Psi Beta Rho Wiki

by members of Psi Beta Rho & ACM Cyber at UCLA

This wiki is a ongoing project run by Psi Beta Rho and ACM Cyber at UCLA. It is a collection of resources for learning about cybersecurity, particularly through CTFs. This is meant as both a starting point for beginners and a reference for more experienced players. While the content is primarily aimed at UCLA students who are part of the PBR team, it is also accessible to anyone who is interested in learning about cybersecurity.

Contributing

If you are interested in contributing to this wiki, please feel free to open a pull request or issue on the GitHub repository. The content of this site has been collected by a variety of people contributing their knowledge and resources. If you would like to contribute, please do so! We are always looking for more content to add to this wiki.

Introduction

If you are reading this page, you have probably been referenced here for one of a few reasons:

You are a new/prospective member of ACM Cyber at UCLA / Psi Beta Rho.
You are someone looking to get into playing CTFs.
Someone interested in learning about cybersecurity.

This wiki is meant to be a collection of resources for learning about cybersecurity, particularly through CTFs. This is meant as both a starting point for beginners and a reference for more experienced players. This page is meant to explain some critical points when getting started with CTFs.

Where do I start?

This is probably one of the most popular questions the members of our club get. While this wiki was a project trying to solve this question, it by no means is a perfect solution. In fact, part of the beauty of cybersecurity / CTFs is that it is so interdisciplinary and that much of what you learn is from building experience. For that reason, the answer is to just start! The following video by LiveOverflow is also a great answer to this question that we highly recommend watching.

How to use this wiki?

In the current form of the wiki, it is not meant to be a text book but rather a collection of resources for people to explore. The order of the chapters is not to indicate any sort of importance or order of learning, but rather to group similar topics together. We recommend that you explore the wiki and find what interests you. A future goal of this project is to add a bit more context to each sort of field within cybersecurity, but for now we recommend looking at each chapter and seeing what interests you. The most important thing is to just start! Additionally, do not be afraid to ask questions! The members of our club are always happy to help.

What are CTFs?

CTF 101: https://ctf101.org/ CTF Field Guide: https://trailofbits.github.io/ctf/

Capture The Flag competitions (CTFs) are cybersecurity competitions where teams solve challenges to win points. These challenges generally involve exploiting some vulnerability in a target piece of code, which contains a secret "flag" (a unique string) that can only be accessed through exploiting said vulnerability. Once someone has figured out the exploit and captured the flag, they submit it for points, hence the name Capture The Flag.

Some common categories of challenges include Binary Exploitation (pwn), Reverse Engineering, Cryptography, and Web Exploitation, to name a few. Don't worry if you don't know what these mean yet, this repository should help with that!

Psi Beta Rho

This chapter contains resources and information specific to Psi Beta Rho. It is meant to act as a reference for members who are joining the team for the first time and contains information about the team's history, logistics, and resources. While this chapter can probably skipped by anyone who is not a member of our team, it is still publically available for anyone who is interested in learning about how we run our club and team.

What is PBR?

Psi Beta Rho (abbreviated as PBR) is cybersecurity club and UCLA's competitive CTF team. We have practices every week of the quarter (unless otherwise specified) and compete in CTFs. Our CTF schedule isn't particularly set, we kind of play this by ear, but do try to keep an open hour or two on the weekends in case we are competing.

We also run LA CTF, our own CTF competition that we write the challenges for! If you're interested in challenge writing, talk to a team captain.

General CTF resources and tools

This chapter contains resources that train you for CTFs in general. These include past CTFs, general tools that you might use during a CTF, and other things too broad to fit into one category. For category-specific tools and resources, make sure to check out the appropriate chapters!

General resources

picoCTF

https://picoctf.org/

picoCTF is a CTF competition run by people at Carnegie Mellon University. Their website also contains resources for getting into CTFs, as well as previous years' competitions that you can tackle. Highly recommended for beginners.

Cyber FastTrack and CyberStart

https://www.cyber-fasttrack.org/

https://play.cyberstart.com/dashboard

Possibly the most beginner friendly cybersecurity resource on this list. Some of the skills learned here are too basic to show up on CTFs, but they're still worth learning. Contact a team captain to join the PBR group on CyberStart.