Sunday, March 18, 2012

Proceed With Caution

http://www.sc.rr.com/rrhelp/spyware.htm


www.rootkit.com


securityresponse.symantec.com


http://onecare.live.com


www.pandasecurity.com


www.ca.com/us/anti-virus.aspx


vil.nai.com/vil/default.aspx


HKLM\software\microsoft\windows\currentversion\run\firewall-service.exe


www.immunitysec.com


www.megasecurity.org/trojans/a/aphex/Afx_win_rootkit2003.html


www.megasecurity.org/trojans/h/hackerdefender/Hackerdefender1.00.html


rootkit detector  ( http://www.security.nnov.ru/soft)


www.forensics.nl/tools


www.cybersnitch.net/tucofs


NTI Technologies (www.forensics-intl.com)


"Encase" (www.guidancesoftware.com)


EFF= Electronics Frontier Foundation


Privoxy (http://www.torproject.org/download.html.en)


ProxyChains (http://www.proxychains.sourceforge.net)


http://www.dest-unreach.org/socat/


website mirroring tools
(http://www.gnu.org/software/wget/wget.html) / unix


Teleport Pro (http://www.tenmax.com) / windows


www.peoplesearch.com


www.snakeoillabs.com


Site Digger 2.0 (www.foundstone.com)


wikto 2.0 (http://www.sensepost.com/research/wikto)


http://www.faqs.org


www.iana.org


www.icann.org


Country Code Domain Name Supporting Organizations (CCNSO)
(http://www.ccnso.icann.org)


Port Numbers: ( www.iana.org/assignments/port-numbers)


whois.iana.org/index.cgi


www.allwhois.com


http://www.uwhois.com


www.internic.net/whois.html


www.samspade.org  (http://preview.samspade.org/ssw/)


NetScan Tools Pro = www.nwpsw.com


http://ws.arin.net


www.apnic.net


ws_ping pro pack:  (www.ipswitch.com)


http://packetstormsecurity.nl


http://www.linux-mag.com/2001-11/bind9_01.html


traceroute  (ftp://ftp.ee.lbl.gov/traceroute)


ftp.cerias.purdue.edu/pub/tools/unix/netutils/traceroute/old


VisualRoute ( http://www.visual-route.com )


tcp traceroute ( http://michael.toren.net/code/tcptraceroute )


http://www.ussrback.com/unix/loggers/rr.gz (log incoming traceroute requests)


http://evgenii.rudnyi.ru/soft/sid/sid.txt


nmap.org


http://www.ietf.org/rfc/rfc0793.txt


http://www.insecure.org/nmap


http://ntsecurity.nu


http://project.honeynet.org


http://cheops-ng.sourceforge.net


http://code.google.com/p/dnsenum


labfarce.org


www.cymru.com/documents/secure-bind-template.html


www.rootsecure.net/content/downloads/pdf/dns_cache_snooping.pdf


www.microsoft.com/technet/security/tools/urlscan.mspx


www.hsc.fr/resources/articles/win_net_srv


http://oss.coresecurity.com/impacket/rpcdump.py


www.inetcat.net/software/nbtscan.html


www.hackingexposed.com


http://reedarvin.thearvins.com/tools/NBTEnum


www.cultdeadcow.com/tools/nete.html


www.hammerofgod.com/download.html


www.securityfriday.com/tools/getacct.html


www.solarwinds.net (IP Network Browser)


www.foundstone.com/us/resources/proddesc/snscan.htm


www.portcullis-security.com  (linux)


solareclipse@phreedom.org


www.rfc-editor.org


Internetwork Routing Protocol Attack Suite  (IRPAS)
(http://phenoelit-us.org/irpas/docu.html)


bigdc.labfarce2.org


sourceforge.net/projects/ldapenum


www.integrigy.com/security-resources


www.cquire.net/wp/getsids/


www.databasesecurity.com/dbsec


www.cqure.net/wp/test


www.samba.org


http://razor.bindview.com/tools


www.sysinternals.com


en.wikipedia.org/wiki/netcat


www.webhackingexposed.com


https://www.grc.com/x/ne.dll?bh0bkyd2


www.metasploit.com/


www.tenebril.com


www.foofus.net (medusa)


GPMC (Group Policy Management Console) = gpmc.msc (snap-in)


Secpol.msc (local security policy (snap-in))


www.somarsoft.com


www.tntsoftware.com (Elm Log Manager)


www.lcpsoft.com


www.oxid.it


www.securityfocus.com/archive


www.toolcrypt.org/index.html?hew


WINS (Windows Internet Naming Service)


framework.metasploit.com


http://blogs.technet.com/askperf/archive


www.schneier.com/blog/archives


Auditpol (enabe auditing / basic security measure)


VNC (Virtual Network Computing)


www.realvnc.com/download.html


anti-security measure for hackers:  >> Clear Event Log   
http://www.ibt.ku.dk/jesper/windows-tools


Common OS Files ( http://www.file.net )


http://www.pestpatrol.com/PestInfo/AutoStartingPests.asp


www.phrack.org


http://www.microsoft.com/technet/security/guidance/cryptographyetc/efs.mspx


anti-security measure for hackers: >> reset local administrator password (home.eunet.no/pnordah/ntpasswd/)


en.wikipedia.org/wiki/BitLocker_Drive_Encryption


http://citp.princeton.edu/memory/


www.aladdin.com/hasp/


WFP = Windows File Protection >> Renamed  "WRP"  = Windows Resource Protection


%Windir%\WinSxS\Backup


Under WRP, the ability to write to a protected resouce is granted only to the TrustedInstaller principal


MLS = Multilevel Security (DoD = Department of Defense)


http://en.wikipedia.org/wiki/Bell-LaPadula_model


www.securiteam.com/windowsntfocus.html


www.sqlsecurity.com


Replacement for password command ( http://www.utexas.edu/cc/unix/software/npasswd )


Secure Remote Password ( http://srp.stanford.edu )


Open SSH = A telnet / ftp / rsh / login communication replacement with encryption & RSA authentication  www.openssh.org 


http://www.openwall.com


http://www.spellweaver.org


www.iptablesrocks.org


Access Control List (ACL) /    (www.xinetd.org)


www.openbsd.org


http://coombs.anu.edu.au/ipfilter


http://www.w00w00.org/files/heaptut/heaptut.txt


ftp://ftp.auscert.org.au/pub/auscert/advisory


Disable Sendmail:  ( http://www.sendmail.org )


http://www.fwtk.org/


QMAIL =   www.qmail.org


www.postfix.com


www.sendmail.org/tips/relaying.html


RPC Services Countermeasures


rpc.ttdbserverd (http://www.cert.org/advisories/ca-98.11.tooltalk.html)


Linux Intrusion Detection System ( www.lids.org )


http://sniffdet.sourceforge.net


RPC.cmsd = ( www.cert.org/advisories/ca-99-08-cmsd.html )


Protos Project: ( http://www.ee.oulu.fi/research/ouspg/protos )


NFS Exploration


( ftp://ftp.cs.vu.nl/pub/leendert/nfsshell.tar.gz )


http://crypto.to/djbdns.html


www.isc.org/index/.pl?/sw/bind/bind-security.php


http://hispahack.ccc.de (execute any command as root)


wordlists ( ftp://coast.cs.purdue.edu/pub/dict )


www.tripwire.com


Packet Sniffers  (http://sourceforge.net/projects/tcpdump/)


www.wireshark.org


www.ssh.com/downloads


www.sun.com/software/security


www.linuxsecurity.com


secure boot-media  "helix"  ( www.e-fense.com/helix/ )


www.dwheeler.com/secure-programs


www.sandstorm.net


www.m4phr1k.com  ( war dialing)


"ikeprober"  ( http://ikecrack.sourceforge.net/IKEProber.pl )


NTA Monitor  ( www.nta-monitor.com/tools/ike-scan/ )


www.ernw.de/download/ikeprobe.zip


http://sipvicious.org/


www.hackingvoip.com/tools/sipscan.msi


http://sipsak.org


www.traceroute.org


www.fixedorbit.com


http://www.radb.net


www.lava.net


www.securiteam.com/exploits


Port Sentry  ( sourceforge.net/projects/sentrytools/ )


Network Processor  (  en.wikipedia.org/wiki/OSI_model  )


SPAN (Switched Port Analyzer)  


VLAN (Virtual Local Area Network)


www.cisco.com/en/US/docs/switches/lan/catalyst5000/catos/4.5/configuration/guide/span.html


ARPwatch  ( ftp://ftp.ee.lbl.gov/arpwatch.tar.gz  )


http://www.datanerds.net/~mike/dsniff.html


www.wincap.org/


ftp://ftp.cisco.com/pub/mibs/supportlists


http://www.blackroute.net


cisco.com/en/US/docs/ios/iproute/configuration/guide/irp_bgp_overview.html


nvd.nist.gov/nvd.cfm?cvename=CVE-2001-0650


http://www.nanog.org/mailinglist.html


http://puck.nether.net/mailman/listinfo/cisco-nsp


www.hyperlinktech.com


www.makinterface.de


www.openpcd.org


en.wikipedia.org/wiki/MIFARE#Security


BitLocker (Disk Encryption)   
http://technet.microsoft.com/en-us/windows/aa905065.aspx  


TrueCrypt  ( www.truecrypt.org )


SecureStar (www.securstar.com/)


www.hak5.org/packages/files/Universal_Customizer.zip


wiki.hak5.org


http://openfacts.berlios.de/index-en.phtml?title=Building_OpenOCD


http://www.yagarto.de/


www.urjtag.org


www.angelfire.com/sk/stackshield/index.html


www.research.avayalabs.com/gcm/usa/en-us/initiatives/all/nsr.html&filter=ProjectTitle:LibSafe&Wrapper=LabsProjectDetails&View=LabsProjectDetails


www.cnhonker.com


http://seclists.org/bugtraq/2000/sep/0214.html


Computer Security Applications Conference  (www.acsac.org/2004/dist.html)


csrc.nist.gov/publications/nistpubs


Code Checklists


http://code.msdn.microsoft.com/customfxcop/release/projectreleases.aspx?ReleaseId=1299


Splint:  (http://lclint.cs.virginia.edu)


FlawFinder:  www.dwheeler.com/flawfinder


www.cigital.com


www.logiclibrary.com


www.ouncelabs.com


www.fortify.com/security-resources/rats.jsp


www.itaa.org/software


www.cs.wisc.edu


www.immunitysec.com/downloads


URLScan =   www.microsoft.com/technet/security/tools/urlscan.mspx


http://java.sun.com


msdn.microsoft.com/framework


http://jakarta.apache.org


http://dev2dev.bea.com/resourcelibrary/advisories/jsp?highlight=advisoriesnotifications for JSP disclosure issues


http://www.iisvictim.example/global.asa+.htr


www.weblogicserver.example/index.js%70


www.tomcatserver.example


http://destroy.net/machines/security


http://downloads.securityfocus.com/vulnerabilities/exploits


www.eeye.com


IIS.net/forums


http://httpd.apache.org/info/security_bulletin_20020620.txt


www.gnu.org


www.httrack.com


www.cnet.com


http://tamperdata.mozdev.org/


NoScript (tool to disable javascript)


Crawljax:  http://spci.st.ewi.tudelft.nl/crawljax/


Debugger to examine a pages' javascript as it executes
firefox:  www.mozilla.org/projects/venkman/


www.jonathanboutelle.com/mt/archives/2006/01/howto_debug_jav.html


www.fiddlertool.com/


www.owasp.org/index.php/Category:OWASP_WebScarab_Project


Open Web Application Security Project


http://portswigger.net/suite/ (Burp Suite for attacking web applications)


www.hp.com/go/securitysoftware


http://sqlninja.sourceforge.net/


www.sanctuminc.com/pdf/whitepaper_httpresponse.pdf


en.wikipedia.org/wiki/Remote_File_Inclusion


Object Linking and Embedding (.ocx)


ActiveX = Microsoft's answer to Sun/Oracles java technology


HKLM\software (registry values)


enable this page to execute arbitrary code on someone's system:  (.hta)   


HTTP://www.guninski.com


www.oreilly.net/pub/a/javascript/2001/04/06/js_history.html


java.sun.com/j2se/1.4.2/download.html


http://www.htmlhelp.com/reference


http://secunia.com


International Domain Names (IDN)  (  http://www.shmoo.com/idn/homograph.txt )


Nimda Worm  ( http://vil.nai.com/vil/content.v_99209.htm )


www.pc-help.org/security/scrap.htm


www.microsoft.com%01@evilsite.net  =  address bar in IE will only reveal "microsoft.com" something of a glitch?


www.kb.cert.org


www.digitalphishnet.org


junkbusters.com


spywareinfo.com


spywareguide.com


microsoft.com/spyware


www.spamfilterreview.com


spybot search & destroy  ( www.safer-networking.org)


www.lavasoft.com 


SCM (Services Control Manager)  * Kernel level


Reverse Kernel Call Hooking Techniques


www.security.org/.sg/code/sdtrestore.html




DANIEL S. ABRAHAMIAN
PROCEED WITH CAUTION
FEELMYFLAME
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)