A collection of CTF solution types, i.e. not solutions to specific CTF challenges, but the general categories that those solutions fall under. Includes CTF solution categories for web, binary, network, crypto, and others. Please contribute!
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.



This page will list abstracted Capture the Flag (CTF) solutions for the purpose of helping testers think creatively and quickly when either doing CTF challenges or real-world assessments. I will primarily be adding content from web-based challenges because that's where my expertise lies, but I will happily add content to the other types when I come across them or as I receive submissions.

The concept is simple: testers' minds sometimes go blank when staring at a CTF or a real-world challenge, and I thought it'd be helpful to provide a list of types of solution that are possible to prompt the creative juices. So the idea is that you'd get stuck in a particular challenge, review this list, and think, "Oh, damn, forgot to check that!". In short, most CTF solutions (and real-world vulnerabilities as well for that matter) fall into a depressingly small number of categories, and being able to quickly find vulns within them is potentially quite valuable.