At DEF CON 29, we gave away physical copies of the pocket-sized capture-the-flag (CTF) guide, “Breaking & Entering: A Pocket Guide for Friendly Remote Admins.” I am happy to announce that the PDF version of that CTF guide is now available for download!
This project has been a personal labor of love for me. I created “Breaking & Entering” as a pocket reference that provides cybersecurity and sysadmin professionals a concise and comprehensive collection of technical information, tables, commands, and techniques for CTF engagements. My ultimate goal was to produce an attractive, easy-to-navigate guide that could be just as helpful to security professionals as "The Little Know It All: Common Sense For Designers" is to graphic designers.
Designed to serve as a complete CTF engagement roadmap, someone participating in a CTF competition could use this asset as either a step-by-step guide or as a reference during any given phase. The book encompasses the OSINT and reconnaissance phase, host enumeration and post-exploitation actions, secure pivoting (tunneling), and exfiltration. Finally, it also provides technical documentation references (such as NIST publications, tunneling worksheets, etc).
So how can you practically use “Breaking & Entering” while competing in a CTF or during an actual security engagement? Read on to see how the contents of this guide correspond to various phases of an engagement.
In an upcoming version 2.0, I plan to include new topics such as Amazon Web Services (AWS)/Microsoft Azure, Shodan searching, and more. My foremost hope for V2 is to add in more cloud security content and search templates for using the Shodan web interface.
No matter how much information is added in the upcoming edition, I intend to keep “Breaking & Entering” lightweight and streamlined, making sure it remains an effective resource that is organized and efficient.