TUTORIALS

• CTFs

  • What are CTFs
  • PicoCTF walkthrough
  • Another walkthrough
  • Beginner’s Guide
  • CTF’s for beginners

• LINUX and BASH

  • Basic commands, Piping
  • File manipulation, Permissions
  • Scripts

• CRYPTOGRAPHY

  • Ciphers
  • Asymetric Encryption, Digital Signature
  • Hashing, Salt, Pepper, Checksum
  • Secret Key Exchange (Diffie-Hellman)

• NETWORKS

  • IP and Routing
  • Protocols- SSL, TCP, HTTPS
  • URL and DNS

• FORENSICS STEGANOGRAPHY

  • Magic number
  • LSB based steganography
  • Stegsolve and Zsteg for array-like formats .png .bmp
  • Steghide for .jpg
  • Bitwise operations on images

• BINARY- BUFFER OVERFLOW

  • Buffer Overflow
  • Function Stack

• FAMOUS VULNERABILITIES/ATTACKS

  • SQL injection
  • Cross site scripting (youtube, picoctf primer)
  • DDoS
  • Fork bomb

TOOLS

• Misc

  • man - used to display the user manual of any command that we can run on the terminal. The manaul is also refered as manpage.
    Usage: man <command>. For ex: man ls will display manual page for the ls command

• Crypto

  • Beginner’s guide
  • CyberChef
  • rsatool
  • hashing
    • openssl
  • Ciphers:
    • ceaser cipher
    • Vignere cipher
    • base64, base32, base16, base58, python lib
    • Morse code
    • Affine cipher
    • Atbash cipher
    • Route/spiral cipher
    • hill cipher

• Forensics (refer man pages of these tools)

  • binwalk - scans binary files for embedded files and executable code
  • hexdump - dumps binary file in hex format
  • strings - retrieves all strings from binary file
  • objdump - disassembles binary file
  • gdb - debugger
  • exiftool - reads metadata from files
  • python-read/write in binary
  • any hex editor (ghex, hexedit, bless, wxhexeditor, 0xED, hexer, hexcurse, bvi, …)
  • steghide for jpgs - embed and extract data from jpgs
  • stegsolve or steg online (detects plane manipulation, in png/bmp)
  • zsteg (detecting strings in LSB data png/bmp)
  • stegsnow - Hides data in ASCII text
  • stegosuite - GUI steganography tool
  • python -PIL (python image library) - for image manipulation

• Web (refer man pages of these tools)

  • curl - download files from web
  • wget - download files from web
  • postman - API testing
  • netcat - network utility for reading/writing from/to network connections
  • ssh - secure shell for remote login
  • wireshark - packet analyzer
  • nmap - network scanner
    • beginners
    • series
  • burpsuite - web application security testing
    • Youtube
    • portswigger tutorial
  • ifconfig - network interface configuration
  • ping - check if host is reachable

PRACTICE

https://ctftime.org/
https://overthewire.org/wargames/