README.md

USCGA Cyber Team

__Hey! If you are new, and you have the patience to read some things, start with this guide: ForTheNewbs.

The purpose of this repository is to act as a homebase for everything the USCGA Cyber Team does. This front page acts as an archive of tools, resources, and other materials. Other directories exist for specific events.

PicoCTF 2014	OverTheWire	Smash the Stack	Crackmes.de	Nuit Du Hack	FlareOn
ksnctf	Net Force	pwnable.kr	reversing.kr	VulnHub	Micro Corruption

External Write-ups

Solving challenges on your own is never enough; sometimes when you can't get the flag, you need to see how someone else solved it. I highly recommend keeping up with some blogs and other CTF enthusiasts to follow their own writeups. This is a really good place to go when you're bored!

| | | | | |
|------------|------------|------------|------------|------------|------------| | Whitehatters Academy | gn00bz | Obum Chidi | Sirius CTF Writeups | Nandy Narwhals | CTFHacker | | Tasteless | Dragon Sector | b01lers | Capture the Swag | 0x1337seichi | Internetwache | | pony7 | HighOn.Coffee | HackXCore | NUS GreyHats | Towers of Hanoi | 0daysober | | | | | | | |

Training

• CTFTime.org Competitions
• Computer Security Student
• Vulnerable Web Page
• RPISEC's Modern Binary Exploitation class
• Damn Vulnerable Web App
• crytopals.com Matasano Crypto Challenges

Resources/Readings

• General
  • Skull Security
  • MITRE Cyber Academy
  • Trail of Bits
  • CTFTime.org Writeups
  • Hexcellents CTF Knowledge Base
  • InsomniHack PDF
• Binary Exploitation
  • Buffer Overflows
    • insecure.org Tutorial
    • exploit-db Tutorial
    • How to Bypass ASLR...
    • Disable DEP/NX on Linux in Grub
  • Return Oriented Programming * Dive into ROP - a quick introduction to Return Oriented Programming * Return Oriented Programming Hands On Video
  • Shellcode * Beginning Writing Shellcode
  • Assembly * x86 calling conventions * Skull Security's Guide * CodeArcana's "A brief introduction to x86 calling conventions" * Assembly Programming Tutorial
  • GDB * Using GDB
  • PTrace * The Basics of PTrace
  • Format String printf Exploits * PicoCTF video * CodeArcana post
  • Miscellaneous * Exploiting strcpy * printf Format String Vulnerability 1. Syracuse Lecture Notes 2. Stanford Lecture Notes
  • Radare * Reverse Engineering with Radare2, Part 1 * Radare2 Book
• Network Forensics
  • Decrypting SSL Traffic with Wireshark
• Filesystems
  • The Second Extended Filesystem
  • SquashFS Howto
• Filetypes
  • GIFs
    • The Data in the Bytes
  • ZIP files
    • Recovering a ZIP file password
    • Cracking ZIP and RAR files with John the Ripper
• Linux
  • Ryan's Tutorials ... the basics and all-around "how-to" of Linux!
  • Linux Fundamentals ... a more in-depth book of Linux commands.
  • Environment Variables
  • The Linux System Administrator's Guide
  • Command Line Kung Fu
• Steganography
  • Long-Expose Photography with OpenCV/Hipshot
• Web Exploitation
  • sqlmap and Google Dorks
  • sqlmap training resources
  • Null Byte Injection in PHP
  • "NoSQL? No problem! Pillaging MongoDB for Fun and Profit"
  • Hacking NodeJS and MongoDB
  • Blackhat's "Server-Side JavaScript Injection"
  • "Server-Side JavasScript Web Shell Injection"
• Miscellaneous
  • UTF-9 RFC
  • Dumping WDigest Creds with Meterpreter Mimikatz/Kiwi in Windows 8.1
  • Exploiting Embedded Devices
  • scriptjunkie.us Building Secure Networks
  • Python pickles hacking
  • Abritrary code execution with Python pickles
  • ToolsWatch
  • Real World Haskell
  • Learn You a Haskell for Great Good!
  • capturer module in Python