Capture The Flag

Tools

Web

Burpsuite

Web Proxy + Spider + Everything

nmap

SQL Injection detector/exploiter tool

sqlmap

SQL Injection detector/exploiter tool

Dirbuster(-ng)

Enumerates URLs using wordlists, such as index.php, .htaccess, etc.

Reversing

GDB

THE linux debugger

IDA

THE windows debugger

X64debug

The open-source windows debugger

AFL American Fuzzy Lop

Really smart fuzzing tool

Checksec

See binary file protections in use (PIE, NX, etc.)

Python pwn library

Handling bytecode in python

Stego

binwalk

Extract files inside of other files

StegHide

Hide and extract files from images

Audacity

A few good visualizations of audio files (frequency analyzer)

Guides

PHP

XSS

Ideas (Ran out of things to try?)

Web

Dirbuster

XSS

PNG/javascript Polyglot?

Writeups

H4CK1T 2016

450 - Suspicious AVI

Challenge data: avi.avi

CSAW 2016

50 - Sleeping Guard

Writeup