• White Hat Curated CTF Tools: a Github repo containing many commonly used tools for solving CTF challenges.
  • VMware Workstation/Fusion: a powerful virtualization hypervisor program that enables complete Operating System recreation within a virtual environment on a host machine (Download for free from OnTheHub!)
  • Kali Linux: a Debian-based Linux distro containing numerous tools and resources designed for digital forensics and penetration testing.
  • Metasploit Framework: a penetration testing framework written in Ruby and uses numerous modules to create basic and advanced payloads for vulnerability discovery and security awareness and defense.
  • CyberChef: a simple, modular, and intuitive web app for analyzing and decoding data easily and quickly.
  • Radare2: a complete framework for reverse-engineering and analyzing binaries, all designed to be ran from the command-line.
  • GDB: the GNU Project Debugger allows you to debug another program while it is running on a system.
  • LLDB: a reimplementation of GDB targeted at LLVM-based systems, useful for debugging on macOS (also has a nicer UI than GDB).
  • ltrace: a Linux debugging utility that displays trace calls made by userspace applications/programs/binaries to shared libraries in order to facilitate reverse-engineering and debugging processes.
  • Burp Suite: a suite of networking tools, useful for capturing and modifying local network packets.
  • Netcat: a computer networking utility to read and write to network connections using TCP or UDP (a helpful cheat sheet from SANS can be found here!)
  • dd: a Linux command-line utility that can convert and copy files between different formats.
  • strings: a Linux command-line utility that prints the printable character sequences that are at least 4 characters long in a format that is easily modifiable and scriptable.
  • binwalk: a tool for searching through binary files for embedded files and executable code.
  • Xortool: a Python tool that performs xor analysis on a given file.

Useful Links

  • White Hat's Github: the source code for this website! (Please submit all bugs/feature requests as issues here!!) Our Github account also contains many other cool projects and links that we're working on, highly recommended to check out!
  • CTFtime: the official link to our CTF team! Click to view how we've been doing!
  • Slack: join our Slack to stay up-to-date on our CTF events and communications!
  • OnTheHub: calpoly
  • Cyber Threat Map: a real-time visualization of cyber attacks and malware threats as they are detected by Kaspersky Anti-Virus solutions.
  • ImmersiveLabs Cyber Academy: an online cybersecurity training platform that has a wide range of modules teaching penetration testing skills, reverse engineering skills, CTF-solving techniques, and more! (free access with your Cal Poly email!)
  • OverTheWire Wargames: a series of online CTF-training challenges designed to help you learn and practice security concepts (if you haven't done CTFs before, try the Bandit challenges!)
  • MicroCorruption: an embedded-system CTF, super good for learning the basics of assembly and practicing reverse-engineering/debugging!
  • VulnHub: a system of challenges stored within virtual machines that allow anyone to gain practical 'hands-on' experience in digital security, computer software, and network administration.

Cool Security Books

  • Practical Malware Analysis (PMA): the industry-standard on teaching basic and advanced malware analysis tools and techniques! Highly recommended if you want to learn how to safely analyze malware, reverse engineer, debug, and disassemble malicious software, and more! (applies to Windows-based malware and virus samples)
  • The Tangled Web: explains the methods behind how browsers work, where their flaws are, and how to design and implement web applications designed with modern security features.
  • The Web Application Hacker's Handbook: a great resource on discovering, exploiting, and preventing web application security flaws! This book goes through different techniques for attacking and defending web applications, including how to utilize cross-domain integration techniques, UI redress, HTTP parameter pollution, and more!