# SIGINT FAQ Resources Collection of Resources and Practice sites, that helped us in learning about cybersecurity. This list is based on our experience. ## How to use this? My recommendation would be to stick to 1 thing first and try to get as far as you can on it, before moving on to next link. Don't be Overwhelmed. This is purely a collection. If you are beginner, start with the ones marked **beginner**. If you have any questions, feel free to reach out to a member in committee or ask in the relevant chat. We are always happy to help out :D. ## Cryptography Tools you will need is sagemaths, pycrytodome Luckily, this docker comes with all the tooling you need https://github.com/cryptohack/cryptohack-docker ### Resources https://cryptohack.gitbook.io/cryptobook/ My favourite Crypto writeups authors: https://jsur.in/ https://rkm0959.tistory.com/ http://affine.group/writeups (Hellman, absolute cryptography god, his writeups are very technical, very high level crypto ) https://blog.cryptohack.org/ ### Practice https://cryptohack.org/ (beginner;Highly Recommended, best way to learn and gold community, Goes literally from zero to hero; if you stick with it) https://www.root-me.org/ (there are some good crypto challs here with resources) https://picoctf.org/ (How I got started with crypto - thrypuro) https://www.cryptopals.com/ (Old/outdated but a gem) ## Pwn ### Resources YouTube series focused on binary exploitation, made for beginners https://www.youtube.com/playlist?list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN Free course (registration required) on C-style software vulnerabilities, exploitation is not a focus of the course https://p.ost2.fyi/courses/course-v1:OpenSecurityTraining2+Vulns1001_C-derived+2022_v1/course/ Repository containing a large number of GLIBC heap attacks, not the best for learning heap pwn but good as a reference https://github.com/shellphish/how2heap ### Practice Good for beginners, starts very basic https://overthewire.org/wargames/narnia/ ~~100s of similar challenges if you're a masochist~~ https://dojo.pwn.college/ (hehe) 💀 - babyshell, babymem, babyrev are good (beginner friendly) First few challenges are not realistic pwn, but builds understanding of low-level architecture and debugging techniques https://pwnable.xyz/ Haven't tried this myself but seems good https://pwnable.kr/ ## Rev ### Resources ### Practice ## Web ### Resources https://github.com/swisskyrepo/PayloadsAllTheThings/ (Payloads for all kinds of known vulnerabilities, reverse shells, etc... very useful as a reference) ### Practice https://picoctf.org/ https://overthewire.org/wargames/natas/ https://www.root-me.org/ (has a lot of web challs) ## Full pwn (Box hacking) Tools you'll likely need: kali linux/parrotOS, nmap, burp suite, gobuster/ffuf, linPEAS/winPEAS, chisel, and most importantly, google ### Resources https://www.youtube.com/ippsec (Walkthroughs of retired HTB boxes) https://blog.harmj0y.net/ (Active Directory attacks explained) https://gtfobins.github.io/ (SUID binaries, uncommon tools to break out of restricted shells, etc) https://github.com/swisskyrepo/PayloadsAllTheThings/ Good Writeups: https://0xdf.gitlab.io/ ### Practice https://www.hackthebox.com/ (start from easy boxes + any CTFS organized by HackTheBox may have box hacking too) htb alternatives : https://www.pentesterlab.com/ (heard from someone from cr0wn who does web this is good, paid tho :skull:) https://tryhackme.com/ ## Blockchain/Smart-Contract Security ### Resources https://cmichel.io/how-to-become-a-smart-contract-auditor/ ### Practice https://www.damnvulnerabledefi.xyz/ (difficult, but also somewhat beginner friendly) https://ctf.paradigm.xyz/challenges (Difficult not for beginners) https://capturetheether.com/ (i think the testnet this is hosted on, doesnt work) Solidity practice : https://cryptozombies.io/