nemesis packet injection tool-suite
Nemesis attacks directed through fragrouter could be a most powerful combination for the system auditor to find security problems that could then be reported to the vendor(s), etc
Friday, April 12, 2002
Cryptix
Cryptixtm is an international volunteer effort to produce robust, open-source cryptographic software libraries. Cryptix products are free, both for commercial and non-commercial use and are being used by developers all over the world. Development is currently focused on Java.
Cryptixtm is an international volunteer effort to produce robust, open-source cryptographic software libraries. Cryptix products are free, both for commercial and non-commercial use and are being used by developers all over the world. Development is currently focused on Java.
event log monitor for windows nt 2000 xp
EventReporter monitors Windows NT / 2000 / XP event logs and reports via syslog or email. Always know what is going on in your network. Automated monitoring helps detect problems before they manifest. If you own few server, email monitoring is probably best. For a larger number of servers, we recommend a centralized log via syslog. Syslog servers are available for Windows, Unix, Linux and other operating systems.
EventReporter monitors Windows NT / 2000 / XP event logs and reports via syslog or email. Always know what is going on in your network. Automated monitoring helps detect problems before they manifest. If you own few server, email monitoring is probably best. For a larger number of servers, we recommend a centralized log via syslog. Syslog servers are available for Windows, Unix, Linux and other operating systems.
Port Listing
PORT NUMBERS
The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.
The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151
The Dynamic and/or Private Ports are those from 49152 through 65535
PORT NUMBERS
The port numbers are divided into three ranges: the Well Known Ports,
the Registered Ports, and the Dynamic and/or Private Ports.
The Well Known Ports are those from 0 through 1023.
The Registered Ports are those from 1024 through 49151
The Dynamic and/or Private Ports are those from 49152 through 65535
LNX-BBC
Welcome to the LNX-BBC project. The LNX-BBC is a mini Linux-distribution, small enough to fit on a CD-ROM that has been cut, pressed, or molded to the size and shape of a business card.
LNX-BBCs can be used to rescue ailing machines, perform intrusion post-mortems, act as a temporary workstation, install Debian, and perform many other tasks that we haven't yet imagined.
Welcome to the LNX-BBC project. The LNX-BBC is a mini Linux-distribution, small enough to fit on a CD-ROM that has been cut, pressed, or molded to the size and shape of a business card.
LNX-BBCs can be used to rescue ailing machines, perform intrusion post-mortems, act as a temporary workstation, install Debian, and perform many other tasks that we haven't yet imagined.
Snake Oil Warning Signs:Encryption Software to Avoid
Good cryptography is an excellent and necessary tool for almost anyone. Many good cryptographic products are available commercially, as shareware, or free. However, there are also extremely bad cryptographic products which not only fail to provide security, but also contribute to the many misconceptions and misunderstandings surrounding cryptography and security.
Why ``snake oil''? The term is used in many fields to denote something sold without consideration of its quality or its ability to fulfill its vendor's claims. This term originally applied to elixirs sold in traveling medicine shows. The salesmen would claim their elixir would cure just about any ailment that a potential customer could have. Listening to the claims made by some crypto vendors, ``snake oil'' is a surprisingly apt name.
Superficially, it is difficult to distinguish snake oil from the Real Thing: all encryption utilities produce garbled output. The purpose of this document is to present some simple ``red flags'' that can help you detect snake oil.
For a variety of reasons, this document does not mention specific products or algorithms as being ``good'' or ``snake oil.''
Good cryptography is an excellent and necessary tool for almost anyone. Many good cryptographic products are available commercially, as shareware, or free. However, there are also extremely bad cryptographic products which not only fail to provide security, but also contribute to the many misconceptions and misunderstandings surrounding cryptography and security.
Why ``snake oil''? The term is used in many fields to denote something sold without consideration of its quality or its ability to fulfill its vendor's claims. This term originally applied to elixirs sold in traveling medicine shows. The salesmen would claim their elixir would cure just about any ailment that a potential customer could have. Listening to the claims made by some crypto vendors, ``snake oil'' is a surprisingly apt name.
Superficially, it is difficult to distinguish snake oil from the Real Thing: all encryption utilities produce garbled output. The purpose of this document is to present some simple ``red flags'' that can help you detect snake oil.
For a variety of reasons, this document does not mention specific products or algorithms as being ``good'' or ``snake oil.''
Thursday, April 11, 2002
IT Security Cookbook
This book is intended as a 'self help' guide to computer & network security, primarily for security managers, programmers and system administrators.
This book is intended as a 'self help' guide to computer & network security, primarily for security managers, programmers and system administrators.
CORE IMPACT
CORE IMPACT is a revolutionary risk assessment product developed to professionalize the Penetration Testing practice.
Although critical to security risk assessment, Penetration Testing has to date been a very manual effort requiring the use of disparate tools and informal knowledge. CORE IMPACT professionalizes the Penetration Testing process, automating many of the tasks required to deliver superior assessment results.
CORE IMPACT provides a comprehensive framework for performing Penetration Tests, making it possible to define and enforce a methodology, drastically increase productivity, reduce errors and leverage knowledge and expertise gained through successive engagements. This product revolutionizes the practice and elevates it to the new standards of quality required by today's organizations.
CORE IMPACT is a revolutionary risk assessment product developed to professionalize the Penetration Testing practice.
Although critical to security risk assessment, Penetration Testing has to date been a very manual effort requiring the use of disparate tools and informal knowledge. CORE IMPACT professionalizes the Penetration Testing process, automating many of the tasks required to deliver superior assessment results.
CORE IMPACT provides a comprehensive framework for performing Penetration Tests, making it possible to define and enforce a methodology, drastically increase productivity, reduce errors and leverage knowledge and expertise gained through successive engagements. This product revolutionizes the practice and elevates it to the new standards of quality required by today's organizations.
Outpost Firewall
FREE! Outpost Firewall is the most feature-packed Personal Firewall for Windows in the world. It gives peace of mind from any threats by Cookies, Ads, E-mail viruses, Backdoors, Spyware, Crackers, Adware and virtually every other Internet danger. This is the first firewall that supports plug-ins so its capabilities can easily be extended.
FREE! Outpost Firewall is the most feature-packed Personal Firewall for Windows in the world. It gives peace of mind from any threats by Cookies, Ads, E-mail viruses, Backdoors, Spyware, Crackers, Adware and virtually every other Internet danger. This is the first firewall that supports plug-ins so its capabilities can easily be extended.
Wednesday, April 10, 2002
Evidence Eliminator
Deletes a lot of temporary files. I wonder how safe the deletion is (wiping or deleting is a big difference!).
Are You Being Watched?
How private is your PC data? Thanks to the proliferation of Internet worms and hardware and software spying tools, the erosion of loyalty between corporations and their employees, and the 9/11 disaster (which has caused many to value security over privacy and civil rights), the likelihood is greater than ever that your computer is reporting your every move to a suspicious spouse, a government agency, an employer, or the entire world. In this article, we'll cover the most prevalent spying hardware and software and explain how it can be used, abused, and detected.
How private is your PC data? Thanks to the proliferation of Internet worms and hardware and software spying tools, the erosion of loyalty between corporations and their employees, and the 9/11 disaster (which has caused many to value security over privacy and civil rights), the likelihood is greater than ever that your computer is reporting your every move to a suspicious spouse, a government agency, an employer, or the entire world. In this article, we'll cover the most prevalent spying hardware and software and explain how it can be used, abused, and detected.
Design Of A Default Redhat Server 6.2 Honeypot
The following paper is a description of how I have designed and implemented a honeypot system. The paper describes how the honeypot is used to capture data in layers using different techniques. The aim of the honeypot is to discover the techniques and tactics used by blackhats (hackers) to compromise computer systems.
Firewall Tester
The Firewall Tester consists of two perl scripts, the client part (ftest) and the listening sniffer (ftestd). The client injects custom packets, defined in ftest.conf, with a signature in the data part while the daemon listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the 'connection spoofing' option. A script called freport is also available for automatically parse the log files.
The Firewall Tester consists of two perl scripts, the client part (ftest) and the listening sniffer (ftestd). The client injects custom packets, defined in ftest.conf, with a signature in the data part while the daemon listens for such marked packets. The scripts both write a log file which is in the same form for both scripts. A diff of the two produced files (ftest.log and ftestd.log) shows the packets that were unable to reach the sniffer due to filtering rules if these two scripts are ran on hosts placed on two different sides of a firewall. Stateful inspection firewalls are handled with the 'connection spoofing' option. A script called freport is also available for automatically parse the log files.
Blade
BLADE Software is the leading provider of Internet Security Application Testing Tools (ISATT), we provide IT Security Professionals with the products to independently check their security infrastructure and to validate the effectiveness of those defenses.
BLADE Software is the leading provider of Internet Security Application Testing Tools (ISATT), we provide IT Security Professionals with the products to independently check their security infrastructure and to validate the effectiveness of those defenses.
A look at whisker's anti-IDS tactics
Anti-Intrusion Detection System (IDS) tactics were one of the original key features of my whisker web scanner. The goal of any anti-IDS tactic is to mutate a request so much that the ID systems will get confused, but the web server will still be able to understand it, hence the subtitle "just how bad can we ruin a good thing?"
This paper is aimed at explaining the thought process and implementation behind various anti-IDS tactics whisker uses to avoid web scan detection. While I specifically have ID systems in mind, this also applies to monitors, sniffers, log parsers and anything else trying to interpret web traffic and/or requests. The methods, analysis and theories presented within this document can also be applied to other protocols and concepts--however, HTTP is my focus due to the implementation of whisker.
Anti-Intrusion Detection System (IDS) tactics were one of the original key features of my whisker web scanner. The goal of any anti-IDS tactic is to mutate a request so much that the ID systems will get confused, but the web server will still be able to understand it, hence the subtitle "just how bad can we ruin a good thing?"
This paper is aimed at explaining the thought process and implementation behind various anti-IDS tactics whisker uses to avoid web scan detection. While I specifically have ID systems in mind, this also applies to monitors, sniffers, log parsers and anything else trying to interpret web traffic and/or requests. The methods, analysis and theories presented within this document can also be applied to other protocols and concepts--however, HTTP is my focus due to the implementation of whisker.
Access Data
AccessData has been a leader in password recovery and applied cryptography since 1987. Since that time, AccessData has developed a trusted relationship with the Federal Government, state and local law enforcement, and corporate America.
To help keep government agencies and corporate security departments up to date with current computer forensic technology, AccessData has developed new forensic software and training seminars to help both the novice and expert computer specialists. Now your forensic team can gain access to AccessData's years of knowledge and experience.
Tuesday, April 09, 2002
Microsoft Baseline Security Analyzer
Microsoft has created a new tool, the Microsoft Baseline Security Analyzer (MBSA), to analyze Windows systems for common security misconfigurations. Version 1.0 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000 and Windows XP systems and will scan for missing hotfixes and vulnerabilities in the following products: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and XP.
Microsoft has created a new tool, the Microsoft Baseline Security Analyzer (MBSA), to analyze Windows systems for common security misconfigurations. Version 1.0 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows 2000 and Windows XP systems and will scan for missing hotfixes and vulnerabilities in the following products: Windows NT 4.0, Windows 2000, Windows XP, Internet Information Server (IIS) 4.0 and 5.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000 and XP.
Hack In The Box
Hack In The Box is designed to facilitate discussions on security related topics, create security awareness, and to try and provide a comprehensive database of security knowledge and resources to the public. We aim to make HITB a single place, or community on the INternet where people and corporations can go to find security information and the latest news from the underground as well as from the computer technology sectors.
The site provides access to security links and resources, including news, books, mailing lists, tools, products and security services as well.
The staff at hackinthebox.org is committed to stimulation discussion between users and computer professionals to help Keep Knowledge Free. We hope you will find these resources useful.
Monday, April 08, 2002
14th Annual Computer Security Incident Handling Conference
The annual FIRST Conference is the only event of its kind. It focuses on the field of computer security incident handling and response. In recognition of the global spread of computer networks and the common problems faced by computer owners, the conference is held in different parts of the world. The presentations are international in scope and include the latest in incident response and prevention, vulnerability analysis, and computer security. Additionally, these events serve as the foundation for the improvement of computer security worldwide via the sharing of goals, ideas, and information.
The annual FIRST Conference is the only event of its kind. It focuses on the field of computer security incident handling and response. In recognition of the global spread of computer networks and the common problems faced by computer owners, the conference is held in different parts of the world. The presentations are international in scope and include the latest in incident response and prevention, vulnerability analysis, and computer security. Additionally, these events serve as the foundation for the improvement of computer security worldwide via the sharing of goals, ideas, and information.
Solving the Perfect Computer Crime
While the perfect computer crime is one that, by definition, will not be discovered, heightened awareness of cyber security has helped law enforcement keep up with the technologies and tactics used to compromise computers, networks and databases.
But cyber cops still struggle with such issues as the international reach of the Internet, an increasing number of combined threats and a wide spectrum of legal hurdles.
Sunday, April 07, 2002
remote-expoit.org
http://www.remote-exploit.org has finaly become to life. This website is mostly a platform to give something back to the community. All the texts, tools, links that we collect or will collect in the future will be collected in here if it's possible. The people behind remote-exploit.org are some in security interrested individuals that found each other :-) you all know what i mean i guess. Some may say we are just freaks...but hey...lets freakout! We try to bring exclusives when possible and try to bring some :-) and light into the dark world of hacking and security.
http://www.remote-exploit.org has finaly become to life. This website is mostly a platform to give something back to the community. All the texts, tools, links that we collect or will collect in the future will be collected in here if it's possible. The people behind remote-exploit.org are some in security interrested individuals that found each other :-) you all know what i mean i guess. Some may say we are just freaks...but hey...lets freakout! We try to bring exclusives when possible and try to bring some :-) and light into the dark world of hacking and security.
Subscribe to:
Posts (Atom)
