SANS Holiday Hack 2015 Resources and Tools

Resources and Tools

(I don't check these, so I cannot guarantee that they don't contain malware.  I am not responsible for your information or machine if you decide to visit these sites.  I use VM's on a host machine that I do not use for anything other than challenges.  I also have this on a separate network from my normal devices.)

Counter Hack Team-Thanks, without your wisdom, I would never have been able to solve most of this challenge.
Kali
SIFT
CentOS Binwalk Scapy-rdpcap Python
Bless Hex Editor
Burp Suite (free version)
https://www.google.com
https://cyberchallenge.com.au/pdf/CySCA2014_Network_Forensics.pdf https://en.wikipedia.org/wiki/SquashFS http://unix.stackexchange.com/questions/94270/how-to-install-squashfs-tools-on-ubuntu http://stackoverflow.com/questions/3470546/python-base64-data-decode
https://www.shodan.io/
http://www.opinionatedgeek.com/dotnet/tools/base64decode/ https://ssodelta.wordpress.com/2014/01/06/image-secrecy-and-xor/ http://stackoverflow.com/questions/8504882/searching-for-a-way-to-do-bitwise-xor-on-images https://pen-testing.sans.org/blog
https://gist.github.com/joswr1ght/32f241d7d4074ec5e26b (colorful directory display) http://blog.commandlinekungfu.com/2009/04/episode-21-finding-locating-files.html http://blog.commandlinekungfu.com/2011/04/episode-142-xml-in-shell.html http://www.openwall.com/john/
http://hashcat.net/oclhashcat/
https://www.holidayhackchallenge.com/2015/giyh-capture.pcap https://www.holidayhackchallenge.com/2015/giyh-firmware-dump.bin
http://binwalk.org/ https://www.sans.org/reading-room/whitepapers/testing/exploiting-embedded-devices-34022 http://blog.commandlinekungfu.com/ http://www.amazon.com/Ready-Player-One-Ernest-Cline-ebook/dp/B004J4WKUQ/ https://www.sans.org/security-resources/sec560/netcat_cheat_sheet_v1.pdf https://github.com/OpenRCE/sulley
https://github.com/jfoote/exploitable
http://www.coresecurity.com/files/attachments/StackGuard.pdf https://penturalabs.wordpress.com/2011/03/31/vulnerability-development-buffer-overflows-how-to- bypass-full-aslr/
https://gist.github.com/joswr1ght/a45d000ceaccf4cce6cb
http://expressjs.com/
https://hackerone.com/reports/7779 http://pen-testing.sans.org/blog/2015/12/03/nosql-no-problem-pillaging-mongodb-for-fun-and-profit http://portswigger.net/ (Burpsuite) http://www.thegeekstuff.com/2010/11/strings-command-examples/
https://www.wireshark.org/ http://www.packetstan.com/2010/11/packet-payloads-encryption-and-bacon.html

https://media.blackhat.com/bh-us-11/Sullivan/BH_US_11_Sullivan_Server_Side_WP.pdf http://s1gnalcha0s.github.io/node/2015/01/31/SSJS-webshell-injection.html http://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb.html https://pen-testing.sans.org/blog/2015/12/20/pen-testing-node-js-staying-n-sync-can-make-the-server- go-bye-bye-bye