Web
September 27, 2017 ยท View on GitHub
Collection of free books, papers and articles related to CTF challenges.
How To Get Started In CTF
CTFtime
Hack.lu (2014) Writeups
Web
Cross-site scripting (XSS)
- OWASP - XSS
- OWASP - XSS Filter Evasion Cheat Sheet
- DOM Clobbering
- HTML Markup Injection
- Testing For Reflected XSS
- Testing For Stored XSS
- Testing For DOM-based XSS
Cross-Site Request Forgery (CSRF)
Local File Inclusion (LFI)
Remote File Inclusion (RFI)
SQL-Injection (SQLi)
- OWASP - SQLi
- Testing For SQL Injections
- SQL Backdoors
- Bypassing Modern SQL Injection Security Measures
- 9.6 Comment Syntax
- Cheat Sheets
- [video] Advanced SQL Injection
- [video] Defcon 18 - You Spent All That Money And You Still Got Owned
LDAP Injection
Path Traversal
Cookies
Command Injection
Languages / Databases
Tools
- w3af - Web Application Attack and Audit Framework (Windows/Linux)
- Firefox - Addon Pack (Web Pen Testing)
Practice
Reverse Engineering
Introduction To Reverse Engineering
Obfuscation
Tools
Practice
Crypto
Introduction To Crypto
Tools
Exploitation
Introduction To Exploitation
- The Linux man-pages Project
- Special File Permissions (setuid, setgid and Sticky Bit)
- Linux Users and Groups