meow

author: JJ 2023-11-24 03:35:03 +0000
committer: JJ 2023-11-24 03:35:03 +0000
commit: 384af43d4220eb93abe06668210c594923fb9a8c (patch)
tree: 3762c806c6034bb1d52d2ecef76bb43f79509298 /ctf
parent: 426d431d03599b65dee1ddffd8923098cbaa79b0 (diff)
2 files changed, 35 insertions, 5 deletions
diff --git a/ctf/pwn.md b/ctf/pwn.md
index 1032833..8a19175 100644
--- a/ctf/pwn.md
+++ b/ctf/pwn.md
@@ -1,6 +1,11 @@
 # binary exploitation
 
 - [pwn.college](https://pwn.college)
-- [pwnable.kr](https://pwnable.kr/)
-- [how2heap](https://github.com/shellphish/how2heap)
+- [ionetgarage](https://io.netgarage.org/), [pwnable.kr](https://pwnable.kr/), [pwnable.tw](https://pwnable.tw), [pwnable.xyz](https://pwnable.xyz)...
 - [the nightmare book](https://guyinatuxedo.github.io/)
+- [how2heap](https://github.com/shellphish/how2heap)
+
+## tooling
+
+- [angr](https://angr.io/)
+- [z3](https://github.com/Z3Prover/z3), [cvc5](https://cvc5.github.io/), [stp](https://stp.github.io/), [yices2](https://yices.csl.sri.com/): smt solvers
diff --git a/ctf/web.md b/ctf/web.md
index 3e40a62..09107d1 100644
--- a/ctf/web.md
+++ b/ctf/web.md
@@ -1,5 +1,30 @@
-# Web Security
-
-## Resources
+# web security
 
 - [websec.fr](https://websec.fr)
+
+## tooling
+
+- devtools
+- burp suite
+- mitmproxy
+- ???
+
+## common attacks
+
+### sqli: sql injection
+
+### xss: cross-site scripting
+
+### xxe: external entity injection
+
+### csrf: cross-site request forgery
+
+### ssrf: server-side request forgery
+
+### request smuggling
+
+### prototype pollution
+
+## common failures
+
+### trusting headers
author	JJ	2023-11-24 03:35:03 +0000
committer	JJ	2023-11-24 03:35:03 +0000
commit	384af43d4220eb93abe06668210c594923fb9a8c (patch)
tree	3762c806c6034bb1d52d2ecef76bb43f79509298 /ctf
parent	426d431d03599b65dee1ddffd8923098cbaa79b0 (diff)