ctf-forensics

Solid

Provides digital forensics and signal analysis techniques for CTF challenges. Use when analyzing disk images, memory dumps, event logs, network captures, cryptocurrency transactions, steganography, PDF analysis, Windows registry, Volatility, PCAP, Docker images, coredumps, side-channel power traces, DTMF audio spectrograms, packet timing analysis, CD audio disc images, or recovering deleted files and credentials.

Data & Documents 2,227 stars 274 forks Updated 4 weeks ago MIT

Install

View on GitHub

Quality Score: 97/100

Stars 20%
100
Recency 20%
90
Frontmatter 20%
70
Documentation 15%
100
Issue Health 10%
50
License 10%
100
Description 5%
100

Skill Content

# CTF Forensics & Blockchain Quick reference for forensics CTF challenges. Each technique has a one-liner here; see supporting files for full details. ## Prerequisites **Python packages (all platforms):** ```bash pip install volatility3 Pillow numpy matplotlib ``` **Linux (apt):** ```bash apt install binwalk foremost libimage-exiftool-perl tshark sleuthkit \ ffmpeg steghide testdisk john pcapfix ``` **macOS (Homebrew):** ```bash brew install binwalk exiftool wireshark sleuthkit ffmpeg \ testdisk john-jumbo ``` **Ruby gems (all platforms):** ```bash gem install zsteg ``` ## Additional Resources - [3d-printing.md](3d-printing.md) - 3D printing forensics (PrusaSlicer binary G-code, QOIF, heatshrink) - [windows.md](windows.md) - Windows forensics (registry, SAM, event logs, recycle bin, NTFS alternate data streams, USN journal, PowerShell history, Defender MPLog, WMI persistence, Amcache) - [network.md](network.md) - Network forensics basics (tcpdump, TLS/SSL keylog decryption, TLS master key extraction from coredump, Wireshark, PCAP, port scanning, SMB3 decryption, 5G/NR protocols, WordPress recon, credentials, USB HID steno, BCD encoding, HTTP file upload exfiltration, split archive reassembly via timestamp ordering) - [network-advanced.md](network-advanced.md) - Advanced network forensics (packet interval timing encoding, USB HID mouse/pen drawing recovery, NTLMv2 hash cracking, TCP flag covert channel, DNS last-byte steganography, DNS trailing byte binary encoding...

Details

Author
ljagiello
Repository
ljagiello/ctf-skills
Created
3 months ago
Last Updated
4 weeks ago
Language
Python
License
MIT

Integrates with

Docker · Infrastructure WordPress · CMS

Similar Skills

Semantically similar based on skill content — not just same category

AI & Automation Listed

ctf-forensics

Use when solving CTF forensics challenges — disk images, memory dumps, PCAPs, log analysis, file carving, deleted file recovery, NTFS/ext4 artifacts. Triggers on "ctf forensics", "memory dump", "pcap analysis", "disk image", "file carving", "log forensics".

6 Updated today
26zl
Data & Documents Solid

ctf-malware

Provides malware analysis and network traffic techniques for CTF challenges. Use when analyzing obfuscated scripts, malicious packages, custom crypto protocols, C2 traffic, PE/.NET binaries, RC4/AES encrypted communications, YARA rules, shellcode analysis, memory forensics for malware (Volatility malfind, process injection detection), anti-analysis techniques (VM/sandbox detection, timing evasion, API hashing, process injection, environment checks), or extracting malware configurations and indicators of compromise.

2,227 Updated 4 weeks ago
ljagiello
Code & Development Solid

ctf-osint

Provides open source intelligence techniques for CTF challenges. Use when gathering information from public sources, social media, geolocation, DNS records, username enumeration, reverse image search, Google dorking, Wayback Machine, Tor relays, FEC filings, or identifying unknown data like hashes and coordinates.

2,227 Updated 4 weeks ago
ljagiello
AI & Automation Solid

ctf-crypto

Provides cryptography attack techniques for CTF challenges. Use when attacking encryption, hashing, signatures, ZKP, PRNG, or mathematical crypto problems involving RSA, AES, ECC, lattices, LWE, CVP, number theory, Coppersmith, Pollard, Wiener, padding oracle, GCM, key derivation, or stream/block cipher weaknesses.

2,227 Updated 4 weeks ago
ljagiello
AI & Automation Solid

ctf-misc

Provides miscellaneous CTF challenge techniques for problems that do not cleanly fit the main categories. Use for encoding puzzles, pyjails, bash jails, RF/SDR, DNS oddities, unicode tricks, esoteric languages, QR or audio puzzles, constraint solving, game theory, unusual sandbox escapes, and hybrid logic puzzles. Prefer a more specific skill first when the challenge is mainly web, pwn, reverse, forensics, malware, OSINT, or crypto. Treat this as the fallback skill for genuine cross-category or edge-case challenges, not the default starting point.

2,227 Updated 4 weeks ago
ljagiello