 'Capture The Flag', but instead of the physical game, you get people competing to hack ('pwn') a piece of software.
Basically this is just a little library of utilities that come handy when playing CTF: hexing, assembly, shell code, etc. Think of it as a bunch of pre-made snippets that you'd normally reuse when trying to hack something.
Interesting. How would one get into systems CTF? Sure, google returns plenty of hits, but are there any active communities that are better geared towards newbs or better resources, etc...
It is the best beginner CTF I have ever seen in my life, and I've been CTF'ing for 9 years.
Incidentally, if anyone here finds that they really like this stuff, my team (Samurai) is all about teaching those who want to learn. Email me at borski@tinfoilsecurity.com :)
A great resource is PicoCTF, which, although designed for high schoolers, is a pretty good way to get into the scene: https://picoctf.com
(It was from PicoCTF that I went from knowing nearly nothing about security to qualifying for a competition in New York to qualifying for a competition in Korea to obtaining an internship in a computer security lab -- thanks once again, CMU! Even if I'm working at your rivals now...)
VulnHub [1] is fantastic. It is an index of VM's set up specifically for CTF challenges, with links to walkthroughs as well. I have been having a blast working my way through them.
Most of the VM's link to the creators' website / blog, which is a good way to find more information and resources as well, as they tend to be active security researchers.
My everyday experience with the acronym has been in the context of Capture The Flag, and given that it originated with FPS games (Quake, Unreal, etc), the name pwntools makes it only further misleading (or was it supposed to be clever?). I would have appreciated the github readme filling that acronym in at least one place.