• Stars
    star
    406
  • Rank 106,421 (Top 3 %)
  • Language
  • Created about 3 years ago
  • Updated about 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A communal outpouring of online resources for learning different things in cybersecurity

Security Resources

John Hammond & Cybersecurity Community | September 14th, 2021


This is a living document to host and contain links and resources for online wargames, practice environments, and activities to learn new things in cybersecurity.

General Wargames

Tools

Binary Exploitation

Kernel Exploitation

Tools

Browser Exploitation

Tools

  • BurpSuite - A graphical tool to testing website security.
  • Commix - Automated All-in-One OS Command Injection and Exploitation Tool.
  • Hackbar - Firefox addon for easy web exploitation.
  • OWASP ZAP - Intercepting proxy to replay, debug, and fuzz HTTP requests and responses
  • Postman - Add on for chrome for debugging network requests.
  • Raccoon - A high performance offensive security tool for reconnaissance and vulnerability scanning.
  • SQLMap - Automatic SQL injection and database takeover tool.
  • W3af - Web Application Attack and Audit Framework.
  • XSSer - Automated XSS testor.

Cryptography

Tools

  • CyberChef - Web app for analysing and decoding data.
  • FeatherDuster - An automated, modular cryptanalysis tool.
  • Hash Extender - A utility tool for performing hash length extension attacks.
  • padding-oracle-attacker - A CLI tool to execute padding oracle attacks.
  • PkCrack - A tool for Breaking PkZip-encryption.
  • QuipQuip - An online tool for breaking substitution ciphers or vigenere ciphers (without key).
  • RSACTFTool - A tool for recovering RSA private key with various attack.
  • RSATool - Generate private key with knowledge of p and q.
  • XORTool - A tool to analyze multi-byte xor cipher

Forensics

Tools

  • Aircrack-Ng - Crack 802.11 WEP and WPA-PSK keys.
    • apt-get install aircrack-ng
  • Audacity - Analyze sound files (mp3, m4a, whatever).
    • apt-get install audacity
  • Bkhive and Samdump2 - Dump SYSTEM and SAM files.
    • apt-get install samdump2 bkhive
  • CFF Explorer - PE Editor.
  • Creddump - Dump windows credentials.
  • DVCS Ripper - Rips web accessible (distributed) version control systems.
  • Exif Tool - Read, write and edit file metadata.
  • Extundelete - Used for recovering lost data from mountable images.
  • Fibratus - Tool for exploration and tracing of the Windows kernel.
  • Foremost - Extract particular kind of files using headers.
  • apt-get install foremost
  • Fsck.ext4 - Used to fix corrupt filesystems.
  • Malzilla - Malware hunting tool.
  • NetworkMiner - Network Forensic Analysis Tool.
  • PDF Streams Inflater - Find and extract zlib files compressed in PDF files.
  • Pngcheck - Verifies the integrity of PNG and dump all of the chunk-level information in human-readable form.
  • apt-get install pngcheck
  • ResourcesExtract - Extract various filetypes from exes.
  • Shellbags - Investigate NT_USER.dat files.
  • Snow - A Whitespace Steganography Tool.
  • USBRip - Simple CLI forensics tool for tracking USB device artifacts (history of USB events) on GNU/Linux.
  • Volatility - To investigate memory dumps.
  • Wireshark - Used to analyze pcap or pcapng files

Malware Analysis

Tools

Steganography

Tools

  • AperiSolve - Aperi'Solve is a platform which performs layer analysis on image (open-source).
  • Convert - Convert images b/w formats and apply filters.
  • Exif - Shows EXIF information in JPEG files.
  • Exiftool - Read and write meta information in files.
  • Exiv2 - Image metadata manipulation tool.
  • Image Steganography - Embeds text and files in images with optional encryption. Easy-to-use UI.
  • Image Steganography Online - This is a client-side Javascript tool to steganographically hide images inside the lower "bits" of other images
  • ImageMagick - Tool for manipulating images.
  • Outguess - Universal steganographic tool.
  • Pngtools - For various analysis related to PNGs.
    • apt-get install pngtools
  • SmartDeblur - Used to deblur and fix defocused images.
  • Steganabara - Tool for stegano analysis written in Java.
  • SteganographyOnline - Online steganography encoder and decoder.
  • Stegbreak - Launches brute-force dictionary attacks on JPG image.
  • StegCracker - Steganography brute-force utility to uncover hidden data inside files.
  • stegextract - Detect hidden files and text in images.
  • Steghide - Hide data in various kind of images.
  • StegOnline - Conduct a wide range of image steganography operations, such as concealing/revealing files hidden within bits (open-source).
  • Stegsolve - Apply various steganography techniques to images.
  • Zsteg - PNG/BMP analysis.

Reverse Engineering

Tools

Web Application Security

Operating Systems

Penetration testing and security lab Operating Systems*

Malware analysts and reverse-engineering*

Collections of installer scripts, useful tools

  • CTF Tools - Collection of setup scripts to install various security research tools.
  • LazyKali - A 2016 refresh of LazyKali which simplifies install of tools and configuration.

Tutorials to learn how to play CTFs

More Repositories

1

ctf-katana

This repository aims to hold suggestions (and hopefully/eventually code) for CTF challenges. The "project" is nicknamed Katana.
2,499
star
2

msdt-follina

Codebase to generate an msdt-follina payload
Python
1,602
star
3

katana

Katana - Automatic CTF Challenge Solver in Python3
Python
1,243
star
4

poor-mans-pentest

This a collection of the code that I have written for the Poor Man's Pentest presentation.
Shell
546
star
5

CVE-2021-34527

PowerShell
247
star
6

vbe-decoder

A Python3 script to decode an encoded VBScript file, often seen with a .vbe file extension
Python
181
star
7

oscp-notetaking

This repository houses some of the small scripts I had used to quickly document throughout my OSCP course. This was referenced on YouTube, and should be made available to others!
Shell
175
star
8

ignition_key

This is a small BASH script to quickly setup all the tools I would want and need on a new machine.
Shell
143
star
9

labs

Free and publicly available training labs and exercises, for quick copy-and-paste demonstrations, learning and education.
116
star
10

active_directory

Notes and resources for the Active Directory YouTube series on https://youtube.com/JohnHammond010
PowerShell
114
star
11

johnhammond.org

The code and material for my personal open-source website. (Flask, Gunicorn, Certbot)
HTML
75
star
12

archlinux

These are my notes and setup scripts while installing and preparing my Arch Linux environment.
Shell
74
star
13

pyminify

Compress a Python script to a command-line one-liner
Python
72
star
14

intro2linux

This is a clone of the of Introduction To Linux repo that I developed for the class I taught at the US Coast Guard Academy.
Python
65
star
15

thm

My adhoc and abhorrent notes and work for TryHackMe machines. This repository is for personal use but is made public in case other somehow benefit from it.
PowerShell
59
star
16

binnim

Shitty Nim code that reads in a file and converts it into \x hex representation, for the use of shellcode binaries.
Nim
49
star
17

notes

An Obsidian vault to Github Pages workflow to hopefully make me take notes
41
star
18

CVE-2012-2982

A Python replicated exploit for Webmin 1.580 /file/show.cgi Remote Code Execution
Python
40
star
19

c2c2

My new C2 framework
39
star
20

htbbizctf2021

Code and notes for the 2021 HackTheBox Business CTF
PowerShell
39
star
21

qr2unicode

Crappy Python code to render a QR code as "plaintext" with Unicode
Python
33
star
22

wfi

Windows File Integrity -- an archive of information on installed Windows binaries.
29
star
23

misfortune-ctf-challenge

A small binary exploitation challenge to demonstrate a typical return2libc attack
Dockerfile
29
star
24

netstatgo

Crappy Golang code to list local listening ports and their associated processes.
Go
28
star
25

underthewire

These are notes and code from my experience working through the UnderTheWire wargames.
PowerShell
26
star
26

overthewire_natas_solutions

As requested on YouTube, this is an archive of my Python scripts and code that I've used to solve the Natas challenges from OverTheWire.
Python
25
star
27

hackersyntax

Shell
24
star
28

training_wheels-public

The teaching vessel and "interactive textbook" that I am building for the Intro to Linux class at the USCGA.
Python
23
star
29

fakemsf

Fake msfconsole for the use in demonstrations
Ruby
21
star
30

CVE-2020-35846

Python PoC for CVE-2020-35846 targeting Cockpit 0.11.1
Python
16
star
31

devops

16
star
32

CVE-2021-4034

Bash implementation of CVE-2021-4034
16
star
33

sshkeys

A weaponized technique for SSH to accept an inserted public/private key. Useful for red team effects.
15
star
34

pcdc2019

This is a repository to house convenient things for the 2019 PCDC competition.
Shell
14
star
35

cipherplane

This Python code will quickly find duplicates or similarities in sets of data.
Python
11
star
36

bbfuzzer

Nightmare code I wrote and used for the Cyberstakes 2016 Breaking Binaries challenge. Managed to crack a good 200+ programs, though, more than any other team! This is the catalyst to a better utility: peach.
Python
11
star
37

autoctfd

This is a poor-mans framework to automate the creation of a CTFd instance, dynamically recreating challenges and the interface.
10
star
38

sandbox

My 1/c Senior Design project (at least the first half of it), aiming to synthesize virtualization and automation. I take advantage of VMware vCenter and PowerCLI to automate the process of creating a dynamic network.
Python
10
star
39

stix-attack-flow

Crappy code to work with MITRE Attack Flows with the stix2 Python library
Python
7
star
40

pim

"...my own endeavor to learn low-level programming and develop a kernel or operating system". I have not touched this in years and I consider it inactive at the current moment.
Shell
7
star
41

primefac_fork

a crappy "hack" or fork of the Python module primefac, but with a different modular inverse function
Python
4
star
42

bearshop

The online "Cadet Store" that my classmates asked me to build
Python
4
star
43

fake_cdx_forum

This is the fake website forum I created in JavaScript before CDX 2017.
HTML
4
star
44

CVE-2036-69420

uwu
4
star
45

circle

This is a testbed for CircleCI
PowerShell
3
star
46

cdx_2016

Relics and artifacts from the CDX 2016 exercise that should help us prepare for the future
Python
3
star
47

go-for-blaine

2
star