Skip to content

Latest commit

 

History

History
126 lines (109 loc) · 8.61 KB

README.md

File metadata and controls

126 lines (109 loc) · 8.61 KB

CTF-Writeups

  • 2021

    • BambooFox CTF 2021
    • HTCF Mid CTF 2021 (only for NSYSU course)
  • 2020

    • TCat CTF 2020
    • TJCTF 2020
    • HTCF Mid CTF 2020 (only for NSYSU course)
  • 2019

    • X-MAS CTF 2019
    • BambooFox CTF 2019 (2020 new year's eve)
    • AIS3 EOF CTF 2019

Useful tool

Web

  • Wireshark
  • Web-CTF-Cheatsheet
  • GitHacker: A Git source leak exploit tool that restores the entire Git repository.
  • Sublist3r: Fast subdomains enumeration tool for penetration testers
  • nmap: Network discovery and security auditing.
    • Common command: nmap -Pn -sT -sV -p0-65535 {target_ip}
  • dirb
  • sqlmap: Automatic SQL injection and database takeover tool.
  • wfuzz: Web application fuzzer.
  • Basic Command
    • ping
    • whois
    • nslookup
    • dig
    • traceroute
    • tcpdump
  • Chromium Extension

Crypto

Malware Analysis (Reverse Engineering / Pwn / Forensics)

File

  • CFF Explore: A powerful PE editor for analyzing and modifying executable files.
  • PE-bear: A multiplatform reversing tool for PE files, with a focus on malware analysis. (Open source)
  • PEStudio: A versatile tool for static analysis of PE files, with features for malware detection and optimization.
  • Stud_PE (Long-term not updated): A portable PE editor with support for analyzing imports, exports, and other binary information.
  • PEiD: A popular tool for detecting packers, cryptors, and compilers used in PE files, with an extensive signature database.
  • Detect It Easy: A cross-platform program for identifying file types and analyzing their structure, with support for custom signatures and plugins.
  • Exeinfo PE: A fast and comprehensive tool for analyzing and debugging executable files, with support for unpacking and deobfuscating common packers and protectors.
  • FileAlyzer: A feature-rich tool for analyzing and inspecting various file types, with a focus on security and privacy.

Network

  • Wireshark: A widely-used network protocol analyzer for Windows, Linux, and macOS.
  • Telerik Fiddler: A free web debugging proxy tool that logs all HTTP(s) traffic between your computer and the internet.
  • scapy: A powerful Python-based interactive packet manipulation program and library.
  • FakeNet: A dynamic network analysis tool designed for malware analysis and cyber defense research.
  • Sysinternals Suite: TCPview: A network monitoring tool that shows detailed listings of all TCP and UDP endpoints on a system, including local and remote addresses and state of TCP connections.

Decompiler

  • hex-rays IDA: A powerful and widely-used disassembler and debugger.
    • capa: The FLARE team's open-source tool to identify capabilities in executable files.
  • Ghidra: An open source software (OSS) projects developed within the National Security Agency.
  • JD-GUI: A fast Java decompiler.
  • pyinstxtractor: A tool to extract PyInstaller executables.
  • Binary Ninja: A reverse engineering platform and GUI.

Debugger

  • hex-rays IDA: A powerful and widely-used disassembler and debugger.
  • x64dbg: An open-source x64/x32 debugger for windows.
  • Ollydbg (long-term not updated): A 32-bit assembler level analysing debugger for MS Windows.
  • WinDbg: A multipurpose debugger for the MS Windows computer operating system, distributed by Microsoft.
  • dnSpy: .NET debugger and assembly editor.

Others

  • pwntool: CTF framework and exploit development library.
  • Pwngdb: Developed by Angelboy.
  • 010 editor: A professional-grade text editor and hex editor designed to quickly and easily edit any file or drive.
  • HxD: A fast hex editor that, in addition to raw disk editing and modifying main memory (RAM), can handle files of any size.
  • Hiew: View and edit files of any length in text, hex, and decode modes.
  • HashMyFile: Calculate file hashes and compare them for multiple files.
  • Process Hacker: A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
  • Systracer
  • Regshot: A free and open-source registry comparison tool that allows you to take snapshots of the Windows registry and compare them to identify any changes
  • InstallRite long-term not updated: A free utility tool that allows users to create a snapshot of the system before and after installing an application, making it easier to track changes the program.
  • Sysinternals Suite: MS official tools, contains the individual troubleshooting tools and help files
  • Memory dump analysis
    • Volatility: An advanced memory forensics framework.
    • Bulk Extractor: A C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures.
  • Basic linux command
    • file
    • objdump
    • binwalk

Misc

Steganography

Others