| Problem Area | Resource/Tool | Notes |
|---|---|---|
| OSINT | Hack Control | Has links to a scary amount of information gathering tools. |
| OSINT | NCL Twitter/Cyber Kat's Website and Cyber Kat's Twitter | In the past hints and even required parts of challenges have been found here |
| OSINT | Sherlock | Useful for finding online/social accounts |
| OSINT | QRazyBox | Good QR code reconstruction tool |
| Cryptography | CyberChef | Good general purpose cyber tool |
| Cryptography | Cryptii | Site with various cipher operations |
| Cryptography | DCode | Site with some cipher's. Is in French though. |
| Cryptography | Stego-Tools | Docker container loaded with stenography tools. |
| Cryptography | Digital Invisible Ink Toolkit | Stenography tool commonly used in NCL |
| Cryptography | Boxentriq | Useful for identifying ciphers |
| Password Cracking | hashes.com | Figure out what type of hash you have |
| Password Cracking | Crackstation | Good for quickly checking if it is something really common. |
| Password Cracking | Rainbow Tables | Another online rainbow table |
| Password Cracking | Hashcat | Password 'recovery' utility |
| Password Cracking | Mask Processor | Useful for generating custom wordlists |
| Password Cracking | Cracken | Wordlist generation tool. Supposedly faster than mask processor. |
| Password Cracking | Seclists | Useful wordlists |
| Network Traffic Analysis | Wireshark | Useful for capturing and analyzing network traffic |
| Wireless Access Exploitation | Aircrack-ng | For collecting and cracking wireless passwords |
| Enumeration and Exploitation | Ghidra | Awesome tool for reverse engineering compiled binaries. WARNING! Made by the NSA, suggest running this one in a virtual machine. |
| Enumeration and Exploitation | Strings Command | Useful for finding hardcoded strings inside of a binary. |
| Enumeration and Exploitation | Radare2 | reverse engineering toolset |
| Enumeration and Exploitation | uncompyle6 | Python decompiler |
| Enumeration and Exploitation | ILSpy | Incredibly useful .NET decompiler |
| Forensics | Autopsy | Useful tool for when you need to examine a system for deleted or hidden information. |
| Scanning | Nmap | Use this for detecting machines, ports, services, and operating systems on a network. |
| Scanning | Feroxbuster | Website directory scanner. Feels a little more modern than its counterparts dirbuster and gobuster |
| Web Application Exploitation | wpscan | Useful for discovering plugins and users on Wordpress sites. |
| Web Application Exploitation | Wappalyzer | Useful for getting the general technology stack a website is running with. |
| Web Application Exploitation | sqlmap | A SQL injection tool |
- developer tools (inspect element), curl, wget
- remember to check for robots.txt and .git
- sql injections
- Github may have repositories under fake (or even official) NCL accounts
Feel free to message me on resource or tips you'd like to see in here!