CTF-Writeups

• 2021

  • BambooFox CTF 2021
  • HTCF Mid CTF 2021 (only for NSYSU course)

• 2020

  • TCat CTF 2020
  • TJCTF 2020
  • HTCF Mid CTF 2020 (only for NSYSU course)

• 2019

  • X-MAS CTF 2019
  • BambooFox CTF 2019 (2020 new year's eve)
  • AIS3 EOF CTF 2019

Useful tool

Web

• Wireshark
• Web-CTF-Cheatsheet
• GitHacker: A Git source leak exploit tool that restores the entire Git repository.
• Sublist3r: Fast subdomains enumeration tool for penetration testers
• nmap: Network discovery and security auditing.
  • Common command: nmap -Pn -sT -sV -p0-65535 {target_ip}
• dirb
• sqlmap: Automatic SQL injection and database takeover tool.
• wfuzz: Web application fuzzer.
• Basic Command
  • ping
  • whois
  • nslookup
  • dig
  • traceroute
  • tcpdump
• Chromium Extension
  • EditThisCookie
  • Wappalyzer
  • ModHeader

Crypto

• CTF overview (HackMD)
• factordb (online)
• quipquip (online)
• Cyberchef (online)
• Hashcat
• John the Ripper
• RsaCtfTool: RSA attack tool (mainly for ctf).
• Wordlists
  • rockyou.txt
  • 10k-most-common.txt

Malware Analysis (Reverse Engineering / Pwn / Forensics)

File

• CFF Explore: A powerful PE editor for analyzing and modifying executable files.
• PE-bear: A multiplatform reversing tool for PE files, with a focus on malware analysis. (Open source)
• PEStudio: A versatile tool for static analysis of PE files, with features for malware detection and optimization.
• Stud_PE (Long-term not updated): A portable PE editor with support for analyzing imports, exports, and other binary information.
• PEiD: A popular tool for detecting packers, cryptors, and compilers used in PE files, with an extensive signature database.
• Detect It Easy: A cross-platform program for identifying file types and analyzing their structure, with support for custom signatures and plugins.
• Exeinfo PE: A fast and comprehensive tool for analyzing and debugging executable files, with support for unpacking and deobfuscating common packers and protectors.
• FileAlyzer: A feature-rich tool for analyzing and inspecting various file types, with a focus on security and privacy.

Network

• Wireshark: A widely-used network protocol analyzer for Windows, Linux, and macOS.
• Telerik Fiddler: A free web debugging proxy tool that logs all HTTP(s) traffic between your computer and the internet.
• scapy: A powerful Python-based interactive packet manipulation program and library.
• FakeNet: A dynamic network analysis tool designed for malware analysis and cyber defense research.
• Sysinternals Suite: TCPview: A network monitoring tool that shows detailed listings of all TCP and UDP endpoints on a system, including local and remote addresses and state of TCP connections.

Decompiler

• hex-rays IDA: A powerful and widely-used disassembler and debugger.
  • capa: The FLARE team's open-source tool to identify capabilities in executable files.
• Ghidra: An open source software (OSS) projects developed within the National Security Agency.
• JD-GUI: A fast Java decompiler.
• pyinstxtractor: A tool to extract PyInstaller executables.
• Binary Ninja: A reverse engineering platform and GUI.

Debugger

• hex-rays IDA: A powerful and widely-used disassembler and debugger.
• x64dbg: An open-source x64/x32 debugger for windows.
• Ollydbg (long-term not updated): A 32-bit assembler level analysing debugger for MS Windows.
• WinDbg: A multipurpose debugger for the MS Windows computer operating system, distributed by Microsoft.
• dnSpy: .NET debugger and assembly editor.

Others

• pwntool: CTF framework and exploit development library.
• Pwngdb: Developed by Angelboy.
• 010 editor: A professional-grade text editor and hex editor designed to quickly and easily edit any file or drive.
• HxD: A fast hex editor that, in addition to raw disk editing and modifying main memory (RAM), can handle files of any size.
• Hiew: View and edit files of any length in text, hex, and decode modes.
• HashMyFile: Calculate file hashes and compare them for multiple files.
• Process Hacker: A free, powerful, multi-purpose tool that helps you monitor system resources, debug software and detect malware.
• Systracer
• Regshot: A free and open-source registry comparison tool that allows you to take snapshots of the Windows registry and compare them to identify any changes
• InstallRite long-term not updated: A free utility tool that allows users to create a snapshot of the system before and after installing an application, making it easier to track changes the program.
• Sysinternals Suite: MS official tools, contains the individual troubleshooting tools and help files
  • Process Monitor: An advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity.
  • Process Explorer
  • TCPview
  • Autoruns
• Memory dump analysis
  • Volatility: An advanced memory forensics framework.
  • Bulk Extractor: A C++ program that scans a disk image, a file, or a directory of files and extracts useful information without parsing the file system or file system structures.
• Basic linux command
  • file
  • objdump
  • binwalk

Misc

Steganography

• aperisolve (online)
• stegsolve: Image stenography solver.
• openstego: Steganography application provides "Data Hiding" & "Watermarking" functionalities.
• TweakPNG: A low-level PNG image file manipulation utility for Windows.
• foremost
• QRazyBox: QR Code Analysis and Recovery Toolkit.

Others

• Proof of Work (Balsn)
• Metasploit
• Empire: A PowerShell and Python post-exploitation agent.