• White Hat Curated CTF Tools: a Github repo containing many commonly used tools for solving CTF challenges.
  • VMware Workstation/Fusion: a powerful virtualization hypervisor program that enables complete Operating System recreation within a virtual environment on a host machine (Download for free from OnTheHub!)
  • Kali Linux: a Debian-based Linux distro containing numerous tools and resources designed for digital forensics and penetration testing.
  • Metasploit Framework: a penetration testing framework written in Ruby and uses numerous modules to create basic and advanced payloads for vulnerability discovery and security awareness and defense.
  • CyberChef: a simple, modular, and intuitive web app for analyzing and decoding data easily and quickly.
  • Radare2: a complete framework for reverse-engineering and analyzing binaries, all designed to be ran from the command-line.
  • GDB: the GNU Project Debugger allows you to debug another program while it is running on a system.
  • ltrace: a Linux debugging utility that displays trace calls made by userspace applications/programs/binaries to shared libraries in order to facilitate reverse-engineering and debugging processes.
  • Burp Suite: a suite of networking tools, useful for capturing and modifying local network packets.
  • Netcat: a computer networking utility to read and write to network connections using TCP or UDP (a helpful cheat sheet from SANS can be found here!)
  • dd: a Linux command-line utility that can convert and copy files between different formats.
  • strings: a Linux command-line utility that prints the printable character sequences that are at least 4 characters long in a format that is easily modifiable and scriptable.
  • binwalk: a tool for searching through binary files for embedded files and executable code.
  • Xortool: a Python tool that performs xor analysis on a given file.

Useful Links

  • CTFtime: the official link to our CTF team! Click to view how we've been doing!
  • Slack: join our Slack to stay up-to-date on our CTF events and communications!
  • OnTheHub: calpoly
  • Cyber Threat Map: a real-time visualization of cyber attacks and malware threats as they are detected by Kaspersky Anti-Virus solutions.
  • ImmersiveLabs Cyber Academy: an online cybersecurity training platform that has a wide range of modules teaching penetration testing skills, reverse engineering skills, CTF-solving techniques, and more! (free access with your Cal Poly email!)
  • OverTheWire Wargames: a series of online CTF-training challenges designed to help you learn and practice security concept (if you haven't done CTFs before, try the Bandit challenges!)
  • VulnHub: a system of challenges stored within virtual machines that allow anyone to gain practical 'hands-on' experience in digital security, computer software & network administration.

Cool Security Books

  • Practical Malware Analysis (PMA): the industry-standard on teaching basic and advanced malware analysis tools and techniques! Highly recommended if you want to learn how to safely analyze malware, reverse engineer, debug, and disassemble malicious software, and more! (applies to Windows-based malware and virus samples)