DL
Security

CTF ToolsSparkle

Published on 01 Apr 2022

A collection of helpful tools and links to help you on your CTF journey.

What will you learn?

Capture the Flag (CTF)

In cybersecurity, CTF competitions are exercises in which participants, are challenged to find and exploit vulnerabilities in a system to capture a "flag" or piece of information

Web Application

  1. Burp Suite. A paid platform but a useful for performing security testing of web applications. More suitable for experienced people.
  2. ZAP. OWASP ZAP is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professionals.
  3. SQL Map. An overpowered open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

Forensics

  1. Aircrack-ng. A complete suite of tools to assess WiFi network security.
  2. Wireshark. Analysing network packets.
  3. Audacity. Analyze sound files (usually helpful in those morse code challenges).
  4. Exif tool. A cli tool to inspect files to see if they contain any hidden file signatures.
  5. Microsoft Paint. Useful for uncovering hidden messages in images. If you don't have a Windows machine, you might find this link helpful.

Reverse Engineering

  1. Binwalk. Binwalk is a tool for searching a given binary image for embedded files and executable code. Specifically, it is designed for identifying files and code embedded inside of firmware images.
  2. Binary-Ninja. An interactive disassembler, decompiler, and binary analysis platform
  3. Ghidra. An NSA developed tool for reverse engineering. Similar to binary ninja.
  4. IDA Pro. Similar to Binary-Ninja and Ghidra.
  5. GDB. Debugging cli tool. Self explanatory if you've taken a UNSW computing course especially COMP2521.

Cryptography

  1. CyberChef. A free tool which has a little of everything.
  2. ZAP. OWASP ZAP is an open-source web application security scanner. It is intended to be used by both those new to application security as well as professionals.
  3. SQL Map. An overpowered open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of database servers.

There is literally so many more tools out there but these are just some of the tools that I have used before and I would recommend. There is also a fantastic website which aims to do the same thing in this article but in more depth. You can check it out here: https://c4pr1c3.github.io/awesome-ctf/