From 384af43d4220eb93abe06668210c594923fb9a8c Mon Sep 17 00:00:00 2001
From: JJ
Date: Thu, 23 Nov 2023 19:35:03 -0800
Subject: meow

---
 ctf/pwn.md |  9 +++++++--
 ctf/web.md | 31 ++++++++++++++++++++++++++++---
 2 files changed, 35 insertions(+), 5 deletions(-)

(limited to 'ctf')

diff --git a/ctf/pwn.md b/ctf/pwn.md
index 1032833..8a19175 100644
--- a/ctf/pwn.md
+++ b/ctf/pwn.md
@@ -1,6 +1,11 @@
 # binary exploitation
 
 - [pwn.college](https://pwn.college)
-- [pwnable.kr](https://pwnable.kr/)
-- [how2heap](https://github.com/shellphish/how2heap)
+- [ionetgarage](https://io.netgarage.org/), [pwnable.kr](https://pwnable.kr/), [pwnable.tw](https://pwnable.tw), [pwnable.xyz](https://pwnable.xyz)...
 - [the nightmare book](https://guyinatuxedo.github.io/)
+- [how2heap](https://github.com/shellphish/how2heap)
+
+## tooling
+
+- [angr](https://angr.io/)
+- [z3](https://github.com/Z3Prover/z3), [cvc5](https://cvc5.github.io/), [stp](https://stp.github.io/), [yices2](https://yices.csl.sri.com/): smt solvers
diff --git a/ctf/web.md b/ctf/web.md
index 3e40a62..09107d1 100644
--- a/ctf/web.md
+++ b/ctf/web.md
@@ -1,5 +1,30 @@
-# Web Security
-
-## Resources
+# web security
 
 - [websec.fr](https://websec.fr)
+
+## tooling
+
+- devtools
+- burp suite
+- mitmproxy
+- ???
+
+## common attacks
+
+### sqli: sql injection
+
+### xss: cross-site scripting
+
+### xxe: external entity injection
+
+### csrf: cross-site request forgery
+
+### ssrf: server-side request forgery
+
+### request smuggling
+
+### prototype pollution
+
+## common failures
+
+### trusting headers
-- 
cgit v1.2.3-70-g09d2