Fixed some typos and updated some resources

README.md

@@ -1,13 +1,20 @@
 # CTF-Compendium
 
-> UMass Pentest Club
+## Overview
 
----
+A list of techniques and resources compiled by the UMass Pentest Club meant to serve as lookup table to solutions of CTF problems.
 
-A list of CTF problems, techniques and guides mean to be a lookup table to possible solutions of CTF problems
+## General Resources
 
-## **Cryptography**
+* [Awesome-CTF](https://github.com/apsdehal/awesome-ctf)
 
+    - A curated list of CTF frameworks, libraries, resources, softwares and tutorials. 
+
+* [ctf-tools](https://github.com/zardus/ctf-tools)
+
+    - A collection of setup scripts to install security research tools.
+
+## Cryptography
 
 * Caesar Cipher
 
@@ -86,9 +93,9 @@ A list of CTF problems, techniques and guides mean to be a lookup table to possi
 
 	//TODO
 
-## **Web**
+## Web
 
-* General Tatics
+* General Tactics
 
 	Web exploits are usually able to be classified into three categories
 
@@ -98,11 +105,36 @@ A list of CTF problems, techniques and guides mean to be a lookup table to possi
 
 	- Access Control
 
-* Robots.txt 
+* `robots.txt` 
+
+	When given a website, always check for a `robots.txt` file at the index. You may never know what will be hidden there.
+
+* SQL Injections
 
-	When given a website, always check for a /robots.txt file at the root link. You may never know what will be hidden there.
+	**Classic SQL Injection**
+
+	Often when parsing user input in SQL, the request formed will be something along the lines of: 
+
+	```
+	SELECT author,title,year FROM books WHERE publisher = ‘O’Reilly’ and published=1
+	```
+
+	If the parsing of input is done incorrectly, you can use a ``` ' ``` in a input field and break out of the statement to inject your own code.
+
+	Often an injection will be something along the lines of 
+
+	```
+	admin' OR 1=1--
+	OR 1=1--
+	```
+
+* JSON Web Tokens (JWT)
 
-* Classic Tools
+    //TODO
+
+    Tool: [jwt_tool](https://github.com/ticarpi/jwt_tool)
+
+* Tools
 
 	* [Requests](https://pypi.org/project/requests/2.7.0/)
 
@@ -114,42 +146,50 @@ A list of CTF problems, techniques and guides mean to be a lookup table to possi
 
     * [Burpsuite](https://portswigger.net/burp)
 
-        - Modern tool for analyzing web applications.
+        - Modern tool for analyzing web applications
 
     * [EditThisCookie](http://www.editthiscookie.com/)
 
-        - Open-source web browser extension for editing cookies.
+        - Open-source web browser extension for editing cookies
 
     * [DirBuster](https://tools.kali.org/web-applications/dirbuster)
 
-        - Multi-threaded java application that can use wordlists/brute force to find directories and files on web servers.
+        - Multi-threaded java application that can use wordlists/brute force to find directories and files on web servers
 
-* SQL Injections
-
-	**Classic SQL Injection**
+## Forensics
 
-	Often when parsing user input in SQL, the request formed will be something along the lines of: 
+* Least Significant Bit
 
-	```
-	SELECT author,title,year FROM books WHERE publisher = ‘O’Reilly’ and published=1
-	```
+    //TODO
 
-	If the parsing of input is done incorrectly, you can use a ``` ' ``` in a input field and break out of the statement to inject your own code.
+* Tools
 
-	Often an injection will be something along the lines of 
+    * [stegsolve](https://github.com/zardus/ctf-tools/blob/master/stegsolve/install)
 
-	```
-	admin' OR 1=1--
-	OR 1=1--
-	```
+        - Image steganography tool.
 
-## Forensics
+    * [Sonic Visualizer](https://www.sonicvisualiser.org/)
+
+        - Audio file analysis tool that can be used to extract and visualize data.
 
+    * [binwalk](https://github.com/ReFirmLabs/binwalk)
+
+        - Analyze file formats and extract hidden file formats inside.
 
 ## Reversing
 
-Ghidra is an open-source reverse engineering tool developed by the NSA.
+* Tools
+
+    * [Ghidra](https://www.nsa.gov/resources/everyone/ghidra/) 
+
+        - A powerful open-source reverse engineering tool developed by the NSA.
+
 
 ## Binary Exploitation
 
+* Resources
+
+    * [LiveOverflow's Youtube channel](https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w)
+
+        - Very detailed youtube videos that thoroughly teach and explain many common binary exploitation methods. Heavily recommended especially if you are new to binary exploitation.