Security Resources
John Hammond & Cybersecurity Community | September 14th, 2021
This is a living document to host and contain links and resources for online wargames, practice environments, and activities to learn new things in cybersecurity.
General Wargames
- PicoCTF
- TryHackMe
- HackTheBox
- VulnHub
- CTFLearn
- Pentesterlab
- Proving grounds
- Backdoor - Security Platform by SDSLabs.
- Crackmes - Reverse Engineering Challenges.
- CryptoHack - Fun cryptography challenges.
- echoCTF.RED - Online CTF with a variety of targets to attack.
- Exploit.Education - Variety of VMs to learn variety of computer security issues.
- Gracker - Binary challenges having a slow learning curve, and write-ups for each level.
- Hack This Site - Training ground for hackers.
- Hacker101 - CTF from HackerOne
- Hacking-Lab - Ethical hacking, computer network and security challenge platform.
- Hone Your Ninja Skills - Web challenges starting from basic ones.
- IO - Wargame for binary challenges.
- Microcorruption - Embedded security CTF.
- Over The Wire - Wargame maintained by OvertheWire Community.
- PWN Challenge - Binary Exploitation Wargame.
- Pwnable.kr - Pwn Game.
- Pwnable.tw - Binary wargame.
- Pwnable.xyz - Binary Exploitation Wargame.
- Reversin.kr - Reversing challenge.
- Ringzer0Team - Ringzer0 Team Online CTF.
- Root-Me - Hacking and Information Security learning platform.
- ROP Wargames - ROP Wargames.
- SANS HHC - Challenges with a holiday theme released annually and maintained by SANS.
- SmashTheStack - A variety of wargames maintained by the SmashTheStack Community.
- Viblo CTF - Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.
- W3Challs - A penetration testing training platform, which offers various computer challenges, in various categories.
- WebHacking - Hacking challenges for web.
Tools
Binary Exploitation
Kernel Exploitation
Tools
Browser Exploitation
Tools
- BurpSuite - A graphical tool to testing website security.
- Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
- Hackbar - Firefox addon for easy web exploitation.
- OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
- Postman - Add on for chrome for debugging network requests.
- Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning.
- SQLMap - Automatic SQL injection and database takeover tool.
- W3af - Web Application Attack and Audit Framework.
- XSSer - Automated XSS testor.
Cryptography
Tools
- CyberChef - Web app for analysing and decoding data.
- FeatherDuster - An automated, modular cryptanalysis tool.
- Hash Extender - A utility tool for performing hash length extension attacks.
- padding-oracle-attacker - A CLI tool to execute padding oracle attacks.
- PkCrack - A tool for Breaking PkZip-encryption.
- QuipQuip - An online tool for breaking substitution ciphers or vigenere ciphers (without key).
- RSACTFTool - A tool for recovering RSA private key with various attack.
- RSATool - Generate private key with knowledge of p and q.
- XORTool - A tool to analyze multi-byte xor cipher
Forensics
Tools
- Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys.
apt-get install aircrack-ng
- Audacity - Analyze sound files (mp3, m4a, whatever).
apt-get install audacity
- Bkhive and Samdump2 - Dump SYSTEM and SAM files.
apt-get install samdump2 bkhive
- CFF Explorer - PE Editor.
- Creddump - Dump windows credentials.
- DVCS Ripper - Rips web accessible (distributed) version control systems.
- Exif Tool - Read, write and edit file metadata.
- Extundelete - Used for recovering lost data from mountable images.
- Fibratus - Tool for exploration and tracing of the Windows kernel.
- Foremost - Extract particular kind of files using headers.
apt-get install foremost
- Fsck.ext4 - Used to fix corrupt filesystems.
- Malzilla - Malware hunting tool.
- NetworkMiner - Network Forensic Analysis Tool.
- PDF Streams Inflater - Find and extract zlib files compressed in PDF files.
- Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
apt-get install pngcheck
- ResourcesExtract - Extract various filetypes from exes.
- Shellbags - Investigate NT_USER.dat files.
- Snow - A Whitespace Steganography Tool.
- USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
- Volatility - To investigate memory dumps.
- Wireshark - Used to analyze pcap or pcapng files
Malware Analysis
Tools
Steganography
Tools
- AperiSolve - Aperi'Solve is a platform which performs layer analysis on image (open-source).
- Convert - Convert images b/w formats and apply filters.
- Exif - Shows EXIF information in JPEG files.
- Exiftool - Read and write meta information in files.
- Exiv2 - Image metadata manipulation tool.
- Image Steganography - Embeds text and files in images with optional encryption. Easy-to-use UI.
- Image Steganography Online - This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images
- ImageMagick - Tool for manipulating images.
- Outguess - Universal steganographic tool.
- Pngtools - For various analysis related to PNGs.
apt-get install pngtools
- SmartDeblur - Used to deblur and fix defocused images.
- Steganabara - Tool for stegano analysis written in Java.
- SteganographyOnline - Online steganography encoder and decoder.
- Stegbreak - Launches brute-force dictionary attacks on JPG image.
- StegCracker - Steganography brute-force utility to uncover hidden data inside files.
- stegextract - Detect hidden files and text in images.
- Steghide - Hide data in various kind of images.
- StegOnline - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).
- Stegsolve - Apply various steganography techniques to images.
- Zsteg - PNG/BMP analysis.
Reverse Engineering
Tools
Web Application Security
Operating Systems
Penetration testing and security lab Operating Systems*
- Android Tamer - Based on Debian.
- BackBox - Based on Ubuntu.
- BlackArch Linux - Based on Arch Linux.
- Fedora Security Lab - Based on Fedora.
- Kali Linux - Based on Debian.
- Parrot Security OS - Based on Debian.
- Pentoo - Based on Gentoo.
- URIX OS - Based on openSUSE.
- Wifislax - Based on Slackware.
Malware analysts and reverse-engineering*
Collections of installer scripts, useful tools
- CTF Tools - Collection of setup scripts to install various security research tools.
- LazyKali - A 2016 refresh of LazyKali which simplifies install of tools and configuration.
Tutorials to learn how to play CTFs
- CTF Field Guide - Field Guide by Trails of Bits.
- CTF Resources - Start Guide maintained by community.
- How to Get Started in CTF - Short guideline for CTF beginners by Endgame
- Intro. to CTF Course - A free course that teaches beginners the basics of forensics, crypto, and web-ex.