commit

2021-03-08 21:57:30 -06:00
parent 91795c82cc
commit ac00e8ae42
17 changed files with 267 additions and 44 deletions
--- a/Defense/0_Where_To_Start/README.md
+++ b/Defense/0_Where_To_Start/README.md
--- a/Defense/00_Archive/images/318feea7cf1545feb4dcfd711f64b263.png
+++ b/Defense/00_Archive/images/318feea7cf1545feb4dcfd711f64b263.png
--- a/Defense/00_Archive/images/CD
+++ b/Defense/00_Archive/images/CD
--- a/Defense/00_Archive/images/asciiTable.png
+++ b/Defense/00_Archive/images/asciiTable.png
--- a/Defense/00_Archive/images/fileanalysis.png
+++ b/Defense/00_Archive/images/fileanalysis.png
--- a/Defense/00_Archive/images/filesignatures.png
+++ b/Defense/00_Archive/images/filesignatures.png
--- a/Defense/00_Archive/images/headerformat.png
+++ b/Defense/00_Archive/images/headerformat.png
--- a/Defense/00_Archive/images/headerformat2.png
+++ b/Defense/00_Archive/images/headerformat2.png
--- a/Defense/00_Archive/images/mainLogo.png
+++ b/Defense/00_Archive/images/mainLogo.png
--- a/Defense/00_Archive/images/ports.png
+++ b/Defense/00_Archive/images/ports.png
--- a/Defense/1_Beginner/Cybersecurity
+++ b/Defense/1_Beginner/Cybersecurity
--- a/Defense/1_Beginner/README.md
+++ b/Defense/1_Beginner/README.md
--- a/Defense/Dark_Web/README.md
+++ b/Defense/Dark_Web/README.md
--- a/Defense/Dark_Web/darkweb.txt
+++ b/Defense/Dark_Web/darkweb.txt
--- a/Defense/Practice/README.md
+++ b/Defense/Practice/README.md
@@ -1,40 +0,0 @@
-# Practice
-I'm just going to paste a bunch of sites. I'll fix it up and make it look nice some time next week.
-
-Stay up to date with the world of linux:<br>
-https://www.linux.com/ <br>
-<br>
-
-Learn about current cyber security news <br>
-https://www.reuters.com/news/archive/cybersecurity <br>
-<br>
-
-Learn hands on cyber security techinques. The virtual machines for this site are already in the Virtual Machine directory with the directions on how to install them. Yeah I know, I'm awesome.  <br>
-https://seedsecuritylabs.org/index.html <br>
-<br>
-
-The following is a link to a website in which you can buy some great course and learn a whole lot. Don't <b>EVER</b> pay full price for a course. Just put it in your wishlist, wait a few days, and then check again; There will be a sale.<br>
-https://www.udemy.com/ <br>
-<br>
-
-Practice your cyber security skills. <br>
-https://0x00sec.org/ <br>
-
-Core hacking course on youtube <br>
-https://www.youtube.com/playlist?list=PLMGUdaTHpFQLmSAk5_cTM8Y502hhVpeNf <br>
-<br>
-
-Linux Commands <br>
-https://www.mediacollege.com/linux/command/linux-command.html <br>
-<br>
-
-Web hacking <br>
-https://www.pentesterlab.com/ <br>
-
-https://www.hackthissite.org/ <br>
-<br>
-
-Over the wire wargames<br>
-https://overthewire.org/wargames/ <br>
-
-
--- a/Defense/Resources/README.md
+++ b/Defense/Resources/README.md
@@ -0,0 +1,263 @@
+# Practice
+I'm just going to paste a bunch of sites. I'll fix it up and make it look nice some time next week.
+
+Stay up to date with the world of linux:<br>
+https://www.linux.com/ <br>
+<br>
+
+Learn about current cyber security news <br>
+https://www.reuters.com/news/archive/cybersecurity <br>
+<br>
+
+Learn hands on cyber security techinques. The virtual machines for this site are already in the Virtual Machine directory with the directions on how to install them. Yeah I know, I'm awesome.  <br>
+https://seedsecuritylabs.org/index.html <br>
+<br>
+
+The following is a link to a website in which you can buy some great course and learn a whole lot. Don't <b>EVER</b> pay full price for a course. Just put it in your wishlist, wait a few days, and then check again; There will be a sale.<br>
+https://www.udemy.com/ <br>
+<br>
+
+Practice your cyber security skills. <br>
+https://0x00sec.org/ <br>
+
+Core hacking course on youtube <br>
+https://www.youtube.com/playlist?list=PLMGUdaTHpFQLmSAk5_cTM8Y502hhVpeNf <br>
+<br>
+
+Linux Commands <br>
+https://www.mediacollege.com/linux/command/linux-command.html <br>
+<br>
+
+Web hacking <br>
+https://www.pentesterlab.com/ <br>
+
+https://www.hackthissite.org/ <br>
+<br>
+
+Over the wire wargames<br>
+https://overthewire.org/wargames/ <br>
+
+
+Tools to download <br>
+
+Read<br>
+https://trailofbits.github.io/ctf/ <br>
+https://trailofbits.github.io/ctf/exploits/binary1.html <br>
+
+
+FORENSICS: <br>
+Volatility <br>
+https://github.com/volatilityfoundation/volatility/wiki/Command-Reference <br>
+
+Autopsy <br>
+is an easy to use, GUI-based program that allows you to efficiently analyze hard drives and smart phones. <br>
+It has a plug-in architecture that allows you to find add-on modules or develop custom modules in Java or Python. <br>
+https://www.autopsy.com/ <br>
+
+The Sleuth Kit <br>
+is a collection of command line tools and a C library that allows you to analyze disk images and recover files from them. <br>
+It is used behind the scenes in Autopsy and many other open source and commercial forensics tools. <br>
+https://www.sleuthkit.org/ <br>
+
+FTK Imager <br>
+https://accessdata.com/product-download/ftk-imager-version-4-2-0 <br>
+
+Git Version Control <br>
+Learn git <br>
+https://en.wikipedia.org/wiki/Git <br>
+https://try.github.io/ <br>
+
+binwalk <br>
+https://github.com/ReFirmLabs/binwalk <br>
+
+
+
+BINARY EXPLOITATION: <br>
+GDB <br>
+https://www.gnu.org/software/gdb/ <br>
+
+pwntools <br>
+https://github.com/Gallopsled/pwntools#readme <br>
+
+gdb enhanced features <br>
+https://gef.readthedocs.io/en/latest/config/ <br>
+
+binary ninja <br>
+https://binary.ninja/ <br>
+
+
+
+DATA: <br>
+Quickly parsing data, patching data or looking for hidden metadata <br>
+
+Hex editor GHex <br>
+https://wiki.gnome.org/Apps/Ghex <br>
+
+Online tool hexed <br>
+https://hexed.it/ <br>
+
+Bless is a binary (hex) editor, a program that enables you to edit files as a sequence of bytes. It is written in C# and uses the Gtk# bindings for the GTK+ toolkit. <br>
+https://github.com/bwrsandman/Bless <br>
+
+The following commands are going to be helpful: <br>
+strings, file, exiftool <br>
+
+and as always you can use Python to help <br>
+
+
+
+NETWORK TRAFFIC ANALYSIS: <br>
+Wireshark <br>
+is probably already installed <br>
+https://www.wireshark.org/ <br>
+
+The Telnet protocol is an old, insecure protocol used to remotely login to and administer computers <br>
+
+tshark <br>
+network protocol analyzer. It lets you capture packet data from a live network, or read packets from a previously saved capture file, either printing a decoded <br>
+form of those packets to the standard output or writing the packets to a file. <br>
+https://www.wireshark.org/docs/man-pages/tshark.html <br>
+
+Scapy <br>
+Scapy is a powerful interactive packet manipulation program. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, match requests and replies, and much more. <br>
+https://scapy.net/ <br>
+
+Get familiar with <br>
+netcat <br>
+https://linux.die.net/man/1/nc <br>
+
+nmap <br>
+https://nmap.org/ <br>
+
+
+
+WEB APPLICATION EXPLOITATION: <br>
+modify XHR requests, tinker with POST data, adjust query string parameters and get confident with header or cookie manipulation, so research on those. <br>
+
+Burp Suite <br>
+https://portswigger.net/bur <br>
+
+OWASP ZAP <br>
+https://www.zaproxy.org/ <br>
+
+ensure you're familiar with your browsers dev tools - get used to the Console, Network and Application tabs. <br>
+
+InspectElement by right-clicking on the site or F12 <br>
+exploit trusted client input <br>
+manipulate cookie data <br>
+
+SQL Injection <br>
+https://owasp.org/www-community/attacks/SQL_Injection <br>
+
+
+
+OPEN SOURCE INTELLIGENCE: <br>
+exif online image viewer <br>
+http://exif.regex.info/exif.cgi <br>
+
+DNS record types, which is defined initially in RFC 1035 by the Internet Engineering Task Force (IETF) in November 1987, the portion of the RFC detailing DNS TYPE values is available via <br>
+https://tools.ietf.org/html/rfc1035#page-12 <br>
+
+There will be questions in that you can just google <br>
+
+SSL certificates help to secure the communication between a client and a server. Most modern browsers should have an interface to view the certificates in a SSL certificate chain. <br>
+
+Online barcode reader <br>
+https://online-barcode-reader.inliteresearch.com/ <br>
+
+
+
+CRYPTOGRAPHY: <br>
+Intro to number systems and binary <br>
+https://www.khanacademy.org/math/algebra-home/alg-intro-to-algebra/algebra-alternate-number-bases/v/number-systems-introduction <br>
+or <br>
+https://www.purplemath.com/modules/numbbase.htm <br>
+or <br>
+https://betterexplained.com/articles/numbers-and-bases/ <br>
+
+Conversion tools <br>
+https://www.rapidtables.com/convert/number/hex-to-ascii.html <br>
+The 0x is used to indicate that the value is hexadecimal and should not be converted. <br>
+
+https://www.base64decode.org/ <br>
+
+https://www.binaryhexconverter.com/binary-to-ascii-text-converter <br>
+
+ROT13 <br>
+https://rot13.com/ <br>
+
+http://rumkin.com/tools/cipher/atbash.php <br>
+
+Morse code translator <br>
+https://morsecode.world/international/translator.html <br>
+
+Commands: <br>
+strings <br>
+
+
+
+PASSWORD CRACKING: <br>
+Hashcat <br>
+https://hashcat.net/wiki/doku.php?id=dictionary_attack <br>
+
+Rockyou wordlist download link <br>
+downloads.skullsecurity.org/passwords/rockyou.txt.bz2 <br>
+
+CeWL <br>
+https://tools.kali.org/password-attacks/cewl <br>
+
+ophcrack <br>
+https://ophcrack.sourceforge.io/download.php?type=ophcrack <br>
+
+XP Special wordlists <br>
+https://ophcrack.sourceforge.io/tables.php <br>
+
+
+
+LOG ANALYSIS: <br>
+Commands that will be helpful <br>
+cat | cut | sort | uniq | wc | awk | grep  <br>
+
+DB browser for SQLite on ParrotOS <br>
+
+
+Epoch Converter <br>
+https://www.epochconverter.com/ <br>
+
+
+
+WIRELESS ACCESS EXPLOITATION: <br>
+aircrack-ng <br>
+https://www.aircrack-ng.org/ <br>
+
+Rockyou wordlist <br>
+Wireshark <br>
+
+use aircrack after finding the beacon bssid and use -b argument Select the target network based on the access point MAC address.  <br>
+aircrack-ng   -w   /usr/share/wordlists/rockyou.txt   -b   C0:4A:00:80:76:E4   PCAP3.cap  <br>
+
+
+
+ENUMERATION AND EXPLOITATION: <br>
+Understand and analyze vulnerabilities in code <br>
+
+uncompyle2 <br>
+https://github.com/Mysterie/uncompyle2 <br>
+
+Machine code instructions <br>
+https://en.wikipedia.org/wiki/Machine_code <br>
+
+Assembly Language <br>
+https://en.wikipedia.org/wiki/Assembly_language <br>
+
+Buffer overflow attack <br>
+https://owasp.org/www-community/attacks/Buffer_overflow_attack <br>
+
+Symbols <br>
+https://en.wikipedia.org/wiki/Symbol_(programming) <br>
+
+Functions <br>
+https://en.wikipedia.org/wiki/Subroutine <br>
+
+The main function <br>
+https://en.wikipedia.org/wiki/Entry_point#C_and_C++ <br>
--- a/UACTF/README.md
+++ b/UACTF/README.md
@@ -23,10 +23,10 @@ The following provides additional information and links for some of the challeng
 to assist the students in preparing for UACTF 2021.<br>

 [Code Breaking and Decoding](/"Crimson Defense"/Skills/Code_Breaking)<br>
-[File Analysis](/Skills/File_Analysis)<br>
-[Network Traffic Analysis](/Skills/Network_Traffic_Analysis)<br>
-[Website Security](/Skills/Website_Security)<br>
-[Reverse Engineering](/Skills/Reverse_Engineering)<br>
+[File Analysis](/Crimson Defense/Skills/File_Analysis)<br>
+[Network Traffic Analysis](/Crimson Defense/Skills/Network_Traffic_Analysis)<br>
+[Website Security](/Crimson Defense/Skills/Website_Security)<br>
+[Reverse Engineering](/Crimson Defense/Skills/Reverse_Engineering)<br>

 Again, the above is not an all-inclusive list of topics for UACTF, but it is a good starting
 point for teams. There is no right or wrong way to prepare for this event, and there are