Tool Recommendations for Email CTF

I have received a few questions on tool recommendations for the CTF. I will list some suggestions below—with a focus on free, open-source, or low-cost tools where available.

The below list covers the challenges we have released so far. I will keep adding tools if needed as we post new challenges.

Text Editor

I strongly recommend using a capable text editor. My favorite is UltraEdit. Other good options are Sublime Text, Atom, or Visual Studio Code possibly with some MIME syntax highlighters.

Conversions

I recommend using CyberChef for date and format conversions.

MAPI

When working with MSGs and PSTs, you can use MFCMAPI or OutlookSpy with Outlook.

General Metadata Extraction

You will likely need a general-purpose tool that can extract embedded files, file metadata, etc. Good candidates are X-Ways, Autopsy, or perhaps ExifTool or MetaDiver when you don’t feel like pulling out the big guns.

PDF Deep Dive

When you encounter PDFs, you will likely need a deep dive tool to look into them in detail. You can use PDF CanOpener (with Acrobat), PDF Stream Dumper, pdf-parser.py, etc.

Compound File Binary Format

You may find OffVis and Structured Storage Viewer helpful when working with files in Compound File Binary Format.

API Calls

Postman is your friend here.

DKIM and ARC Verification

You can use dkimpy for DKIM and ARC verification. Note its limitations if/when you need to use it in real cases.