Problem Area | Resource/Tool | Notes |
---|---|---|
OSINT | Hack Control | Has links to a scary amount of information gathering tools. |
OSINT | NCL Twitter/Cyber Kat's Website and Cyber Kat's Twitter | In the past hints and even required parts of challenges have been found here |
OSINT | Sherlock | Useful for finding online/social accounts |
OSINT | QRazyBox | Good QR code reconstruction tool |
Cryptography | CyberChef | Good general purpose cyber tool |
Cryptography | Cryptii | Site with various cipher operations |
Cryptography | DCode | Site with some cipher's. Is in French though. |
Cryptography | Stego-Tools | Docker container loaded with stenography tools. |
Cryptography | Digital Invisible Ink Toolkit | Stenography tool commonly used in NCL |
Cryptography | Boxentriq | Useful for identifying ciphers |
Password Cracking | hashes.com | Figure out what type of hash you have |
Password Cracking | Crackstation | Good for quickly checking if it is something really common. |
Password Cracking | Rainbow Tables | Another online rainbow table |
Password Cracking | Hashcat | Password 'recovery' utility |
Password Cracking | Mask Processor | Useful for generating custom wordlists |
Password Cracking | Cracken | Wordlist generation tool. Supposedly faster than mask processor. |
Password Cracking | Seclists | Useful wordlists |
Network Traffic Analysis | Wireshark | Useful for capturing and analyzing network traffic |
Wireless Access Exploitation | Aircrack-ng | For collecting and cracking wireless passwords |
Enumeration and Exploitation | Ghidra | Awesome tool for reverse engineering compiled binaries. WARNING! Made by the NSA, suggest running this one in a virtual machine. |
Enumeration and Exploitation | Strings Command | Useful for finding hardcoded strings inside of a binary. |
Enumeration and Exploitation | Radare2 | reverse engineering toolset |
Enumeration and Exploitation | uncompyle6 | Python decompiler |
Enumeration and Exploitation | ILSpy | Incredibly useful .NET decompiler |
Forensics | Autopsy | Useful tool for when you need to examine a system for deleted or hidden information. |
Scanning | Nmap | Use this for detecting machines, ports, services, and operating systems on a network. |
Scanning | Feroxbuster | Website directory scanner. Feels a little more modern than its counterparts dirbuster and gobuster |
Web Application Exploitation | wpscan | Useful for discovering plugins and users on Wordpress sites. |
Web Application Exploitation | Wappalyzer | Useful for getting the general technology stack a website is running with. |
Web Application Exploitation | sqlmap | A SQL injection tool |
- developer tools (inspect element), curl, wget
- remember to check for robots.txt and .git
- sql injections
- Github may have repositories under fake (or even official) NCL accounts
Feel free to message me on resource or tips you'd like to see in here!