We have selected the best resources for learning the background to play CTF! You can start from CTF Field Guide.
Find your favorite topic and go deeper!

We are happy to share our ZenHack meetings! We recorded all our lessons, so you can view them on Youtube right HERE!

Have fun ;-)

Reversing, analysis and exploiting

Debugging

  • Linux:
    • GNU Project debugger (GDB) allows you to see what is going on `inside’ another program while it executes – or what another program was doing at the moment it crashed. Here you can find a command cheatsheet and some useful tool to improve the usability of GDB.
  • Windows:
    • x64dbg is an open-source x64/x32 debugger for Windows. It is always under development and provides a GUI to the user instead of the command line.

Web

  • mockbin Mockbin allows you to generate custom endpoints to test, mock, and track HTTP requests & responses between libraries, sockets and APIs.
  • WPScan WPScan is a black box Wordpress Vulnerability Scanner.
  • recon-ng is a full-featured Web Reconnaissance framework written in Python. Complete with independent modules, database interaction, built in convenience functions, interactive help, and command completion, Recon-ng provides a powerful environment in which open-source web-based reconnaissance can be conducted quickly and thoroughly.
  • ZAP, Zed Attack Proxy is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. It can help you automatically find security vulnerabilities in your web applications while you are developing and testing your applications. Its also a great tool for experienced pentesters to use for manual security testing.
  • nikto is a web server scanner which performs comprehensive tests against web servers for multiple items, including over 6700 potentially dangerous files/programs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for server configuration items such as the presence of multiple index files, HTTP server options, and will attempt to identify installed web servers and software.
  • XSS Hunter allows you to find all kinds of cross-site scripting vulnerabilities, including the often-missed blind XSS. The service works by hosting specialized XSS probes which, upon firing, scan the page and send information about the vulnerable page to the XSS Hunter service.
  • BeEF it is a penetration testing tool that focuses on the web browser. BeEF allows the professional penetration tester to assess the actual security posture of a target environment by using client-side attack vectors.
  • sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

Crypto

  • Coursera - Cryptography I
    Cryptography is an indispensable tool for protecting information in computer systems. In this course you will learn the inner workings of cryptographic systems and how to correctly use them in real-world applications.
  • RsaCtfTool: uncipher data from weak public key and try to recover private key Automatic selection of best attack for the given public key
  • FeatherDuster: an automated, modular cryptanalysis tool

YouTube

Misc

  • ChALkeR notes is a collection of useful documents regarding different aspects of Cyber Security.
  • ctf-tools is a collection of setup scripts to create an install of various security research tools.