A simple ruby API/library for managing NVD CVE feeds. The API will help you to download and manage NVD Data Feeds, search for CVEs, build your vulnerability assessment platform or vulnerability database.
Flask Session Cookie Decoder/Encoder
A simple python script that let you encode and decode a Flask session cookie.
RABID
A CLI tool and library allowing to simply decode all kind of BigIP cookies.
HAITI
A CLI tool to identify the hash type of a given hash.
ctf-party
A library to enhance and speed up script/exploit writing for CTF players (or security researchers, bug bounty hunters, pentesters but mostly focused on CTF) by patching the String class to add a short syntax of usual code patterns.
itdis
Is a small tool that allows you to check if a list of domains you have been provided is in the scope of your pentest or not.
XSS classification model - Types of Cross-Site Scripting
Challenges
Men in black box
A web challenge that was available during SigSegV1 CTF (2018). It was a Boolean-based Blind SQLi with WAF.
Sensory Domination Droid
A programming challenge that was available during SigSegV1 CTF (2018). It was an IRC bot, the goal was to parse private IRC messages.
Fat
A web challenge that was available during SigSegV2 CTF (2019). It was a Slim SSTI combined with a Sinatra/Rack session cookie forgery.
Image Checker 1
A web challenge that was available during SigSegV2 CTF (2019). It was a XXE OOB via SVG rasterization and a local file read.
Image Checker 2
A web challenge that was available during SigSegV2 CTF (2019). It was a XXE OOB via SVG combined with a SSRF port scan and a SSRF localhost bypass.
10 questions about my system
A forensics challenge that was available during SigSegV2 CTF (2019). It was a Volatility profile creation and 10 basic questions on the memory dump.
Une porte peut en cacher une autre
A web challenge that was available during SigSegV2 CTF (2019). It was a b374k.php webshell with c99 style PHP backdoor authentication bypass.
noraj secret zone
A web/misc/reverse/network challenge that was available during SigSegV2 CTF (2019). It was an eepsite (I2P website) containing obfuscated JavaScript.
The long way
A misc challenge that was available during SigSegV2 CTF (2019). It was a extra long file path on exFAT FS, scripting was mandatory to retrieve the whole path.
Drugs: crack & hash
A cracking challenge that was available during SigSegV2 CTF (2019). Password hash cracking with custom dictionary/wordlist. There were 10 hashes to crack.
Matz 2.3
A reverse challenge that was available during SigSegV2 CTF (2019). Ruby bytecode reverse engineering/disassembly making use of RubyVM class.