Resources

  • Dan Kaminsky Reveals His Process For Security Research – resources.infosecinstitute.com
    Dan Kaminsky has been a noted security researcher for over a decade, and has spent his career advising Fortune 500 companies such as Cisco, Avaya and Microsoft. Dan spent three years working with Microsoft on their Vista, Server 2008 and Windows 7 releases.
  • Incident Response Methodologies Worm Infection Cheat Sheet - isc.sans.edu
    The CERT Societe Generale (site is in French and English) has published a 6 Steps IRM Worm Infection cheat sheet (English only) freely available for download here. “Feel free to contact us if you identify a bug or an error in these IRMs.”

Tools

  • UPDATE: Ncrack 0.4ALPHA! – nmap.org
    Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords.
  • UPDATE John the Ripper 1.7.7 – download.openwall.net
  • John the Ripper is a fast password cracker, currently available for many flavors of Unix, Windows, DOS, BeOS, and OpenVMS. Its primary purpose is to detect weak Unix passwords.
  • UPDATE: THC HYDRA v6.3! – freeworld.thc.org
    THC-HYDRA is a very fast network logon cracker which support many different services. This tool is a proof of concept code, to give researchers and security consultants the possibility to show how easy it would be to gain unauthorized access from remote to a system.
  • OWASP Hatkit Proxy Project HTTP/TPC Intercepting Proxy Tool – darknet.org
    The primary purpose of the Hatkit Proxy is to create a minimal, lightweight proxy which stores traffic into an offline storage where further analysis can be performed, i.e. all kinds of analysis which is currently implemented by the proxies themselves.
  • Introducing the Cisco IOS Software Checker – blogs.cisco.com
    This tool introduces a feature that has been long-requested from our customers and will make Cisco product security information much easier to consume and digest.
  • Suspender.dll - blog.didierstevens.com
    When the suspender DLL is loaded inside a process, it will wait for 60 seconds and then suspend all the threads of the host process. If you want another delay, just change the name of the file by appending the number of seconds to sleep.
  • The ultimate collection kit - integriography.wordpress.com
    Its a mix of ediscovery and forensics, with all the typical issues – custodians available only for a day, unexpectedly large hard drives, systems that cannot come down at all, 3 Sony Vaios with just one power cord, etc.
  • TCDiscover – code.google.com
    We posted about TCHunt yesterday, that could help you identify TrueCrypt encrypted data on your hard drive. But, what if you are not able to load TCHunt and only have access to a backed up hard drive? If that data is backed with dd, you are in luck – for we now have  TCDiscover!
  • Pitbull: An IDS/IPS Testing Framework – code.google.com
    Pytbull1 Pytbull: An IDS/IPS Testing Framework!As you must have read our old post regarding The RedWolf Security Threat Generator. It will help you test for the threats on your complete network.

Techniques

Vendor/Software Patches

  • Microsoft EMET – darkoperator.com
    Many times we are faced with the situation of not being able to patch software in time and many times do to the way companies work and handle security vulnerabilities the time of exposure is a very long one.

Other News