Security Resources

John Hammond & Cybersecurity Community | September 14th, 2021

This is a living document to host and contain links and resources for online wargames, practice environments, and activities to learn new things in cybersecurity.

General Wargames

• PicoCTF
• TryHackMe
• HackTheBox
• VulnHub
• CTFLearn
• Pentesterlab
• Proving grounds
• Backdoor - Security Platform by SDSLabs.
• Crackmes - Reverse Engineering Challenges.
• CryptoHack - Fun cryptography challenges.
• echoCTF.RED - Online CTF with a variety of targets to attack.
• Exploit.Education - Variety of VMs to learn variety of computer security issues.
• Gracker - Binary challenges having a slow learning curve, and write-ups for each level.
• Hack This Site - Training ground for hackers.
• Hacker101 - CTF from HackerOne
• Hacking-Lab - Ethical hacking, computer network and security challenge platform.
• Hone Your Ninja Skills - Web challenges starting from basic ones.
• IO - Wargame for binary challenges.
• Microcorruption - Embedded security CTF.
• Over The Wire - Wargame maintained by OvertheWire Community.
• PWN Challenge - Binary Exploitation Wargame.
• Pwnable.kr - Pwn Game.
• Pwnable.tw - Binary wargame.
• Pwnable.xyz - Binary Exploitation Wargame.
• Reversin.kr - Reversing challenge.
• Ringzer0Team - Ringzer0 Team Online CTF.
• Root-Me - Hacking and Information Security learning platform.
• ROP Wargames - ROP Wargames.
• SANS HHC - Challenges with a holiday theme released annually and maintained by SANS.
• SmashTheStack - A variety of wargames maintained by the SmashTheStack Community.
• Viblo CTF - Various amazing CTF challenges, in many different categories. Has both Practice mode and Contest mode.
• W3Challs - A penetration testing training platform, which offers various computer challenges, in various categories.
• WebHacking - Hacking challenges for web.

Tools

Binary Exploitation

• Nightmare
• pwnable.xyz
• pwnable.kr
• io.netgarage.org
• pwn.college

Kernel Exploitation

• linux-kernel-exploitation
• Writing Kernel Drivers
• willsroot.io

Tools

Browser Exploitation

• faraz.faith
• LiveOverflow Browser Exploitation
• UFSIT Browser Exploitation

Tools

• BurpSuite - A graphical tool to testing website security.
• Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
• Hackbar - Firefox addon for easy web exploitation.
• OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
• Postman - Add on for chrome for debugging network requests.
• Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning.
• SQLMap - Automatic SQL injection and database takeover tool.
• W3af - Web Application Attack and Audit Framework.
• XSSer - Automated XSS testor.

Cryptography

• CryptoPals
• CryptoHack

Tools

• CyberChef - Web app for analysing and decoding data.
• FeatherDuster - An automated, modular cryptanalysis tool.
• Hash Extender - A utility tool for performing hash length extension attacks.
• padding-oracle-attacker - A CLI tool to execute padding oracle attacks.
• PkCrack - A tool for Breaking PkZip-encryption.
• QuipQuip - An online tool for breaking substitution ciphers or vigenere ciphers (without key).
• RSACTFTool - A tool for recovering RSA private key with various attack.
• RSATool - Generate private key with knowledge of p and q.
• XORTool - A tool to analyze multi-byte xor cipher

Forensics

Tools

• Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys.
  • apt-get install aircrack-ng
• Audacity - Analyze sound files (mp3, m4a, whatever).
  • apt-get install audacity
• Bkhive and Samdump2 - Dump SYSTEM and SAM files.
  • apt-get install samdump2 bkhive
• CFF Explorer - PE Editor.
• Creddump - Dump windows credentials.
• DVCS Ripper - Rips web accessible (distributed) version control systems.
• Exif Tool - Read, write and edit file metadata.
• Extundelete - Used for recovering lost data from mountable images.
• Fibratus - Tool for exploration and tracing of the Windows kernel.
• Foremost - Extract particular kind of files using headers.
• apt-get install foremost
• Fsck.ext4 - Used to fix corrupt filesystems.
• Malzilla - Malware hunting tool.
• NetworkMiner - Network Forensic Analysis Tool.
• PDF Streams Inflater - Find and extract zlib files compressed in PDF files.
• Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
• apt-get install pngcheck
• ResourcesExtract - Extract various filetypes from exes.
• Shellbags - Investigate NT_USER.dat files.
• Snow - A Whitespace Steganography Tool.
• USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
• Volatility - To investigate memory dumps.
• Wireshark - Used to analyze pcap or pcapng files

Malware Analysis

• Blue Team Labs Online

Tools

Steganography

Tools

• AperiSolve - Aperi'Solve is a platform which performs layer analysis on image (open-source).
• Convert - Convert images b/w formats and apply filters.
• Exif - Shows EXIF information in JPEG files.
• Exiftool - Read and write meta information in files.
• Exiv2 - Image metadata manipulation tool.
• Image Steganography - Embeds text and files in images with optional encryption. Easy-to-use UI.
• Image Steganography Online - This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images
• ImageMagick - Tool for manipulating images.
• Outguess - Universal steganographic tool.
• Pngtools - For various analysis related to PNGs.
  • apt-get install pngtools
• SmartDeblur - Used to deblur and fix defocused images.
• Steganabara - Tool for stegano analysis written in Java.
• SteganographyOnline - Online steganography encoder and decoder.
• Stegbreak - Launches brute-force dictionary attacks on JPG image.
• StegCracker - Steganography brute-force utility to uncover hidden data inside files.
• stegextract - Detect hidden files and text in images.
• Steghide - Hide data in various kind of images.
• StegOnline - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).
• Stegsolve - Apply various steganography techniques to images.
• Zsteg - PNG/BMP analysis.

Reverse Engineering

• Micro Corruption

Tools

Web Application Security

• OverTheWire - Natas
• Port Swigger / Burpsuite Academy

Operating Systems

Penetration testing and security lab Operating Systems*

• Android Tamer - Based on Debian.
• BackBox - Based on Ubuntu.
• BlackArch Linux - Based on Arch Linux.
• Fedora Security Lab - Based on Fedora.
• Kali Linux - Based on Debian.
• Parrot Security OS - Based on Debian.
• Pentoo - Based on Gentoo.
• URIX OS - Based on openSUSE.
• Wifislax - Based on Slackware.

Malware analysts and reverse-engineering*

• Flare VM - Based on Windows.
• REMnux - Based on Debian.

Collections of installer scripts, useful tools

• CTF Tools - Collection of setup scripts to install various security research tools.
• LazyKali - A 2016 refresh of LazyKali which simplifies install of tools and configuration.

Tutorials to learn how to play CTFs

• CTF Field Guide - Field Guide by Trails of Bits.
• CTF Resources - Start Guide maintained by community.
• How to Get Started in CTF - Short guideline for CTF beginners by Endgame
• Intro. to CTF Course - A free course that teaches beginners the basics of forensics, crypto, and web-ex.