Getting Started

CTF can feel daunting at the beginning. These can help get started:

Blog post by Jaime Lightfoot
Describes what CTFs are, how to get involved, and points to many more resource recommendations.
An annual CTF for high school students (but available to anyone) that maintains all previous challenges which can be used to learn and practice new skills.
A database of past and future scheduled CTF competitions. I learn from reviewing the write-ups of solutions from past competitions that are hosted here.

Binary Reverse Engineering and Exploitation

Hacking: The Art of Exploitation, by Jon Erickson
An introductory book with practical (but dated) examples for learning binary exploitation.
Reverse engineering course with slides and exercises for complete beginners, created by Ophir Harpaz.
Free content and lectures developed for ASU’s Computer Systems Security course, created by Zardus and kanak of the shellphish CTF team.
RPISEC Modern Binary Exploitation
Free content and lectures developed by RPISEC CTF team and taught as a full course at RPI.
Set of binary exploitation CTF challenges that range from introductory to expert.


cryptopals (sometimes referred to as the Matasano crypto challenges)
A set of applied cryptography challenges that build on fundamental concepts.


Reddit AMAs
Multiple DEF CON CTF winners and organizers have posted Reddit AMAs (Ask-me-anythings) describing their experiences, including PPP, Samurai, and LegitBS.
CTF Radiooo
Podcast series run by zardus and adamd that covers the history of CTF, among other things, by interviewing many of folks who were involved in the major teams as they got started.


Risky Business
Podcast hosted by Patrick Gray covering computer security current affairs and often has insightful sponsor interviews.
Reddit security community.
Lots of noise, but also occasional quality insights from people I respect.


Programming Best Practices

Computer Systems

Computer Theory

Exploitation and Reverse Engineering

Hardware and Embedded Systems