CTFs

• This repo is meant to store my journey in Cyber Security.
• It contains all the tools I have explored and used till date.
• Also, it contains the writeups for the CTFs I participated in.

Imp links

• https://pwn.college/ : A good course for beginners in cyber security
• https://dev.to/atan/what-is-ctf-and-how-to-get-started-3f04 : Getting started with CTFs
• https://ctftime.org/ : Contains schedule for all the CTFs and their resources.
• https://trailofbits.github.io/ctf/forensics/ : More tools
• https://int0x33.medium.com/day-18-essential-ctf-tools-1f9af1552214 : Some more tools
• http://shell-storm.org/shellcode/ : Contains many shell codes for faster exploitation.
• https://www.youtube.com/watch?v=EmLfoR-k_l0&list=PL1H1sBF1VAKVg451vJ-rx0y_ZuQMHPamH : Solved Binary Exploitation CTF challenges By John Hammond

Good cybersecurity articles and blogs

• https://insomnihackdotme.files.wordpress.com/2015/03/copypest.pdf : html and xss injection using Copy & Paste

Web Exploitation Tools

• Payloads about everything : Contains many payloads for vatious types of attacks.
• xss-payloads : Contains many payloads for XSS attacks.
• More xss-payloads : Contains many payloads for XSS attacks.
• Hookbin.com : create dummy endpoints for capturing cookies

Networking

• Wireshark : For sniffing packets and network related activities.
• zmap : An open source network scanner
• nmap : An open source utility for network discovery and security auditing.

Binary Exploitation Tool chest

• pwndgb : A python assisted gdb extension for easier binary debugging.
• pwntools : A big tool suite covering almost every ascpect of binary exploitation.
• libformatstr : Python library for easier format string attacks
• ROPgadget : Tool to get all the ROP gadgets within an executable
• One_gadget : Ruby gem to find "execve('/bin/sh', NULL, NULL)" gadget within an executable.
• Offset finder : Online tool to find offset for buffer overflow.
• Libc Database : Online tool to find glibc version from offsets of some functions.

Other useful tools

• ghidra : Software reverse engineering tool. Mainly for static analysis.
• exiftool : Helps in analyzsing image headers
• binwalk : Helps to check files contained in a file.
• steghide : For hiding a file inside an image

Frequently used shell commands

• wget : For downloading files
• ltrace : intercepts library calls and prints it.
• strace : intercepts system calls and prints it.
• file : gives information about the file.
• hexdump : dumps the executale in hex format
• objdump : gives the disassembly of the executable
• readelf : Displays information from any ELF format object file.
• nm : Lists symbols from object files.
• strings : Lists printable strings from files.
• strip : Discards symbols.
• nc : For sending various types of requests on a specific IP
• telnet : Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection.

Online tools

• https://www.xarg.org/tools/caesar-cipher/ : Decode caesar-cipher online
• http://factordb.com/index.php : For factoring large numbers (useful for RSA)
• https://www.base64decode.org/ : For encoding and decoding base 64 key
• https://hookbin.com/ : create dummy endpoints for capturing cookies

Todo list (unexplored tools)

• Volatility : Helps to analyze memory dump for various types of os.
• burp suite : For finding bugs on web sites.
• caronte : web requests sniffing.
• metasploit : penetration testing framework