Skip to content

Latest commit

 

History

History
229 lines (172 loc) · 13 KB

README.md

File metadata and controls

229 lines (172 loc) · 13 KB

Security Resources

John Hammond & Cybersecurity Community | September 14th, 2021


This is a living document to host and contain links and resources for online wargames, practice environments, and activities to learn new things in cybersecurity.

General Wargames

Tools

Binary Exploitation

Kernel Exploitation

Tools

Browser Exploitation

Tools

  • BurpSuite - A graphical tool to testing website security.
  • Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
  • Hackbar - Firefox addon for easy web exploitation.
  • OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
  • Postman - Add on for chrome for debugging network requests.
  • Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning.
  • SQLMap - Automatic SQL injection and database takeover tool.
  • W3af - Web Application Attack and Audit Framework.
  • XSSer - Automated XSS testor.

Cryptography

Tools

  • CyberChef - Web app for analysing and decoding data.
  • FeatherDuster - An automated, modular cryptanalysis tool.
  • Hash Extender - A utility tool for performing hash length extension attacks.
  • padding-oracle-attacker - A CLI tool to execute padding oracle attacks.
  • PkCrack - A tool for Breaking PkZip-encryption.
  • QuipQuip - An online tool for breaking substitution ciphers or vigenere ciphers (without key).
  • RSACTFTool - A tool for recovering RSA private key with various attack.
  • RSATool - Generate private key with knowledge of p and q.
  • XORTool - A tool to analyze multi-byte xor cipher

Forensics

Tools

  • Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys.
    • apt-get install aircrack-ng
  • Audacity - Analyze sound files (mp3, m4a, whatever).
    • apt-get install audacity
  • Bkhive and Samdump2 - Dump SYSTEM and SAM files.
    • apt-get install samdump2 bkhive
  • CFF Explorer - PE Editor.
  • Creddump - Dump windows credentials.
  • DVCS Ripper - Rips web accessible (distributed) version control systems.
  • Exif Tool - Read, write and edit file metadata.
  • Extundelete - Used for recovering lost data from mountable images.
  • Fibratus - Tool for exploration and tracing of the Windows kernel.
  • Foremost - Extract particular kind of files using headers.
  • apt-get install foremost
  • Fsck.ext4 - Used to fix corrupt filesystems.
  • Malzilla - Malware hunting tool.
  • NetworkMiner - Network Forensic Analysis Tool.
  • PDF Streams Inflater - Find and extract zlib files compressed in PDF files.
  • Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
  • apt-get install pngcheck
  • ResourcesExtract - Extract various filetypes from exes.
  • Shellbags - Investigate NT_USER.dat files.
  • Snow - A Whitespace Steganography Tool.
  • USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
  • Volatility - To investigate memory dumps.
  • Wireshark - Used to analyze pcap or pcapng files

Malware Analysis

Tools

Steganography

Tools

  • AperiSolve - Aperi'Solve is a platform which performs layer analysis on image (open-source).
  • Convert - Convert images b/w formats and apply filters.
  • Exif - Shows EXIF information in JPEG files.
  • Exiftool - Read and write meta information in files.
  • Exiv2 - Image metadata manipulation tool.
  • Image Steganography - Embeds text and files in images with optional encryption. Easy-to-use UI.
  • Image Steganography Online - This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images
  • ImageMagick - Tool for manipulating images.
  • Outguess - Universal steganographic tool.
  • Pngtools - For various analysis related to PNGs.
    • apt-get install pngtools
  • SmartDeblur - Used to deblur and fix defocused images.
  • Steganabara - Tool for stegano analysis written in Java.
  • SteganographyOnline - Online steganography encoder and decoder.
  • Stegbreak - Launches brute-force dictionary attacks on JPG image.
  • StegCracker - Steganography brute-force utility to uncover hidden data inside files.
  • stegextract - Detect hidden files and text in images.
  • Steghide - Hide data in various kind of images.
  • StegOnline - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).
  • Stegsolve - Apply various steganography techniques to images.
  • Zsteg - PNG/BMP analysis.

Reverse Engineering

Tools

Web Application Security

Operating Systems

Penetration testing and security lab Operating Systems*

Malware analysts and reverse-engineering*

Collections of installer scripts, useful tools

  • CTF Tools - Collection of setup scripts to install various security research tools.
  • LazyKali - A 2016 refresh of LazyKali which simplifies install of tools and configuration.

Tutorials to learn how to play CTFs