Tool LKSP Cybersecurity 2024
|
Kategori |
Permasalahan |
Tool yang
Digunakan |
|
Web
Exploitation |
Form
Injection (File Upload) |
Burp Suite,
OWASP ZAP, Postman, Fiddler |
|
|
Session
Injection & Broken Access Control |
Burp Suite,
OWASP ZAP, mitmproxy |
|
|
Business
Logic Error |
Burp Suite,
OWASP ZAP, Postman |
|
|
SQLi |
SQLmap, Burp
Suite, OWASP ZAP, DBeaver |
|
|
Blind SQLi |
SQLmap, Burp
Suite (Intruder) |
|
|
LFI |
Burp Suite,
OWASP ZAP, Nikto |
|
|
RFI |
Burp Suite,
OWASP ZAP, Nikto |
|
|
SSTI |
Burp Suite,
OWASP ZAP |
|
|
XSS |
Burp Suite,
OWASP ZAP, XSStrike |
|
|
SSRF |
SSRFmap, Burp
Suite, OWASP ZAP |
|
|
Object
Deserialization |
Burp Suite,
ysoserial |
|
|
RCE |
Metasploit,
Burp Suite |
|
Binary
Exploitation |
Buffer
Overflow |
GDB,
Pwntools, Radare2, Ghidra, Cutter |
|
|
Integer Overflow/Underflow |
GDB, Radare2,
Cutter |
|
|
Shellcode |
NASM,
Pwntools, GDB, Radare2 |
|
|
Format String |
GDB, Radare2 |
|
|
ROP Chain |
Ropper,
Pwntools, GDB |
|
|
Stack
Pivoting |
Pwntools,
GDB, Radare2 |
|
|
Bypass
Protection (PIE, CANARY, NX, Relro) |
Pwntools,
GDB, Radare2 |
|
Reverse
Engineering |
Run Program
(ELF/EXE) |
Ghidra,
Radare2, IDA Pro, Binary Ninja |
|
|
Strings, Pipe
(|), Grep |
Strings,
grep, xxd |
|
|
Static
Analysis (Reconstruct Algorithm) |
Ghidra, IDA
Pro, Binary Ninja |
|
|
Dynamic
Analysis (Tracing, GDB) |
GDB, ltrace,
strace |
|
|
Assembly
& Bytecodes Translation |
NASM,
objdump, Radare2 |
|
|
Compiled
Programming Language Syntax |
Ghidra, IDA
Pro, Binary Ninja |
|
|
Obfuscation
& Binary Patching |
Ghidra,
Radare2, x64dbg |
|
Forensic |
Steganography |
Steghide,
zsteg, stegsolve |
|
|
Exiftool
& Strings (Metadata) |
ExifTool,
Strings, Binwalk |
|
|
File Carving |
Binwalk,
foremost, photorec |
|
|
Network
Forensic |
Wireshark,
tshark, NetworkMiner |
|
|
OS Forensic |
Volatility,
FTK Imager, Autopsy |
|
|
Malware
Analysis |
Cuckoo
Sandbox, IDA Pro, Ghidra, PEiD, yara |
|
Cryptography |
Classical
Ciphers |
CyberChef,
dCode, Cryptii |
|
|
Attack on RSA |
RsaCtfTool,
SageMath |
|
|
Attack on AES |
Cryptool,
Python libraries (pycryptodome, cryptography) |
|
|
Attack on ECC |
SageMath,
Custom Python scripts |
|
|
Attack on DSA |
SageMath,
RsaCtfTool |
|
|
Hashing |
Hashcat, John
the Ripper, Python (hashlib) |
|
System
Security |
VPN
Connection |
OpenVPN,
WireGuard |
|
|
SSH
Connection |
OpenSSH,
PuTTY |
|
|
CVE Exploit
& Mitigation |
Metasploit,
ExploitDB, SearchSploit |
|
|
Linux-based
OS Administration |
Bash,
Ansible, Docker |
|
|
Event &
Process Monitoring |
ps, top,
htop, lsof, auditd, Splunk |
|
|
Enumeration
(Port Scanning) |
Nmap, Nessus,
OpenVAS |
|
|
Data
Exfiltration |
netcat,
socat, curl |
|
|
Privilege
Escalation |
LinPEAS,
WinPEAS, GTFOBins |
|
|
Firewall
Policy |
iptables, ufw |
|
|
User Account
Policy |
passwd,
useradd, chage |
|
|
Source Code
Review |
Static code
analyzers (SonarQube, Checkmarx) |
|
|
Source Code
Patching |
IDEs (VSCode,
IntelliJ, Eclipse), Git |
