Comment by albntomat0

5 years ago

I'd recommend CTF'ing a bit stronger than the other commenter. While there can be a distinct gap between the vulnerabilities in ctfs and real world applications, CTFs provide a great means of deliberate practice (work on a problem, potentially figure it out, and then read other peoples' write-ups after the competition ends).

Checkout https://ctftime.org/ for a list of ctfs. There are also intro ctfs like https://picoctf.org/

2 comments

albntomat0

Reply
q3k  5 years ago

I didn't meant to discourage from playing CTFs, I just became jaded by seeing the same kind of heap feng shui tasks over and over and over again :). You know, the note-management linked list task with a simple CLI menu. Not to mention the proliferation of 0/1day tasks, which are IMO just lazy.

Do play CTFs. Just pick the fun challenges. pwnable.kr used to have some good stuff if you want to level up.

  • albntomat0  5 years ago

    I think we're on the same page. Once someone gets good enough at heap shenanigans, they likely have a good enough skill baseline to go after real targets. In terms of skill development though, I found ctf'ing gave me a decent sense of what may be exploitable, that it would be hard to get otherwise.