Evan McBroom talked about some of his favorite tools for use in CTF. Myself and others in the audience also suggested some.
- Windows VM
- Set up all your tools and make a snapshot so you can revert back to it after each CTF
- IDA Pro
- Binary Ninja
- Cheaper than IDA and just as good for CTFs, made specifically for CTFs
- ~$100
- Hopper
- Geared toward iOS, Mac OS jailbreaking communities
- Radare
- Not phenomenal, bust still useful
These are good to know since you can effectively decompile binaries written from these languages, which you'll find in CTFs
- Lua
- Python
- JAVA
- RE 4 beginners
- Malware Unicorn's courses
- Familiarity with some decent debugger
- WinDebug
- gdb
- qira
- Made specifically for CTFs
- Python + pwntools
- peda
- extension for gdb
- pwndbg
- Recommended over peda
- Very useful even for normal programming
- Humble bundle that's out right now
- Hacking: The Art of Exploitation
- OverTheWire.org
- Pwnable.kr
- Later, Pwnable.tw
- Microcorruption.com
- A lot of fun, breaking into a bank
- Uses MSP430
- xor-tool
- cribdrag
- For when you have a message encrypted via xor, but don't know the key
- If you know the flag's shape ("DCTF{sha256}"), this is especially useful
- hashcat
- Breaking hashes if you have a guess of original text
- python modules
- libnum
- pycrypto
- Wikipedia, actually
- Cryptopals.com
- Additional problems can be received by sending in solutions to all of the problems on the site
- BurpSuite
- Extremely useful
- dirbuster
- Hopefully never need it, but some poorly managed CTFs on the other hand...
- Sqlmap
- Useful if you think a field can be SQL injected, but don't know where to go from there
- Even shows you how it was determined
- Chrome DevTools
- All things frontend
- Network controls
- JavaScript full control
- curl
- Damn Vulnerable Web App
- Maybe not most up-to-date, but still very useful
- OWASP.org
- Learn about all sorts of vulnerabilities etc
- Wireshark
- All sorts of network inspection tools
- Great for all those pcap files
- Scapy
- Python module for scripting with pcaps
- FTK Autopsy
- dd
- Convert and copy, but cc was taken
- Volatility
- RAM images
- Ettercap
- Man in the middle attacks
- Bettercap is a "better" alternative too
THANKS BRAH