This website provides reference documentation of the AVR instruction set, which is used for Arduino boards. More information is contained in the AVR Assembler documentation.

The cloud version of binary ninja allows free reversing in the cloud. It has a real-time collaboration feature.

Binary Refinery is a collection of Python scripts for transforming data. It is similar in concept to CyberChef but runs locally. For example, Binary Refinery supports base64 or hex transformations, hash data, or packing values into binary.

The repository contains an archive of many CTF challenges of the last years. This is a good resource when trying to find old challenges or learn exploit techniques based on write-ups.

CInsects is a German CTF team. They collect resources of tool, tutorials, and documentation around CTF tools and exploitation.

The website offers an interactive tool to encode and encrypt data. It presents a visual pipeline through which the data travels, being transformed in each step. It is conceptually similar to CyberChef, but with a focus on encryption.

The CyberChef is a website which provides many recipes and makes it easy to combine them. The recipes are small input/output steps, similar to UNIX tools, and cover a large area of topics, like data formats, encoding, encryption, networking, hashing, compression, etc. The main use case is making it easier in CTFs to chain simple operations together, like processing encoded text.

The website provides a playable archive of old DEFCON challenges. The challenges are tagged by category and by original CTF.

The files are available on GitHub.

The website publishes a new CTF challenge every day.

Debin is a tool to predict the debug information of stripped binaries. It only works reliable with C programs, as this is the only dataset it was trained on. It might be useful to use the website for jeopardy CTFs.

Depix allows reverting pixelization and recover the original text. It works for pixelated images created using linear box filters. The recovery process is not always perfect, but good enough to produce readable text.

Dogbolt is an online interactive decompiler explorer. A binary can be uploaded and the decompiled C-like output of multiple decompilers compared. The website collects all uploaded binaries, so be wary of which files to upload. The big advantage of the website is having so many available decompilers (angr, Binary Ninja, Boomerang, Ghidra, IDA Pro, REC Studio, Reko, RetDec, Snowman). A downside is that no alterations to the decompilation are possible, for example, to provide function signatures.

Driftnet watches network traffic, and picks out and displays JPEG and GIF images for display.

Ghidra software reverse engineering (SRE) framework and IDA Pro alternative.

The Godbolt compiler explorer allows the user to compile a function and see the corresponding assembly code. It can highlight matching parts in the language and assembly, making it easy to understand how individual expressions are compiled. It supports common languages like C, C++, Go, Rust. Furthermore, it can also work with assembler and LLVM IR.

Another nice feature is, that it can show statistics about assembler code, like needed cycles, instructions, and which resources the instructions need. This uses the LLVM Machine Code Analyzer.

John the Ripper is THE tool to brute force passwords and password hashes. It is very fast in calculating hashes with support of GPU acceleration and supports a wide range of different hash formats.

These websites provided an overview of the Linux systemcall interface by listing the syscall numbers, their meanings, and their arguments.

• https://syscalls.mebeim.net/
  • x86, ARM, MIPS, all in 32-bit and 64-bit
  • Kernel versions v4.0 up to current
• https://blog.rchapman.org/posts/Linux_System_Call_Table_for_x86_64/
  • x64
• https://filippo.io/linux-syscall-table/
  • x64
• https://syscalls64.paolostivanin.com/
  • x64
• https://thevivekpandey.github.io/posts/2017-09-25-linux-system-calls.html
  • x64

The website features a large list of default passwords found in routers and IoT devices. The data is sorted by manufacturer and can be searched.

The OWASP Amass tool suite obtains subdomain names by scraping data sources, recursive brute forcing, crawling web archives, permuting/altering names and reverse DNS sweeping. Additionally, Amass uses the IP addresses obtained during resolution to discover associated net blocks and ASNs. All the information is then used to build maps of the target networks.

Website allowing assembly and disassembly of x86 and x64 code.

These websites have access to large rainbow tables and allow quick access to known weak hashes.

• https://crackstation.net/

Over The Wire provides with the wargames many different challenges, to learn exploitations of different things. There are different wargames based on skill and required tooling. In each level, the user has to retrieve a flag to proceed to the next level.

The repo contains a curated list of various ways to perform privilege escalation. It is sorted by different attack vectors.

The website provides a generator for quickly configuring a reverse shell. After entering an IP address and port number, the website shows code snippets for many languages. It also provides the option to create bind shells or use the metasploit framework.

The RsaCtfTool is a tool supporting working with RSA keys. The main focus lies in a wide range of known attacks which are implemented and easy to use with it. This makes it suitable for CTFs, especially Jeopardies.

Sometimes it is necessary to run Docker containers for a different CPU architecture. This Docker container makes it possible to run other Docker containers with a different architecture. It works by using binfmt_misc, a Linux kernel feature to run files with interpreters, and installs QEMU binaries for different architectures.

This software analyzes the formats of given files and outputs RDF description of their contents. It offers the following features:

• Format Extraction: Supports over 50 different formats including common media formats, archives, executables, and documents.
• Rich Metadata: Collects rich metadata, including common file properties and format-specific properties such as image dimensions.
• Hashing: Computes hashes using various algorithms to describe and identify the data.
• RDF Encoding: Encodes all the extracted information in RDF using common vocabularies found on the semantic web.
• Serialization: Allows saving the resulting RDF in one of the many RDF serialization formats.
• SPARQL Support: Provides the ability to use SPARQL to extract information or data using the processed RDF.

The software comes as an online version and as an installable and downloadable version.

The website offers a large variety of crypto implementations which can be tested. It is helpful to solve unknown crypto challenges during CTFs. It is similar in concept to the CyberChef, but only for crypto.

The GitHub repository collects CVEs and proof-of-concept (PoC) exploits for them. It is a good resource to play around with sample exploits.

A curated list of vulnerable apps and systems which can be used as a penetration testing practice lab. This list aims to help starters as well as pros to test out and enhance their penetration skills.

The website offers an interactive tool to encode and encrypt data. It is based around blocks performing individual operations. These blocks can then pull or push their input/outputs from variables. This allows chaining them together to achieve more complex operations It is conceptually similar to CyberChef, but with a focus on encryption.

angr is a python framework for analyzing binaries. It combines both static and dynamic symbolic ("concolic") analysis, making it applicable to various tasks.

Binwalk is a binary file analysis tool. It works by traversing a file and looking for potentially embedded files. These embedded files can also be extracted.

dnsteal provides a fake DNS server and encodes a file into a series of DNS requests. The fake DNS server then reassembles the file. This can be used to hide the file exfiltration as DNS traffic, however, since it doesn't use the default DNS server it is quite noisy.

This repo is for learning various heap exploitation techniques. We use Ubuntu's Libc releases as the gold-standard. Each technique is verified to work on corresponding Ubuntu releases. You can run apt source libc6 to download the source code of the Libc you are using on Debian-based operating system. You can also click ⏵ to debug the technique in your browser using gdb.

Besides the heap exploitation examples the repo also contains references to helpful tools and further information about heap exploitation.

Online interface to find a libc database by function offsets. They are powered by the libc-database repository.

• https://libc.blukat.me/
• https://libc.rip/

preeny helps pwning binaries by disabling many annoying functions, such as random or alarm. It does so by providing different LDPRELOAD-able libraries for those library functions.

pwntools is one of THE Python tools needed during a CTF. It is useful for both jeopardy and attack-defense CTFs. It provides common abstractions, like connecting to a local or remote program, and simplifying I/O. Additionally, it provides helpers for many exploitation techniques, such as ROP, shellcode, and leaking memory.

This is a tcpdump-like program for printing TLS SNI and HTTP/1.1 Host fields in live or captured traffic.

These websites provide reference documentation of the x86 instruction set:

• https://kernfunny.org/x86/ / https://c9x.me/x86/
• https://www.felixcloutier.com/x86/index.html
  • Linked from Godbolt
• http://ref.x86asm.net/coder.html
  • It provides an index for single- and double-byte opcodes based on the bytes