# NCL (National Cyber League) — Compact Study Notebook
*Prepared for the November 2025 competition*

_Note: Not every item will be completed — balance this with classes and other commitments._

![NCL Categories](NCL_Competition.png)


## Quick Reference Checklist

### Essential Setup
- [ ] Create a Kali Linux or ParrotOS VM
- [ ] Install Wireshark (latest)
- [ ] Create accounts on TryHackMe and HackTheBox
- [ ] Star the GitHub repositories listed in this guide
- [ ] Download sample PCAPs for practice
- [ ] Set up a notes system (Obsidian or Notion recommended)


---
## 1) Open Source Intelligence (OSINT)
Use public sources — search engines, social media, archives, and public repos — to gather context and leads.


### Channels / Videos to Watch
- The Cyber Mentor (OSINT playlists)
- John Hammond (walkthroughs)
- NahamSec (recon techniques)
- SANS DFIR (investigations)


### Helpful GitHub Projects
```
jivoi/awesome-osint
sherlock-project/sherlock
laramies/theHarvester
smicallef/spiderfoot
sundowndev/phoneinfoga
megadose/holehe
```


### Online Tools
- Shodan.io
- Google Dorking
- Wayback Machine
- Maltego (Community)
- Social-Searcher
- "Have I Been Pwned" and TinEye for quick lookups


### Practice Platforms
- OSINT Exercises
- Bellingcat investigation toolkit
- Trace Labs (crowdsourced exercises)


---
## 2) Cryptography
Study classical and modern ciphers, hashing, encoding, and steganography.


### Watch
- Christof Paar (crypto lectures)
- Khan Academy (crypto basics)
- Computerphile (short explainer videos)
- LiveOverflow (CTF crypto)


### Repositories to Bookmark
```
Ganapati/RsaCtfTool
hellman/xortool
mozilla/ssh_scan
```


### Core Topics
- Classical ciphers (Caesar, Vigenère, etc.)
- Modern crypto (AES, RSA)
- Hashes (MD5, SHA family, bcrypt)
- Encoding: Base64, Base32, Hex
- Steganography basics


### Tools & Practice
- CyberChef, Hashcat, John the Ripper, OpenSSL, GPG
- Practice: cryptohack.org, cryptopals.com, PicoCTF


---
## 3) Log Analysis
Learn formats, SIEM basics, and common Windows/Linux event sources.


### Key Skills
- Apache/Nginx logs, Windows Event Logs, Syslog
- SIEM platforms: Splunk, ELK, Graylog
- Windows event IDs: 4624, 4625, 4688, etc.
- Command-line parsing (awk, sed, grep) and PowerShell


### Tools & Resources
- Elasticsearch / Kibana / Logstash
- Graylog, OSSEC, Sigma rules
- Practice: Boss of the SOC, CyberDefenders, LetsDefend


---
## 4) Network Traffic Analysis (Wireshark focus)
_Note: avoid packet captures on public Wi‑Fi._

Wireshark is a competitive edge — prioritize mastering it.

### Prioritized Video Resources
1. Wireshark University
2. Chris Sanders (packet analysis)
3. Laura Chappell (Wireshark expert)


### Wireshark Roadmap (4 weeks)
- Week 1: Install and learn interface and basic protocols (HTTP, DNS, TCP/UDP)
- Week 2: Master display filters and following streams
- Week 3: Statistical analysis and object extraction
- Week 4: Malware traffic, C2 identification, extracting IOCs


### Essential Display Filters (memorize)
```
ip.addr == 192.168.1.1
tcp.port == 80
http.request.method == "POST"
dns.qry.name contains "malware"
tcp.flags.syn == 1
tcp.stream eq 0
```


### Practice PCAP Sources
- malware-traffic-analysis.net
- tcpreplay sample captures
- Wireshark sample captures (wiki)
- markofu/pcaps on GitHub


---
## 5) Scanning
Network discovery, service/version enumeration, and vulnerability scanning techniques.


### Tools to Know
- Nmap, Masscan, Gobuster, Nikto, Dirb
- ProjectDiscovery tools: subfinder, httpx, nuclei
- OWASP Amass for attack-surface mapping


### Techniques
- Port scanning (SYN, connect, UDP)
- Host discovery (ARP, ping sweeps)
- Banner grabbing and service enumeration
- Automated vs manual vulnerability assessment


---
## 6) Forensics
Disk, memory, network, and mobile forensics fundamentals and tools.


### Tools & Topics
- Volatility, SleuthKit, bulk_extractor, plaso
- Autopsy, Binwalk, Foremost, Steghide
- File system analysis, memory capture, timeline reconstruction


---
## 7) Password Cracking
Recognize hash formats, use efficient attack techniques, and learn GPU acceleration basics.


### Hashes & Tools
- Common hashes: MD5, SHA-1, SHA-256, NTLM, bcrypt
- Tools: Hashcat, John the Ripper, SecLists wordlists
- Attack types: dictionary, mask, rule-based, hybrid


---
## 8) Enumeration & Exploitation
Understand enumeration and practice common exploit techniques in a safe lab.


### Key Frameworks
- Metasploit, sqlmap, impacket, LinEnum, PowerSploit
### Vulnerability Categories
- Web, network services, buffer overflows, privilege escalation, binary exploitation


---
## 9) Web Application Security
Focus on OWASP Top 10, Burp Suite, and web exploitation practice.


### Strong Resources
- PortSwigger Web Security Academy (highly recommended)
- DVWA, WebGoat, HackTheBox, TryHackMe


---
## 12-Week Study Plan (Flexible)
**Weeks 1-2:** Foundation + Wireshark Intensive
**Weeks 3-4:** Network + Log Analysis
**Weeks 5-6:** Web Security + Crypto
**Weeks 7-8:** Scanning + Exploitation
**Weeks 9-10:** Forensics + OSINT
**Weeks 11-12:** Integration — full CTF practice and final prep

_Tip: allocate extra time to Wireshark — that was identified as your competitive advantage._

In [None]:
# Pyodide helper notes
# This small cell provides quick guidance when running in a Pyodide environment.
import sys
print('Python version:', sys.version.split()[0])
print('If running in Pyodide, use micropip to install packages, e.g.:')
print("import micropip; await micropip.install('package')  # in an async cell")

def show_checklist_progress():
    """A static helper: replace or extend this with JavaScript interop in a browser-based Pyodide session.
    For now it simply prints a reminder about using the notebook UI to check boxes."""
    print('Use the notebook UI to check boxes and track progress. For advanced state, save to your notes app.')

show_checklist_progress()


---
### Attribution & Next Steps
- Save this notebook in your competition folder.
- Link or embed practice PCAPs and reference images in the same directory for easy access.
- If you want, I can also produce a condensed printable study sheet or convert this notebook into a PDF-ready layout.
