From aace46bec6e90eaedf0882975485d79723a24670 Mon Sep 17 00:00:00 2001
From: mathew <mathewhan01@gmail.com>
Date: Mon, 21 Oct 2019 12:39:28 -0400
Subject: [PATCH 1/5] updated README.md

---
 README.md | 46 ++++++++++++++++++++++++++++++++--------------
 1 file changed, 32 insertions(+), 14 deletions(-)

diff --git a/README.md b/README.md
index 218823f..a9d38ce 100644
--- a/README.md
+++ b/README.md
@@ -1,13 +1,10 @@
 # CTF-Compendium
 
-> UMass Pentest Club
+## Overview
 
----
-
-A list of CTF problems, techniques and guides mean to be a lookup table to possible solutions of CTF problems
-
-## **Cryptography**
+A list of techniques and resources compiled by the UMass Pentest Club meant to serve as lookup table to solutions of CTF problems.
 
+## Cryptography
 
 * Caesar Cipher
 
@@ -86,9 +83,9 @@ A list of CTF problems, techniques and guides mean to be a lookup table to possi
 
 	//TODO
 
-## **Web**
+## Web
 
-* General Tatics
+* General Tactics
 
 	Web exploits are usually able to be classified into three categories
 
@@ -98,9 +95,9 @@ A list of CTF problems, techniques and guides mean to be a lookup table to possi
 
 	- Access Control
 
-* Robots.txt 
+* `robots.txt` 
 	
-	When given a website, always check for a /robots.txt file at the root link. You may never know what will be hidden there.
+	When given a website, always check for a `robots.txt` file at the index. You may never know what will be hidden there.
 
 * Classic Tools
 
@@ -114,15 +111,15 @@ A list of CTF problems, techniques and guides mean to be a lookup table to possi
 
     * [Burpsuite](https://portswigger.net/burp)
 
-        - Modern tool for analyzing web applications.
+        - Modern tool for analyzing web applications
 
     * [EditThisCookie](http://www.editthiscookie.com/)
 
-        - Open-source web browser extension for editing cookies.
+        - Open-source web browser extension for editing cookies
 
     * [DirBuster](https://tools.kali.org/web-applications/dirbuster)
 
-        - Multi-threaded java application that can use wordlists/brute force to find directories and files on web servers.
+        - Multi-threaded java application that can use wordlists/brute force to find directories and files on web servers
 
 * SQL Injections
 	
@@ -142,14 +139,35 @@ A list of CTF problems, techniques and guides mean to be a lookup table to possi
 	admin' OR 1=1--
 	OR 1=1--
 	```
+* JSON Web Tokens (JWT)
+
+    [jwt_tool](https://github.com/ticarpi/jwt_tool)
 
 ## Forensics
 
 
 ## Reversing
 
-Ghidra is an open-source reverse engineering tool developed by the NSA.
+* Least Significant Bit
+
+    //TODO
+
+* Resources
+
+    * [Ghidra](https://www.nsa.gov/resources/everyone/ghidra/) 
+        
+        - A powerful open-source reverse engineering tool developed by the NSA.
 
 ## Binary Exploitation
 
+* Resources
+
+    * [LiveOverflow's Youtube channel](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
+
+        - Very detailed youtube videos that thoroughly teach and explain many common binary exploitation methods. Heavily recommended especially if you are new to binary exploitation.
+
+## General Resources
+
+* [Awesome-CTF](https://github.com/apsdehal/awesome-ctf)
 
+    - A curated list of CTF frameworks, libraries, resources, softwares and tutorials. 

From 5898036cc0ecc78bad8a0a518b206ccc8a5a5fa7 Mon Sep 17 00:00:00 2001
From: mathew <mathewhan01@gmail.com>
Date: Mon, 21 Oct 2019 12:41:37 -0400
Subject: [PATCH 2/5] fix typos, added a few items

---
 README.md | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index a9d38ce..c758d1e 100644
--- a/README.md
+++ b/README.md
@@ -141,17 +141,18 @@ A list of techniques and resources compiled by the UMass Pentest Club meant to s
 	```
 * JSON Web Tokens (JWT)
 
-    [jwt_tool](https://github.com/ticarpi/jwt_tool)
-
-## Forensics
+    //TODO
 
+    Tool: [jwt_tool](https://github.com/ticarpi/jwt_tool)
 
-## Reversing
+## Forensics
 
 * Least Significant Bit
 
     //TODO
 
+## Reversing
+
 * Resources
 
     * [Ghidra](https://www.nsa.gov/resources/everyone/ghidra/) 

From 6f8834a1394c32e251dec48798b62a144c9c1d6b Mon Sep 17 00:00:00 2001
From: mathew <mathewhan01@gmail.com>
Date: Mon, 21 Oct 2019 12:50:15 -0400
Subject: [PATCH 3/5] added more resources

---
 README.md | 71 ++++++++++++++++++++++++++++++++++---------------------
 1 file changed, 44 insertions(+), 27 deletions(-)

diff --git a/README.md b/README.md
index c758d1e..7857c03 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,12 @@
 
 A list of techniques and resources compiled by the UMass Pentest Club meant to serve as lookup table to solutions of CTF problems.
 
+## General Resources
+
+* [Awesome-CTF](https://github.com/apsdehal/awesome-ctf)
+
+    - A curated list of CTF frameworks, libraries, resources, softwares and tutorials. 
+
 ## Cryptography
 
 * Caesar Cipher
@@ -99,7 +105,32 @@ A list of techniques and resources compiled by the UMass Pentest Club meant to s
 	
 	When given a website, always check for a `robots.txt` file at the index. You may never know what will be hidden there.
 
-* Classic Tools
+* SQL Injections
+	
+	**Classic SQL Injection**
+
+	Often when parsing user input in SQL, the request formed will be something along the lines of: 
+
+	```
+	SELECT author,title,year FROM books WHERE publisher = ‘O’Reilly’ and published=1
+	```
+
+	If the parsing of input is done incorrectly, you can use a ``` ' ``` in a input field and break out of the statement to inject your own code.
+
+	Often an injection will be something along the lines of 
+
+	```
+	admin' OR 1=1--
+	OR 1=1--
+	```
+
+* JSON Web Tokens (JWT)
+
+    //TODO
+
+    Tool: [jwt_tool](https://github.com/ticarpi/jwt_tool)
+
+* Tools
 
 	* [Requests](https://pypi.org/project/requests/2.7.0/)
 
@@ -121,44 +152,35 @@ A list of techniques and resources compiled by the UMass Pentest Club meant to s
 
         - Multi-threaded java application that can use wordlists/brute force to find directories and files on web servers
 
-* SQL Injections
-	
-	**Classic SQL Injection**
-
-	Often when parsing user input in SQL, the request formed will be something along the lines of: 
+## Forensics
 
-	```
-	SELECT author,title,year FROM books WHERE publisher = ‘O’Reilly’ and published=1
-	```
+* Least Significant Bit
 
-	If the parsing of input is done incorrectly, you can use a ``` ' ``` in a input field and break out of the statement to inject your own code.
+    //TODO
 
-	Often an injection will be something along the lines of 
+* Tools
 
-	```
-	admin' OR 1=1--
-	OR 1=1--
-	```
-* JSON Web Tokens (JWT)
+    * [stegsolve](https://github.com/zardus/ctf-tools/blob/master/stegsolve/install)
 
-    //TODO
+        - Image steganography tool.
 
-    Tool: [jwt_tool](https://github.com/ticarpi/jwt_tool)
+    * [Sonic Visualizer](https://www.sonicvisualiser.org/)
 
-## Forensics
+        - Audio file analysis tool that can be used to extract and visualize data.
 
-* Least Significant Bit
+    * [binwalk](https://github.com/ReFirmLabs/binwalk)
 
-    //TODO
+        - Analyze file formats and extract hidden file formats inside.
 
 ## Reversing
 
-* Resources
+* Tools
 
     * [Ghidra](https://www.nsa.gov/resources/everyone/ghidra/) 
         
         - A powerful open-source reverse engineering tool developed by the NSA.
 
+
 ## Binary Exploitation
 
 * Resources
@@ -167,8 +189,3 @@ A list of techniques and resources compiled by the UMass Pentest Club meant to s
 
         - Very detailed youtube videos that thoroughly teach and explain many common binary exploitation methods. Heavily recommended especially if you are new to binary exploitation.
 
-## General Resources
-
-* [Awesome-CTF](https://github.com/apsdehal/awesome-ctf)
-
-    - A curated list of CTF frameworks, libraries, resources, softwares and tutorials. 

From 3833cb9a2c0b2bc9256f99f9506ef36a9c06448e Mon Sep 17 00:00:00 2001
From: mathew <mathewhan01@gmail.com>
Date: Mon, 21 Oct 2019 12:51:15 -0400
Subject: [PATCH 4/5] added more resources

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index 7857c03..202bbc9 100644
--- a/README.md
+++ b/README.md
@@ -10,6 +10,10 @@ A list of techniques and resources compiled by the UMass Pentest Club meant to s
 
     - A curated list of CTF frameworks, libraries, resources, softwares and tutorials. 
 
+* [ctf-tools](https://github.com/zardus/ctf-tools)
+
+    - A collection of setup scripts to install security research tools.
+
 ## Cryptography
 
 * Caesar Cipher

From 0ddeafaa3a366e4c833ca7d67f12fc066203b635 Mon Sep 17 00:00:00 2001
From: mathew <mathewhan01@gmail.com>
Date: Mon, 21 Oct 2019 12:39:28 -0400
Subject: [PATCH 5/5] fix typos, added a few items

---
 README.md | 94 +++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 67 insertions(+), 27 deletions(-)

diff --git a/README.md b/README.md
index 218823f..202bbc9 100644
--- a/README.md
+++ b/README.md
@@ -1,13 +1,20 @@
 # CTF-Compendium
 
-> UMass Pentest Club
+## Overview
 
----
+A list of techniques and resources compiled by the UMass Pentest Club meant to serve as lookup table to solutions of CTF problems.
 
-A list of CTF problems, techniques and guides mean to be a lookup table to possible solutions of CTF problems
+## General Resources
 
-## **Cryptography**
+* [Awesome-CTF](https://github.com/apsdehal/awesome-ctf)
 
+    - A curated list of CTF frameworks, libraries, resources, softwares and tutorials. 
+
+* [ctf-tools](https://github.com/zardus/ctf-tools)
+
+    - A collection of setup scripts to install security research tools.
+
+## Cryptography
 
 * Caesar Cipher
 
@@ -86,9 +93,9 @@ A list of CTF problems, techniques and guides mean to be a lookup table to possi
 
 	//TODO
 
-## **Web**
+## Web
 
-* General Tatics
+* General Tactics
 
 	Web exploits are usually able to be classified into three categories
 
@@ -98,11 +105,36 @@ A list of CTF problems, techniques and guides mean to be a lookup table to possi
 
 	- Access Control
 
-* Robots.txt 
+* `robots.txt` 
+	
+	When given a website, always check for a `robots.txt` file at the index. You may never know what will be hidden there.
+
+* SQL Injections
 	
-	When given a website, always check for a /robots.txt file at the root link. You may never know what will be hidden there.
+	**Classic SQL Injection**
+
+	Often when parsing user input in SQL, the request formed will be something along the lines of: 
+
+	```
+	SELECT author,title,year FROM books WHERE publisher = ‘O’Reilly’ and published=1
+	```
+
+	If the parsing of input is done incorrectly, you can use a ``` ' ``` in a input field and break out of the statement to inject your own code.
+
+	Often an injection will be something along the lines of 
+
+	```
+	admin' OR 1=1--
+	OR 1=1--
+	```
+
+* JSON Web Tokens (JWT)
 
-* Classic Tools
+    //TODO
+
+    Tool: [jwt_tool](https://github.com/ticarpi/jwt_tool)
+
+* Tools
 
 	* [Requests](https://pypi.org/project/requests/2.7.0/)
 
@@ -114,42 +146,50 @@ A list of CTF problems, techniques and guides mean to be a lookup table to possi
 
     * [Burpsuite](https://portswigger.net/burp)
 
-        - Modern tool for analyzing web applications.
+        - Modern tool for analyzing web applications
 
     * [EditThisCookie](http://www.editthiscookie.com/)
 
-        - Open-source web browser extension for editing cookies.
+        - Open-source web browser extension for editing cookies
 
     * [DirBuster](https://tools.kali.org/web-applications/dirbuster)
 
-        - Multi-threaded java application that can use wordlists/brute force to find directories and files on web servers.
+        - Multi-threaded java application that can use wordlists/brute force to find directories and files on web servers
 
-* SQL Injections
-	
-	**Classic SQL Injection**
+## Forensics
 
-	Often when parsing user input in SQL, the request formed will be something along the lines of: 
+* Least Significant Bit
 
-	```
-	SELECT author,title,year FROM books WHERE publisher = ‘O’Reilly’ and published=1
-	```
+    //TODO
 
-	If the parsing of input is done incorrectly, you can use a ``` ' ``` in a input field and break out of the statement to inject your own code.
+* Tools
 
-	Often an injection will be something along the lines of 
+    * [stegsolve](https://github.com/zardus/ctf-tools/blob/master/stegsolve/install)
 
-	```
-	admin' OR 1=1--
-	OR 1=1--
-	```
+        - Image steganography tool.
 
-## Forensics
+    * [Sonic Visualizer](https://www.sonicvisualiser.org/)
+
+        - Audio file analysis tool that can be used to extract and visualize data.
 
+    * [binwalk](https://github.com/ReFirmLabs/binwalk)
+
+        - Analyze file formats and extract hidden file formats inside.
 
 ## Reversing
 
-Ghidra is an open-source reverse engineering tool developed by the NSA.
+* Tools
+
+    * [Ghidra](https://www.nsa.gov/resources/everyone/ghidra/) 
+        
+        - A powerful open-source reverse engineering tool developed by the NSA.
+
 
 ## Binary Exploitation
 
+* Resources
+
+    * [LiveOverflow's Youtube channel](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
+
+        - Very detailed youtube videos that thoroughly teach and explain many common binary exploitation methods. Heavily recommended especially if you are new to binary exploitation.