Tools

(Page under construction...)

CTF: https://dodcybersentinel.ctfd.io/ Tools I know really well:

• Kali Linux, Wireshark, Nmap, PowerShell, any hex editor, an IDE like PyCharm / VSCode...

  • I prefer Sublime Text: apt-get install sublime-text; subl [filename.py]

    • bit flipper Python script that only works on b64 cookies

• CyberChef - XOR Brute Force recipe

Tools I need to know better:

• Burp Suite Community Edition

  • Meanwhile, there's cURL - modify http headers and related tools

• Ghidra/ IDA/Binary Ninja

• Volatility3 - covered in my SANS Windows Forensics class, it lets you view memory dumps of RAM, but I haven't tried it | article | install | requirements.txt error | update requirements.txt

Tools I've never heard of:

• jwt.io debugger

  • JSON Web Token explained, more

• Impacket - article |

The rest are directory busters: Ffuf, Gobuster, wfuzz (strange that dirb isn't included)

===

JS Nice - good JavaScript deobfuscator, but JS syntax knowledge required to be effective

CacheSleuth - excellent decoder