Topics
03-12-2025 : OSINT
For this training we will use challenges from
Sofia Santos and
Cipherstick.
Sofia Santos has a great repository of image based OSINT challenges on her
website. Each exercise also has writeups (video and written) that explain how to solve the exercise.
This site is a great starting point if you are new to OSINT, however they also offer exercises for more experienced people.
Sofia Santos challenges:For the Cipherstick challenges we will need to find missing persons.
Each challenge has many smaller sub challenges that incrementally lead to solving the mystery
Cipherstick challenges:26-11-2025 : Web Exploitation
For today's training session we will use PicoCTF.
This platform provides a lot of interesting challenges on various different topics, for both beginners and experienced people.
To view the exercises and submit flags you will need to create an account.
PicoCTF exercises:Useful Tools
OSINT
Open Source Intelligence (OSINT) is a subset of "Intelligence", which only uses public sources to gather, evaluate and assess information about a target.
In the context of CTFs this means that you need to use the internet itself to solve challenges.
Typically tools like
google maps and
reverse image search prove to be very useful.
Web Exploitation
There are many guides and tools online on various web attacks. Below we have compiled a small list of youtube playlists related to this topic.
Hexdumps playlist is more "educational" in nature, while
CTF School &
LiveOverflows playlists lean a bit more towards the "entertaining side".
Recommended Operating System
We highly recommend that you have access to a
Linux OS when solving CTF challenges.
Many tools are only supported on Linux (and sometimes Mac).
There are a lot of different distros (Linux versions) that you can choose from.
Some come preinstalled with many useful tools for CTFs, like for example
Kali or
ParrotOS.
However a more "general purpose" OS like
Ubuntu also works perfectly fine.
Installation options: