ENUSEC · Quick Start

Dev Note: I don't get paid to make web pages so enusec{1_Quit}

Quick Start

Handy tools & tips for the Ada Scot CTF (and beyond)

This guide is a compact reference for useful tools and workflows. It isn't exhaustive - it’s intended to get you productive quickly in the CTF environment.

General pointers

  • Ask for help. CTFs are team games - collaborate with teammates and ask ENUSEC members for nudges. We won't solve challenges for you but we'll help get you unstuck.
  • Use WSL on Windows. Install Windows Subsystem for Linux if you're on Windows - many challenges and tools are Linux-first (and you'll thank yourself later).
  • Learn Python & pip. Python is the lingua franca for quick scripts, exploit prototyping, and interacting with challenge services. Make sure you can create virtualenvs and install packages.
  • Stuck? Ask a helper, or ping @committee on Discord, or ask in the ENUSEC server.
$
python3 -m venv venv && source venv/bin/activate
$
pip install pwntools pycryptodome

Web tools

  • PortSwigger Burp Suite
    Inspect browser ↔ server traffic, tamper requests, and test auth/filter logic. Community edition is fine for most beginner tasks.
  • cURL
    Command-line HTTP tool. Use -v for verbose requests/responses. Nearly everything Burp does can be scripted with curl for automation.
  • Mozilla developer docs & resources
    Quick reference for headers, HTML quirks, CSP, CORS and more - invaluable when web behaviour is puzzling.
  • PortSwigger Academy
    The best place to practice web exploitation basics via guided labs - highly recommended pre-CTF training.

Reverse / JS de-obfuscation

  • Binary Ninja / Ghidra
    Convert binaries into readable pseudocode / disassembly. Learn one well (Binary Ninja is a great beginner option).
  • JS de-obfuscators
    JS can be intentionally obfuscated (JSFuck, messy evals). Try multiple deobfuscators and tidy the output incrementally to find logic.
  • Writeups & resources
    After the event, read challenge writeups to see techniques and thought-processes you can learn from.

Pwn / exploitation

  • pwntools (Python)
    Rapid exploit development, easy remote sockets, and shellcode helpers. Essential for many pwn tasks.
  • GDB (or WinGDB on Windows)
    Inspect memory, registers, and step through execution. Learn breakpoints, watchpoints, and how to attach to a process.
  • pwn.college & Andrej's notes
    Great post-CTF resources to deepen your skills and understand modern exploitation techniques.

Crypto

  • pycryptodome
    A must-have Python crypto library used in the majority of CTF crypto tasks - don't reimplement primitives.
  • SageMath
    Powerful maths toolkit for modular arithmetic, discrete logs, lattices, elliptic curves and symbolic work.
  • CryptoHacks Docker image
    Pre-baked environment (Sage, pycrypto libs) to avoid contaminating your host system - useful for heavier crypto work.

Miscellaneous utilities

  • GCHQ CyberChef
    Data transformations, encoding/decoding, quick file inspection. Often the fastest way to try conversions.
  • dCode (dcode.fr)
    Huge set of cipher tools and an identifier. Useful as a last-resort detector - beware of false positives.
  • Search engines
    Google / DuckDuckGo are invaluable. For exploit-oriented searches prefer DuckDuckGo when Google filters results.

Practical tips

  • Take notes. Record commands, flags, urls and what you tried - essential for writeups.
  • Use virtual environments & containers. Python venvs or Docker keep your machine tidy and reproducible.
  • Start small. Solve a couple of easy tasks to warm up; those points add up and teach patterns.
  • Share learnings. Post writeups after the CTF - it helps the community and cements your learning.
Need help with setup? Ask the team.