CTF Field Guide
“If you're going to make a living in defense, you have to think like the offense.”
Type
Guide
Domain
Education
Maintainer
Trail of Bits
Format
Open course / field guide
Overview
The CTF Field Guide distills the major disciplines of computer security into measurable, hands-on exercises built around Capture the Flag competitions. It combines walkthroughs, toolkit-design guidance, and real-world case studies, and pushes readers to become an expert in at least one discipline, ideally all of them. Originally developed for a course Trail of Bits taught, it remains a widely used on-ramp into offensive security.
What's inside · 6
-
Capture the Flag
What CTFs are and how to approach them.
-
Vulnerability discovery
Finding bugs through auditing, fuzzing, and analysis.
-
Exploit creation
Turning vulnerabilities into working exploits.
-
Forensics
Recovering and analyzing evidence from artifacts and memory.
-
Toolkit creation
Building the tooling that makes you fast under pressure.
-
Operational tradecraft
Working effectively and safely during competition.
Who it's for
Aspiring security professionals and CTF competitors building skills in vulnerability discovery, exploitation, and tradecraft.
More guides & handbooks
- MCP Security Guide Securing the Model Context Protocol: the mcp-context-protector wrapper, disclosed attack classes, and community defenses. AI/ML Security
- Testing Handbook Handbook Guides for configuring and automating static and dynamic analysis tools. Application Security
- ZKDocs Handbook Interactive documentation on zero-knowledge proof systems. Cryptography
- Building Secure Smart Contracts Handbook Best practices for developing secure smart contracts. Blockchain
- Ruby Security Field Guide Guide Practical Ruby security guide. Application Security
