[TOC]
This repo aims to consolidate experience gain from a recent CTF competition recording the different tool, tutorials and notes used during the lead up to and the competition.
Challenges were categorised as the following:
- Investigation
- Reverse engineering or code and ELF
- Steganography
- Cryptography
- Penetration
- Gain access to a server or webpage
- Intelligence
- Searching open source internet
- Detection
- Analysing network traffic for insider threat and external threat actors
The CTF categorised the difficulty of challenges as follows:
- Novice
- Advanced Beginner
- Competent
- Proficient
- Expert
The primary OS used was Kali Linux. https://www.kali.org/ Kali has most of the tools required. Kali can run in VMWare. Running virtual machines is recommended as sometimes the puzzels contain executables where their origin is unknown.
When start a challenge as a beginner, it would be best to look at a reference like Mitre Att&ck - https://attack.mitre.org/techniques/T1187/ to assist with the start point.
- Cyber Chef - https://gchq.github.io/CyberChef/
- Crack Station - https://crackstation.net/
- dCode - https://www.dcode.fr/en
- Hashes - https://hashes.com/en/decrypt/hash
- https://hashcat.net/wiki/doku.php?id=hashcat
- https://www.openwall.com/john/
- Rockyou.txt - https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt
- https://github.com/henriksb/ZipCrack
- Ghidra https://ghidra-sre.org/
- Visual studio Code
- Python Extensions
- SQL extensions
- C extensions
-
Visual Studio Code
- Visual Studio with SQL is needed to assist with correct formatting for SQL Injection attacks.
-
NetCat
-
SQL Injection - See the SQL Injection topic