Saturday, March 23, 2002

Miniature digital voice recorder Edic-Mini
The digital voice recorder Edic-Mini is intended to record the voice messages to the built-in FLASH memory. It can play back the stored messages using the earphone or download the messages to the personal computer. Besides it can operate as a "digital diskette" to store and carry over any digital data of up to 16-1024 MB.
Edic-mini is an extremely small (17x57x10 mm) and light (8 g) device. It can store up to 4480 min of voice (much more with Voice Activation System (VAS) enabled), has a high-sensitive built-in microphone (range up to 8 m) and a wide dynamic range. It can continuously record for up to 80 hours or keep the date/time for up to 2 years from a single battery.
Since Edic-Mini has no moving parts it can safely operate in a wide environmental range and without being detected by the special equipment.

Friday, March 22, 2002

Operation Security Network Security Related Links and Tools.
Center for Internet Security
The Center for Internet Security (CIS) is a not-for-profit cooperative enterprise that helps organizations reduce the risk of business and e-commerce disruptions resulting from inadequate security configurations.
CIS members are developing and propagating the widespread application of Security Benchmarks through a global consensus process that brings together industry, government, academia and consultants. CIS Benchmarks enumerate the "When, Why, and How" aspects of technical security configurations across a wide range of operating system platforms and Internet software applications.

The benchmarks are available free of charge to the Internet community via this web site.

Wednesday, March 20, 2002

Honeypotting with VMware
Honeypots are becoming more common as security professionals attempt to conduct more detailed research on current "state of the art" practices among attackers. Honeypots are also invaluable for learning about an attackers motivations, their habits and patterns of behavior. Unfortunately setting up a proper honeypot is a non-trivial task, and correctly configuring network sensors to capture all data, as well as the resulting forensics tasks can be rather daunting. The good news is that there are a number of tools and techniques that can make life much easier for some honeypot administrators.

Tuesday, March 19, 2002

Department of Defense Computer Forensics Laboratory
The Department of Defense Computer Forensics Laboratory (DCFL) provides the community with timely, unbiased evidence examination, analysis and operational support. Teamed with the Department of Defense Law Enforcement and Counterintelligence Community our unique technical expertise and computer solutions ensure information superiority for the War fighter.
The Digital Offense
  • FTP passive connection hijacker

  • RFP's Whisker with SSL support

  • Retrieves the system load from a XDMCP daemon

  • Linux LKM that changes uname() results

  • A chroot jail wrapper for ordinary shells

  • SSL and Proxy enabled IIS 4/5 Unicode Exploit

  • Relays a SQL query through IIS's RDS component

  • Unix command line MS-SQL client

  • Checks for the IIS 4.0/5.0 .ida/.idq heap overflow

  • Determines if a DNS service is available.

  • Upload files via PUT requests.

  • Extremely fast nfs scanner (raw udp)

  • Crashes the Windows 2000 SMTP service.

  • Crashes the Microsoft FTP service.

thc - the hacker's choice
Welcome to the official THC website. THC is a short form for "The Hacker's Choice". THC was founded in 1995 in Germany by a group of people involved in hacking, phreaking and anarchy. Through the years THC was joined by other experts and grew to probably Germany's best hacking group.

The intention of THC is to demonstrate weaknesses in common security solutions that can be found in telecommunication and network services.
On this site you will find software and papers that were released by THC members. They should provide you with knowledge and the ability to check for security problems. We also want to advice you not to use any information or software provided on this site for illegal purposes. Respect the law as we do.
THC is a non-commercial group, every line of code, of text and of this site has been written in our free time. So please excuse any uncomfort, we are trying to give our best every single day.
Forensic Software Sources
This page is a compilation of sites that have been supplied to me, and ones I have found to contain useful sources of forensic software. No endorsement of any kind is made for any of the products found in these sites. These sites are merely compiled here for easy quick reference for those wishing to obtain forensic tools.

Monday, March 18, 2002

Peter Gutmann's Home Page
My research interests cover the design and analysis of security techniques and systems, with a sideline in various obscure security-related areas such as the recovery of deleted data from magnetic media, and whatever else happens to catch my interest.
Security and Encryption Links
Encryption and Security-related Resources. The following are security-related resources (aka "the crypto link farm") that I've found on the net.