diff options
Diffstat (limited to 'ctf')
-rw-r--r-- | ctf/pwn.md | 9 | ||||
-rw-r--r-- | ctf/web.md | 31 |
2 files changed, 35 insertions, 5 deletions
@@ -1,6 +1,11 @@ # binary exploitation - [pwn.college](https://pwn.college) -- [pwnable.kr](https://pwnable.kr/) -- [how2heap](https://github.com/shellphish/how2heap) +- [ionetgarage](https://io.netgarage.org/), [pwnable.kr](https://pwnable.kr/), [pwnable.tw](https://pwnable.tw), [pwnable.xyz](https://pwnable.xyz)... - [the nightmare book](https://guyinatuxedo.github.io/) +- [how2heap](https://github.com/shellphish/how2heap) + +## tooling + +- [angr](https://angr.io/) +- [z3](https://github.com/Z3Prover/z3), [cvc5](https://cvc5.github.io/), [stp](https://stp.github.io/), [yices2](https://yices.csl.sri.com/): smt solvers @@ -1,5 +1,30 @@ -# Web Security - -## Resources +# web security - [websec.fr](https://websec.fr) + +## tooling + +- devtools +- burp suite +- mitmproxy +- ??? + +## common attacks + +### sqli: sql injection + +### xss: cross-site scripting + +### xxe: external entity injection + +### csrf: cross-site request forgery + +### ssrf: server-side request forgery + +### request smuggling + +### prototype pollution + +## common failures + +### trusting headers |