Thursday, April 25, 2002

Security Toolbox
The Security Toolbox is a collection of freeware tools related to Windows security. The tools are not based on anybody elses source code, and we will not give away the code or give explainations of how the tools are built, so please don't send any mails asking for either - we will ignore all such mails. Also, please note that using some of these tools against systems without permission from the system owner(s) may be illegal in your country! Although some of these tools can be used by unethical attackers we hope that these tools will do more good than bad overall.

Wednesday, April 24, 2002

Technology Pathways=
Welcome to the Technology Pathways Resource Center. In this area you will find documents we feel are beneficial to the computer security community.

Tuesday, April 23, 2002

Forensic Acquisition Utilities
This is a collection of utilities and libraries intended for forensic or
forensic-related investigative use in a modern Microsoft Windows
environment. The components in this collection are intended to permit
the investigator to sterilize media for forensic duplication, discover
where logical volume information is located and to collect the evidence
from a running system while at the same time guaranteeing data integrity (e.g. with a cryptographic checksum) and while minimizing changes to the subject system.
wepcrack
WEPCrack is a tool that cracks 802.11 WEP encryption keys using the latest discovered weakness of RC4 key scheduling.
AirSnort
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered.
ELZA
The ELZA is a scripting language aimed at automating requests on web pages. Scripts written in ELZA are capable of mimicing browser behavior almost perfectly, making it extremely difficult for remote servers to distinguish their activity from the activity generated by ordinary users and browsers. This gives those scripts the opportunity to act upon servers that will not respond to requests generated using netcat, rebol, telnet or similar tool.
TMAP
We have developed a CAPI based telephone network mapper (wardialer + more), that is capable of detecting analog peers as well as digital peers. We have released a non-commercial version that is free for personal use.

Monday, April 22, 2002

RING
The Intranode Research Team presents a new operating system detection method, based on temporal response analysis. As a proof of concept, we release the open source tool called RING – for Remote Identification Next Generation.
Basic Steps in Forensic Analysis of Unix Systems
Instead of being a "cookbook" that you follow, consider this a collection of techniques that a chef uses to construct a fabulous and unique gourmet meal. Once learned, you'll discover there are plenty more steps than just those listed here.
Explore2fs
Explore2fs, the WIN32 explorer for Linux ex2fs partitions.
Honeypots
Just released, Honeyd. Honeyd is a OpenSource solution that can emulate thousands of computers at the same time. It can also emulate different operating system types, at both the application and IP stack level.
BUILDING A JUMP KIT

This document describes how to make a 'jump kit' for investigating Linux systems that are potentially compromised.

Sunday, April 21, 2002

Free NT Security Tools
Fortunately there are a few third party utilities that we can use with NT to make our life easier and help answer some of the questions. I believe that it is very important for us NT Administrators to be aware of these programs. They can certainly make securing our networks easier and they have the added benefit of being free. That is right they are free. Now there is no excuse for any of us not to download these programs and learn how to use them.