summaryrefslogtreecommitdiff
path: root/ctf
diff options
context:
space:
mode:
Diffstat (limited to 'ctf')
-rw-r--r--ctf/pwn.md9
-rw-r--r--ctf/web.md31
2 files changed, 35 insertions, 5 deletions
diff --git a/ctf/pwn.md b/ctf/pwn.md
index 1032833..8a19175 100644
--- a/ctf/pwn.md
+++ b/ctf/pwn.md
@@ -1,6 +1,11 @@
# binary exploitation
- [pwn.college](https://pwn.college)
-- [pwnable.kr](https://pwnable.kr/)
-- [how2heap](https://github.com/shellphish/how2heap)
+- [ionetgarage](https://io.netgarage.org/), [pwnable.kr](https://pwnable.kr/), [pwnable.tw](https://pwnable.tw), [pwnable.xyz](https://pwnable.xyz)...
- [the nightmare book](https://guyinatuxedo.github.io/)
+- [how2heap](https://github.com/shellphish/how2heap)
+
+## tooling
+
+- [angr](https://angr.io/)
+- [z3](https://github.com/Z3Prover/z3), [cvc5](https://cvc5.github.io/), [stp](https://stp.github.io/), [yices2](https://yices.csl.sri.com/): smt solvers
diff --git a/ctf/web.md b/ctf/web.md
index 3e40a62..09107d1 100644
--- a/ctf/web.md
+++ b/ctf/web.md
@@ -1,5 +1,30 @@
-# Web Security
-
-## Resources
+# web security
- [websec.fr](https://websec.fr)
+
+## tooling
+
+- devtools
+- burp suite
+- mitmproxy
+- ???
+
+## common attacks
+
+### sqli: sql injection
+
+### xss: cross-site scripting
+
+### xxe: external entity injection
+
+### csrf: cross-site request forgery
+
+### ssrf: server-side request forgery
+
+### request smuggling
+
+### prototype pollution
+
+## common failures
+
+### trusting headers