Hacking Pratice

Hacking Practice¶

Introduction to topics:
Intro to Security

Beginners Practice¶

• Development CTFs
• Beginners Quest from Google CTF
• A cybersecurity competition for high schoolers.
  https://www.tryhackme.com/hacktivities

Binary Exploitation Practice¶

• Pwnable.tw
• OverTheWire
• SmashTheStack
• Gracker
• The Exploit Series from VulnHub
• Pwnable.xyz

Reverse Engineering/CrackMe Practice¶

• Keygen Challenges
• NetGarage.io
• Reverse Engineering challenges
• ReverseMe CTF List

ARM¶

• Very vulnerable ARM application

Embedded¶

• MicroCorruption: Embedded Binary exploitation

Vulnerable VMs¶

• Pentesterlab
• Many CTF VMs

Metasploitable¶

Metasploitable3 Linux and Windows
Metasploit Vulnerability Emulator

Multiple Topics:

Hack This Site
Rootme
RingZer0 Team Online CTF

Web Exploitation¶

Web Security Academy
https://websec.fr/
- HackerOne

• Web Hacking Korean
• Web Sec
• Insecure API
• OWASP NodeGoat
• Hack Yourself First
• bWAPP

Java¶

Java Deseralization

XSS¶

• XSS Game

JWT¶

• http://demo.sjoerdlangkemper.nl/jwtdemo/rs256.php
• http://demo.sjoerdlangkemper.nl/jwtdemo/hs256.php
• https://pentesterlab.com/

Cloud¶

AWS¶

http://flaws2.cloud/
http://flaws.cloud/

Operating System Exploitation¶

• HackTheBox
• Root Me
• CTF 365
• CyberSec Labs
• Security Scenario Generator: Make your own CTF
• Attack and Defend systems

Windows¶

• Windows Powershell Hacking
• The HackSys Extreme Vulnerable Driver (HEVD) is a Windows Kernel driver that is intentionally vulnerable. It has been developed for security researchers and enthusiasts to improve their skills in kernel-level exploitation.

Cryptography Practice¶

• The Matasano Crypto Challenges
• MysteryTwister C3
• Beginner to Actual Challenges

Crypto-Currency CTFs¶

• Damn Vulnerable DeFi is the wargame to learn offensive security of DeFi smart contracts in Ethereum.

Ethereum Challenges¶

https://ethernaut.openzeppelin.com/
https://github.com/OpenZeppelin/ethernaut

Mobile¶

DIVA Android - Damn Insecure and vulnerable App for Android
Damn Vulnerable iOS App (DVIA)
https://github.com/OWASP/MSTG-Hacking-Playground

Android¶

Tools:
https://github.com/MobSF/Mobile-Security-Framework-MobSF
https://github.com/xtiankisutsa/MARA_Framework
https://github.com/linkedin/qark/
https://github.com/abhi-r3v0/Adhrit
https://github.com/chaitin/passionfruit
https://github.com/ac-pm/Inspeckage
https://github.com/nightwatchcybersecurity/truegaze

Training:
https://github.com/oversecured/ovaa

Info:
https://github.com/vaib25vicky/awesome-mobile-security
https://bitbucket.org/secure-it-i/android-app-vulnerability-benchmarks/src/master/

Hardware¶

• RHme+ 2015
• RHme+ 2016
• RHme+ 2017

Firmware¶

https://github.com/scriptingxss/IoTGoat

CTFs¶

247ctf Hack Boxes
http://captf.com/
https://github.com/ctfs
https://chall.stypr.com/
http://shell-storm.org/repo/CTF/
List of CTFs
COBOL CTF

Modern¶

• Plad CTF
• Order of the Overflow
• Realworld CTF
• CSAW
• CCCAC

Wireless¶

Bluetooth¶

• A Bluetooth low energy capture the flag
• Advanced: Bluetooth low energy capture the flag

Resources¶

Papers¶

Phrack

Network¶

Cuckoo’s Egg Decompiled : The Cuckoo’s egg is a book by Cliff Stoll about how he investigated one of the first known cybersecurity attacks in the 80s. This training, Developed by Chris Sanders, is available for free as an entry-level course for those who are exploring information security and want an introduction to various security concepts. Disclosure: Chris Sanders runs networkdefense.io, the platform that my training is hosted on.

Open Security Training : Open security training has been around for a good long while, and is a solid resource full of information security specific training. While the changelog hasn’t been updated since 2015, a lot of the materials available here are still very much relevant and useful.

• Now what ? - Offensive Red Team

• Active Directory Security Pratices

Forensics/Operations¶

Real Digital Forensic

NSM and Intrusion Detection : This is a small (45 pages) PDF Introducing students to NSM concepts such as passive collection, netflow, full packet capture, and IDS/IPS technology. The majority of the content teaches readers how the open-source IDS/IPS platforms Snort and Suricata work — specifically their rule syntax, and how to interpret IDS/IPS alerts from both platforms. Disclosure: I am the author of this material.

Malware Traffic Analysis—Training Exercises : Malware Traffic Analysis is, as the name of the site implies, a website dedicated to the analysis of malware and the collection of network artifacts that malware leaves behind. The maintainer of the website has a collection of exercises with alerts, packet captures and quiz questions to help you gain a better understanding of Incident Response, Hunting for malware and/or Network Forensics.

Cyber Kill Chain : Lockheed Martin researched, developed (and patented, can’t forget that) a methodology for describing how organized attackers operate to achieve their goals on target networks. While a lot of what Lockheed Martin has written about the killchain is marketing fluff, the phases of an attack is a kernel of truth that is extremely valuable. Understanding the kill chain, attacker motivations and actions that they take to achieve their goals is important for threat intelligence. In most cases, when attackers progress through the kill chain to achieve their goals, they leave evidence of their passing. This evidence can become IOCs or indicators of compromise that can be used to enhance detection and interrupt or at least seriously degrade attacker capabilities and progress. If threat intelligence is something you’re interested in, I’d recommend getting familiar with the kill chain.

Mitre ATT&CK and RedCanary Atomic Red Team : Mitre ATT&CK (shorthand for Adversarial Tactics, Techniques, and Common Knowledge) is a resource that, like the Cyber Kill Chain, describes general actions that attackers take when they are attempting to achieve objectives against a target network. Actions such as Initial Access, Execution, Persistence, Privilege Escalation, etc. The key difference between the kill chain and ATT&CK is that the Mitre’s framework takes things a step further by attempting to enumerate specific methods that are used to achieve a generation action. For example, the Initial Access action might include the method spearphishing, or the exploitation of a public-facing application. The ATT&CK matrix is a value information security addition for the red team to give them ideas on how to progress through a network, as well as for the blue team to determine how to develop detections and/or mitigations that may defeat or provide visibility when particular methods are used. Redcanary developed a tool called “Atomic Red Team” that can be used to enumerate different methods described in the ATT&CK framework.

Reverse Engineering¶

Reverse Engineering for Beginners : This resource is a book by Dennis Yurichev designed to introduce students to reverse engineering.

Ghidra:
https://wrongbaud.github.io/posts/ghidra-training/
https://hackaday.io/course/172292-introduction-to-reverse-engineering-with-ghidra

Exploitation¶

RPISEC MBE : Rensselaer Polytechnic Institute published materials for a class titled “Modern Binary Exploitation”. The class teaches vulnerability research, reverse engineering, and binary exploitation.

Learning Embedded Systems with Arduino : This is another resource I was made aware of by @DamskyIrena. This workshop provides an introduction to hardware hacking and embedded systems utilizing the Arduino embedded platform. This training is provided by Dafna Mordechai

MISP Training Materials : MISP is a fantastic platform for recording and sharing information about malware threats. The folks at circl Luxembourg have provided a ton of free training materials centered around getting the most out of the platform.