Skip to main content
Ctrl+K
Logo image
  • The Cyber Toolkit

Goals

  • Digital Forensics and Incident Response
    • KAPE - Kroll Artifact Parser and Extractor
    • Volatility
    • Event Viewer
    • Windows Process
    • Windows Registry
    • Zimmerman
  • Endpoint Detection & Response
    • Splunk
    • Yara
    • SysInternals
      • File and Disk Tools
      • Misc Tools
      • Process Utilities
      • Sysmon
  • General Education Topics
    • The Basics
      • Attacks
      • Threats
      • Vulnerabilities
    • Cisco Programming
    • Cyberchef
    • DHCP
    • DNS
    • Email Protocols
    • File Transfer to Machines
    • FTP
    • Grep
    • HTTP
    • Kali
    • Kerberos Attacks
    • NFS
    • OWASP Top 10 - 2021
    • OS Query
    • Passwords
    • PowerShell
    • SSH
    • Telnet
    • The OSI Model
    • Upload Vulnerabilities
    • Windows Active Directory
    • Frameworks
      • Mitre
      • Mitre ATT&CK
      • MITRE CARs
      • MITRE Defend
      • MITRE Engage
      • Killchain Overview
      • Killchain - Info Gathering
      • Killchain - Weaponization
  • Hashes
    • Hashcat
    • HashID
    • Hydra
    • John The Ripper
  • Malware Analysis
    • Oletools
    • Reverse Engineering
  • Network Monitoring
    • Snort
    • TCPDump
    • TShark
    • Wireshark
  • Microsoft Purview
    • Compliance Portal
    • Information Protection Scanner
    • Integration Runtime
    • Kusto Query Language (KQL)
    • Microsoft 365 Encryption
    • Sensitivity Labels
  • Red Teaming
    • Collection_Home
      • MimiKatz
    • Credential Access
    • Discovery Home
      • Ettercap & Bettercap
      • Impacket
    • Execution
      • Armitage
      • Metasploit Framework
      • Msfvenom
      • Searchsploit
    • Initial Access
      • Netcat
      • Social Engineering Toolkit (SET)
      • Stabilising a shell
    • Lateral Movement
      • Kerbrute
      • Rubeus
    • Persistence
    • Privelige Escalation
      • BloodHound
      • Evil-WinRM
      • Linux Exploit Suggester
      • LinEnum
      • LinPeas
      • Linux Fun
      • Linux Privelige Escalation
      • Powerup
      • Windows ‘Fun’ Stuff
      • Windows Persistence
      • Windows PrivEsc
    • Recon
      • Maltego
      • Nmap
      • Nping
      • Recon-ng
  • Steganography
    • Binwalk
  • Threat Intelligence
  • Vulnerability Management
    • Nessus
    • OpenVAS
  • Web Exploitation
    • Burp Suite
      • Burp Suite - Intruder
      • Burp Suite - Repeater
    • Gobuster
    • LFI
    • Nikto
    • Request Forgeries
    • SQL Injection
    • WFUZZ
    • XSS

Home Lab Setup

  • HomeLab
  • Building Snort
  • Building Snort V2
  • Building Splunk
  • OpenKylin

My Programs

  • My Programs
    • File Downloader
    • Web Brute Force Program

Other (Mainly things I still need to do...)

  • Formatting Notes
  • Things to Do
  • Cloud Providers - Azure
  • CTF Links

Practice Rooms

  • Advent Of Cyber Side Quest 2023
    • Advent Of Cyber - Side Quest 1
    • Advent Of Cyber - Side Quest 2
  • HoloLive
    • HoloLive Walkthrough - Task 8
    • HoloLive Walkthrough - Task 9
    • HoloLive Walkthrough - Task 10
  • Kusto Detective Agency Season 1 (Challenge 0)
    • Kusto Detective Agency Season 1 (Challenge 1)
    • Kusto Detective Agency Season 1 (Challenge 2)
    • Kusto Detective Agency Season 1 (Challenge 4)
    • Kusto Detective Agency Season 1 (Challenge 5)
  • Agent Sudo
  • Mr Robot
  • Terminator
  • Overpass
  • LazyAdmin
  • Startup
  • Ninja
  • Lian_Yu
  • Tomghost
  • Ignite
  • Labtainers
  • .ipynb

CTF Links

CTF Links#

List of practice sites for CTF challenges I got this list from my study, but have increased/modified/altered for my purposes

  • bWAP

    • A buggy web app, like Juice shop

  • Cryptopals

    • Cryptographic programming challenges

    • I like the look of this one, the humour isnt bad either (and I think I can do 9th grader maths…)

  • CTF365

    • This one is interesting, probably my next step. You build a server in a virtual internet, where anything is permitted.

    • Looks like a GREAT way to work on blue teaming and red.

  • CTFlearn

    • Looks like general ctf practice. You need an account though

  • CTFTime

    • A running dashboard of ongoing/planned CTFs

  • Game of Hacks

    • Focused around application pen testing (actual code, not web apps)

  • Google Gruyere

    • Vulnerable web app, stored online

    • It specifies what level of attack is needed (black box, white-check code, mix)

  • Google XSS Game

    • Cross-site scripting for beginners

  • Hack.me

    • Looks to be removed, provided by eLearnSecurity

    • Maybe turned to THM?

  • Hacking-Lab

    • CTFs, event based.

  • HackTheBox (HTB)

    • A collection of rooms with many challenges.

  • IO

    • Looks to be an application / assembly wargame.

  • Juice shop

    • Vulnerable web app

    • Provided by OWASP, web pen testing

  • Microcorruption

    • ARM disassembling

    • Includes a tutorial… And a nice storyline.

    • My assembly is a bit rusty. Something for later I think

  • Over The Wire wargames

    • Pure SSH hacking

  • OWASP WebGoat 1.2

    • Insecure java application.

  • picoCTF

    • CTF by Carnegie Mellon Uni

    • Includes learning, competitions, CTF etc

  • Portswigger’s Web Security Academy

    • Web security training from the guys who made burpsuite

  • pwn0

    • looks to be taken down

  • pwnable.kr

    • A very casual (and korean?) CTF

    • Includes some basic videos

  • pwnable.tw

    • More CTF/wargame but more binary based

    • Looks to have not been updated in a while (start 2020)

  • Reversing.kr

    • Odly enough, reverse engineering.

    • Windows, linux, .NET, Flash, Java, Python

    • As you can probably guess with the mention of Flash, hasnt been updated since End 2014

  • RingZer0 Team Online CTF

    • Hosted by Northsec?

    • CTF challengs, including a RCEH? (RingZer0 Certified Elite Hacker)

    • Most of us use the E as ETHICAL hacker, so not sure about the lelgitimacy of this one…

  • Root Me

    • Community run CTF

    • Includes a paid tier

  • SmashTheStack

    • A wargaming network (joined ith OverTheWIre and IO above)

    • Wargames are challenges to complete

  • Typhoon vulnerable VM

    • DENIED

  • XSS Challenge Wiki

previous

Cloud Providers - Azure

next

Advent Of Cyber Side Quest 2023

By Paul Williams

© Copyright 2022.