WCSC@USF - New Members

New Members

Woops! You've reached an old version of our site. Please clear your browser cache. The new site can be found here.

Official Membership Requirements

To be an official member of WCSC, you need to:

Be an enrolled student at University of South Florida.

For the following steps, use your @mail.usf.edu email

2. Register in Bullsync; then sign the Ethics Statement.

3. Join the Mailing List.

4. Join our Slack Group.

Hacker Culture Readings

Hacker's Manifesto

How To Become a Hacker

So, you want to work in security?

Getting into Security Engineering

Virtualization

Get familiar with virtualization by installing Linux in a VM.

Installing Ubuntu on VirtualBox Guide.

Learn Linux

If you're a complete beginner, try CodeAcademy's command line tutorial.

Once you know the basics, complete the Bandit Wargame.

General CTF Resources

LiveOverflow—YouTube channel with lots of videos about CTFs.

Github CTFs Writeups—Links to writeups for almost every CTF challenge out there.

Below are some resources divided by security topics:

General

Learning Resources

Trail of Bits CTF Field Guide

Useful Tools

Zardus's CTF Tools—Setup scripts for commonly used security tools

Kali Linux—Linux distro aimed at penetration

Parrot—Another (and some argue better) linux distro for pentesting

Awesome CTF—A curated list of tools useful for CTFs

Reverse Engineering

Learning Resources

Vortex—Binary exploitation wargame.

Murmus CTF—YouTube live streams of binary challenges and techniques.

microcorruption—Embedded security CTF.

Useful Tools

pwntools—A Python library built for CTFs.

GDB—The GNU Debugger.

PEDA—Extensions for GDB that assists with exploit development and reverse engineering.

Binary Ninja—Easy to use disassembler.

radare2—Debugger/Disassembler. Powerful, but it has a steep learning curve.

angr—Symbolic/concolic execution framework. Dynamic analysis tool

Web Application Security

Learning Resources

OWASP Top 10—The Ten Most Critical Web Application Security Risks.

HackThisSite.org—Web focused challenges.

Live SQL Injection Trainer—Easily practice basic SQL injection.

WebGoat—Web application with many flaws that you can practice on.

Useful Tools

Burp Suite—A graphical tool for testing Web application security.

Postman—A browser plugin to analyze/construct web requests

EditThisCookie—View and edit web cookies

Nessus—A vulnerability scanner.

Crypto

Learning Resources

Kyrpton—Crypto wargame.

Useful Tools

PyCrypto—Python cryptography module.

Black Chamber—Browser tools for solving simple crypto challenges.

RsaCtfTool—Break weak RSA keys

xortool—Analyze multi-byte XOR ciphers

Forensics

Learning Resources

13Cubed—This channel covers information security-related topics including Digital Forensics and Incident Response (DFIR) and Penetration Testing.

Useful Tools

Wireshark—Network protocol analyzer

binwalk—Binary analysis tool

Veles—Binary data visualizer

NetworkMiner—Network forensics analysis tool

Steganography

Learning Resources

Wikipedia

steghide—Hide binary data in JPEG, BMP, WAV and AU files

stegsolve—Analyze image for common steganographic patterns