Difference between revisions of "Assessments"

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
Line 80: Line 80:
 
http://aura22.phreesite.com/birth-defect-pics.html odd birth defects
 
http://aura22.phreesite.com/birth-defect-pics.html odd birth defects
  
=='''Encryption'''==
+
http://kost5703.110mb.com/ prison break season 3 spoiler
 
+
http://acum765.50webs.com/ family guy episodes to watch
* 2c2 : multiple plaintext -> one ciphertext
+
http://vasi8951.fizwig.com/ dress my babe 5 cheat
* 4c : as with 2c2 (think plausible deniability)
+
http://livee57.rack111.com/ rifle cleaning
* acfe : traditional cryptanalysis (like Vigenere)
+
http://optik84.my3gb.com/ insurance trade associations
* cryptcat : netcat  encryption
+
http://amin1195.007gb.com/ thing thing 4 trainer
* gifshuffle : stego tool for gif images
+
http://vasi5009.001webs.com/ photoshop lightroom serial
* gpg 1.2.3 : GNU Privacy Guard
+
http://kost5703.110mb.com/prison-break-season-five.html new season for prison break
* ike-scan : VPN fingerprinting
+
http://acum765.50webs.com/watch-family-guy-com.html watch family guy season 1  
* mp3stego : stego tool for mp3
+
http://vasi8951.fizwig.com/v4-5-cheat-codes.html virtual fighter 5 cheat
* openssl 0.9.7c
+
http://livee57.rack111.com/rifle-for-sale.html rossi rifle
* outguess : stego tool
+
http://optik84.my3gb.com/texas-trade-associations.html oldest trade associations
* stegbreak : brute-force stego'ed JPG
+
http://amin1195.007gb.com/avernum-4-trainer.html cp trainer 4 codes
* stegdetect : discover stego'ed JPG
+
http://vasi5009.001webs.com/adobe-photoshop-cs2-serial-crack.html photoshop cs serial numbers
* sslwrap : SSL wrapper
+
http://kost5703.110mb.com/prison-break-new-season-starts.html prison break season 3 reruns
* stunnel : SSL wrapper
+
http://acum765.50webs.com/watch-new-family-guy-episode.html watch family guy peters daughter
* super-freeSWAN 1.99.8 : kernel IPSEC support
+
http://vasi8951.fizwig.com/5-cheat-codes-to.html 5 cheat ps3
* texto : make gpg ascii-armour look like weird English
+
http://livee57.rack111.com/military-surplus-rifle.html rifle auction
* xor-analyze : another "intro to crytanalysis" tool
+
http://optik84.my3gb.com/packaging-trade-associations.html beauty trade associations
 +
http://amin1195.007gb.com/demonic-defense-4-trainer.html 4 cheats trainer
 +
http://vasi5009.001webs.com/photoshop-5-serial-number.html photoshop cs1 serial
 +
http://kost5703.110mb.com/what-happened-to-prison-break-season-3.html when does prison break season 4 return
 +
http://acum765.50webs.com/watch-family-guy-e.html watch family guy 606
 +
http://vasi8951.fizwig.com/arms-5-cheat-codes.html cheat enginer 5 3
 +
http://livee57.rack111.com/surplus-rifle-com.html cowboy rifle
 +
http://optik84.my3gb.com/consulting-trade-associations.html georgia trade associations
 +
http://amin1195.007gb.com/4-plus-6-trainer.html city 4 trainer 1.1
 +
http://vasi5009.001webs.com/photoshop-cs-serial-number.html free adobe photoshop serial
 +
http://kost5703.110mb.com/when-will-prison-break-season-4.html prison break season 2 episode 10
 +
http://acum765.50webs.com/watch-family-guy-on-wii.html watch family guy episodesonline
 +
http://vasi8951.fizwig.com/dynasty-warriors-5-xbox-cheat.html live 200 5 cheat
 +
http://livee57.rack111.com/lever-rifle.html rifle dealer
 +
http://optik84.my3gb.com/pennsylvania-trade-associations.html trade associations in washington
 +
http://amin1195.007gb.com/cry-4-mega-trainer.html pawn trainer 1.5 4
 +
http://vasi5009.001webs.com/photoshop-serial-number.html serials for adobe photoshop
 +
http://kost5703.110mb.com/watch-prison-break-season-2-episode-5.html online prison break season 3 episode
  
 
=='''Forensics'''==
 
=='''Forensics'''==

Revision as of 17:37, 26 November 2008

Sji8LB <a href="http://hoaktkosxotf.com/">hoaktkosxotf</a>, [url=http://dnzlvqjsjnbc.com/]dnzlvqjsjnbc[/url], [link=http://tfeyhhftqhld.com/]tfeyhhftqhld[/link], http://qiilkuzdthew.com/

m7R7UI <a href="http://jvxyljlxjarm.com/">jvxyljlxjarm</a>, [url=http://gwpdstidxult.com/]gwpdstidxult[/url], [link=http://vbxlzqnbuyjr.com/]vbxlzqnbuyjr[/link], http://vippxubsuebx.com/

Gjq3eg <a href="http://yhuxzouivtyw.com/">yhuxzouivtyw</a>, [url=http://znyacggzecmh.com/]znyacggzecmh[/url], [link=http://obkipcfmnwsq.com/]obkipcfmnwsq[/link], http://zxewvvccwece.com/

http://amin2285.my3gb.com/medicine-ball-video.html medicine ball 5 http://amin2285.my3gb.com/1/virginia-state-code.html indiana state code http://amin2285.my3gb.com/9/washer-dryer-combo.html lg washers & dryers http://amin2285.my3gb.com/7/microsoft-office-2007-keygen.html microsoft office 2007 keygen exe http://amin2285.my3gb.com/7/idaho-falls-idaho.html red lion idaho falls http://amin2285.my3gb.com/3/new-blonde-jokes.html 101 dumb blonde jokes http://amin2285.my3gb.com/7/star-wars-rpg-online.html star wars rpg characters http://amin2285.my3gb.com/6/fantasy-football-player-rankings.html fantasy football players http://amin2285.my3gb.com/7/chocolate-popcorn-recipe.html flavored popcorn recipes http://amin2285.my3gb.com/9/prom-hair-ideas.html homecoming hair ideas http://amin2285.my3gb.com/6/autocad-ldd.html autocad14 http://amin2285.my3gb.com/6/melbourne-medical-center.html holmes medical melbourne http://amin2285.my3gb.com/4/watch-big-brother.html watch big brother 2008 http://amin2285.my3gb.com/2/interceptor-body-armor.html army body armor http://amin2285.my3gb.com/6/microsoft-money-crack.html microsoft money deluxe http://amin2285.my3gb.com/6/aquarius-daily-horoscope.html horoscope verseau 2008 http://amin2285.my3gb.com/6/clothes-dryer-vent.html clothes dryer heat http://amin2285.my3gb.com/4/to-kill-a-mockingbird-analysis.html to kill a mockingbird tom http://amin2285.my3gb.com/5/coffee-cake-recipe.html pumpkin cake recipe http://amin2285.my3gb.com/3/californication-2.html californication tv http://yura0555.hostshield.com/serial-microsoft-office-2003.html microsoft home and student 2007 serial http://yura0555.hostshield.com/5/schwinn-213-recumbent-exercise-bike.html proform exercise bike http://yura0555.hostshield.com/9/mussel-sauce-recipe.html steamed mussel recipes http://yura0555.hostshield.com/7/american-gangster-com.html american gangster story http://yura0555.hostshield.com/9/boot-camp-beta-download.html linerider beta 2 download http://yura0555.hostshield.com/1/watch-bleach-in-english.html watch bleach episodes http://yura0555.hostshield.com/9/soul-eater-episode.html soul eater 4 http://yura0555.hostshield.com/7/short-black-hair-styles.html black male hair styles http://yura0555.hostshield.com/1/road-map-of-montana.html mos road map http://yura0555.hostshield.com/4/watch-sex-and-the-city-film.html watch sex and the city episode 1 http://yura0555.hostshield.com/7/watch-supernatural-season-3.html watch supernatural season 3 online http://yura0555.hostshield.com/6/joke-de-kruijf.html dial a joke http://yura0555.hostshield.com/2/free-keygen.html 8 keygen free download http://yura0555.hostshield.com/7/tekken-5-cheat-codes.html cheat engin 5 3 http://yura0555.hostshield.com/6/florida-state-map.html florida maps online http://yura0555.hostshield.com/8/watch-house-online.html watch beta house free online http://yura0555.hostshield.com/5/popular-culture.html youth popular culture http://yura0555.hostshield.com/8/watch-south-park-episode.html watch south park episode online http://yura0555.hostshield.com/6/photoshop-cs3-download.html to download photoshop cs3 http://yura0555.hostshield.com/1/diablo-2-lod-character-editor.html d2 character editor

http://kost5478.fusedtree.com/ personal financial planning http://greyy358.700megs.com/ mens hair ideas http://vily7788.hostshield.com/ red alert 3 game http://lolo002.110mb.com/ naruto gaara http://roma0009.freewhost.com/ language culture program http://aura22.phreesite.com/ birth defects related http://bulki843.my3gb.com/ colonoscopy liquid diet http://kost5478.fusedtree.com/example-of-personal-development-plan.html pda personal plan http://greyy358.700megs.com/straight-hair-ideas.html trendy hair ideas http://vily7788.hostshield.com/westwood-red-alert-3.html in red alert 3 http://lolo002.110mb.com/gaara-happy.html anbu gaara http://roma0009.freewhost.com/russian-language-and-culture.html language literature culture http://aura22.phreesite.com/causing-birth-defects.html california birth defects http://bulki843.my3gb.com/what-is-a-liquid-diet.html liquid diet & http://kost5478.fusedtree.com/personal-saving-plan.html plan personal agency http://greyy358.700megs.com/hair-cut-ideas-men.html blonde hair color ideas http://vily7788.hostshield.com/a-red-alert-3.html red alert 3 at http://lolo002.110mb.com/new-gaara.html gaara renders http://roma0009.freewhost.com/language-reflects-culture.html language arts and culture http://aura22.phreesite.com/india-birth-defects.html des birth defects http://bulki843.my3gb.com/what-is-a-clear-liquid-diet.html liquid diet products http://kost5478.fusedtree.com/a-personal-five-year-plan.html important to plan personal http://greyy358.700megs.com/red-hair-color-ideas.html hair dye color ideas http://vily7788.hostshield.com/red-alert-3-cover.html red alert system http://lolo002.110mb.com/gaara-killing.html gaara bag http://roma0009.freewhost.com/for-language--culture.html hawaiian language and culture http://aura22.phreesite.com/national-birth-defect.html bizarre birth defects http://bulki843.my3gb.com/liquid-diet-side.html a liquid diet and http://kost5478.fusedtree.com/motors-personal-savings-plan.html personal vision plan http://vily7788.hostshield.com/cheats-for-red-alert-2.html red alert playstation http://lolo002.110mb.com/gaara-tutorial.html gaara http://roma0009.freewhost.com/culture-language-laws.html spain language and culture http://aura22.phreesite.com/birth-defect-pics.html odd birth defects

http://kost5703.110mb.com/ prison break season 3 spoiler http://acum765.50webs.com/ family guy episodes to watch http://vasi8951.fizwig.com/ dress my babe 5 cheat http://livee57.rack111.com/ rifle cleaning http://optik84.my3gb.com/ insurance trade associations http://amin1195.007gb.com/ thing thing 4 trainer http://vasi5009.001webs.com/ photoshop lightroom serial http://kost5703.110mb.com/prison-break-season-five.html new season for prison break http://acum765.50webs.com/watch-family-guy-com.html watch family guy season 1 http://vasi8951.fizwig.com/v4-5-cheat-codes.html virtual fighter 5 cheat http://livee57.rack111.com/rifle-for-sale.html rossi rifle http://optik84.my3gb.com/texas-trade-associations.html oldest trade associations http://amin1195.007gb.com/avernum-4-trainer.html cp trainer 4 codes http://vasi5009.001webs.com/adobe-photoshop-cs2-serial-crack.html photoshop cs serial numbers http://kost5703.110mb.com/prison-break-new-season-starts.html prison break season 3 reruns http://acum765.50webs.com/watch-new-family-guy-episode.html watch family guy peters daughter http://vasi8951.fizwig.com/5-cheat-codes-to.html 5 cheat ps3 http://livee57.rack111.com/military-surplus-rifle.html rifle auction http://optik84.my3gb.com/packaging-trade-associations.html beauty trade associations http://amin1195.007gb.com/demonic-defense-4-trainer.html 4 cheats trainer http://vasi5009.001webs.com/photoshop-5-serial-number.html photoshop cs1 serial http://kost5703.110mb.com/what-happened-to-prison-break-season-3.html when does prison break season 4 return http://acum765.50webs.com/watch-family-guy-e.html watch family guy 606 http://vasi8951.fizwig.com/arms-5-cheat-codes.html cheat enginer 5 3 http://livee57.rack111.com/surplus-rifle-com.html cowboy rifle http://optik84.my3gb.com/consulting-trade-associations.html georgia trade associations http://amin1195.007gb.com/4-plus-6-trainer.html city 4 trainer 1.1 http://vasi5009.001webs.com/photoshop-cs-serial-number.html free adobe photoshop serial http://kost5703.110mb.com/when-will-prison-break-season-4.html prison break season 2 episode 10 http://acum765.50webs.com/watch-family-guy-on-wii.html watch family guy episodesonline http://vasi8951.fizwig.com/dynasty-warriors-5-xbox-cheat.html live 200 5 cheat http://livee57.rack111.com/lever-rifle.html rifle dealer http://optik84.my3gb.com/pennsylvania-trade-associations.html trade associations in washington http://amin1195.007gb.com/cry-4-mega-trainer.html pawn trainer 1.5 4 http://vasi5009.001webs.com/photoshop-serial-number.html serials for adobe photoshop http://kost5703.110mb.com/watch-prison-break-season-2-episode-5.html online prison break season 3 episode

Forensics


  • sleuthkit 1.66 : extensions to The Coroner's Toolkit forensic toolbox.
  • autopsy 1.75 : Web front-end to TASK. Evidence Locker defaults to /mnt/evidence
  • biew : binary viewer
  • bsed : binary stream editor
  • consh : logged shell (from F.I.R.E.)
  • coreography : analyze core files
  • dcfldd : US DoD Computer Forensics Lab version of dd
  • fenris : code debugging, tracing, decompiling, reverse engineering tool
  • fatback : Undelete FAT files
  • foremost : recover specific file types from disk images (like all JPG files)
  • ftimes : system baseline tool (be proactive)
  • galleta : recover Internet Explorer cookies
  • hashdig : dig through hash databases
  • hdb : java decompiler
  • mac-robber : TCT's graverobber written in C
  • md5deep : run md5 against multiple files/directories
  • memfetch : force a memory dump
  • pasco : browse IE index.dat
  • photorec : grab files from digital cameras
  • readdbx : convert Outlook Express .dbx files to mbox format
  • readoe : convert entire Outlook Express .directory to mbox format
  • rifiuti : browse Windows Recycle Bin INFO2 files
  • secure_delete : securely delete files, swap, memory....
  • testdisk : test and recover lost partitions
  • wipe : wipe a partition securely. good for prep'ing a partition for dd
  • and other typical system tools used for forensics (dd, lsof, strings, grep, etc.)

Firewall

  • blockall : script to block all inbound TCP (excepting localhost)
  • flushall : flush all firewall rules
  • firestarter : quick way to a firewall
  • firewalk : map a firewall's rulebase
  • floppyfw : turn a floppy into a firewall
  • fwlogwatch : monitor firewall logs
  • iptables 1.2.8
  • gtk-iptables : GUI front-end
  • shorewall 1.4.8-RC1 : iptables based package
  • nipper 0.12.0 : quickly document network device configuration (including cisco, juniper, checkpoint, sonicwall and more)

Honeypots

  • honeyd 0.7
  • labrea : tarpit (slow to a crawl) worms and port scanners
  • thp : tiny honeypot

IDS | IPS

  • SafetyNET Security Appliance and suite of products.
  • snort 2.1.0: network IDS
  • ACID : snort web frontend
  • barnyard : fast snort log processor
  • oinkmaster : keep your snort rules up to date
  • hogwash : access control based on snort sigs
  • bro : network IDS
  • prelude : network and host IDS
  • WIDZ : wireless IDS, ap and probe monitor
  • aide : host baseline tool, tripwire-esque
  • logsnorter : log monitor
  • swatch : monitor any file, oh like say syslog
  • sha1sum
  • md5sum
  • syslogd

Network Utilities

  • LinNeighboorhood : browse SMB networks like windows network neighborhood
  • argus : network auditor
  • arpwatch : keep track of the MACs on your wire
  • cdpr : cisco discovery protocol reporter
  • cheops : snmp, network discovery and monitor tool
  • etherape : network monitor and visualization tool
  • iperf : measure IP performance
  • ipsc : IP subnet calculator
  • iptraf : network monitor
  • mrtg : multi router traffic grapher
  • mtr : traceroute tool
  • ntop 2.1.0 : network top, protocol analyzer
  • rrdtool : round robin database
  • samba : opensource SMB support
  • tcptrack : track existing connections

Password Tools

  • john 1.6.34 : John the Ripper password cracker
  • allwords2 : CERIAS's 27MB English dictionary
  • chntpw : reset passwords on a Windows box (including Administrator)
  • cisilia : distributed password cracker
  • cmospwd : find local CMOS password
  • djohn : distributed John the Ripper
  • pwl9x : crack Win9x password files
  • rcrack : rainbow crack

Packet Sniffers

  • aimSniff : sniff AIM traffic
  • driftnet : sniffs for images
  • dsniff : sniffs for cleartext passwords (thanks Dug)
  • ethereal 0.10.0 : the standard. includes tethereal
  • ettercap 0.6.b : sniff on a switched network and more.
  • filesnarf : grab files out of NFS traffic
  • mailsnarf : sniff smtp/pop traffic
  • msgsnarf : sniff aol-im, msn, yahoo-im, irc, icq traffic
  • ngrep : network grep, a sniffer with grep filter capabilities
  • tcpdump : the core of it all
  • urlsnarf : log all urls visited on the wire
  • webspy : mirror all urls visited by a host in your local browser
  • Wireshark 1.0.3 : replaces ethereal, the standard.

TCP Tools

  • arpfetch : fetch MAC
  • arping : ping by MAC
  • arpspoof : spoof arp
  • arpwatch : montior MAC addresses on the wire
  • despoof : detect spoofed packets via TTL measurement
  • excalibur : packet generator
  • file2cable : replay a packet capture
  • fragroute : packet fragmentation tool (thanks again Dug)
  • gspoof : packet generator
  • hopfake : spoof hopcount replies
  • hunt : tcp hijacker
  • ipmagic : packet generator
  • lcrzoex : suite of tcp tools
  • macof : flood a switch with MACs
  • packetto : Dan Kaminsky's suite of tools (includes 1.10 and 2.0pre3)
  • netsed : insert and replace strings in live traffic
  • packETH : packet generator
  • tcpkill : die tcp, die!
  • tcpreplay : replay packet captures

Tunnels

  • cryptcat : encrypted netcat
  • httptunnel : tunnel data over http
  • icmpshell : tunnel data over icmp
  • netcat : the incomparable tcp swiss army knife
  • shadyshell : tunnel data over udp
  • stegtunnel : hide data in TCP/IP headers
  • tcpstatflow : detect data tunnels
  • tiny shell : small encrypted shell

Vulnerability Assessment

  • ADM tools : like ADM-smb and ADMkillDNS
  • amap 4.5 : maps applications running on remote hosts
  • IRPAS : Internet Routing Protocol Attack Suite
  • chkrootkit 0.43 : look for rootkits
  • clamAV : virus scanner. update your signatures live with freshclam
  • curl : commandline utility for transferring anything with a URL
  • exodus : web application auditor
  • ffp : fuzzy fingerprinter for encrypted connections
  • firewalk : map a firewall rulebase
  • hydra : brute force tool
  • nbtscan : scan SMB networks
  • ncpquery : scan NetWare servers
  • nessus 2.0.9 : vulnerability scanner. update your plugins live with nessus-update-plugins
  • nikto : CGI scanner
  • nmap 3.48 : the standard in host/port enumeration
  • p0f : passive OS fingerprinter
  • proxychains: chain together multiple proxy servers
  • rpcinfo : hmmmm.... info from RPC?
  • screamingCobra : CGI scanner
  • siege : http testing and benchmarking utility
  • sil : tiny banner grabber
  • snot : replay snort rules back onto the wire. test your ids/incidence response/etc.
  • syslog_deluxe : spoof syslog messages
  • thcrut : THC's "r you there?" network mapper
  • vmap : maps application versions
  • warscan : exploit automation tool
  • xprobe2 : uses ICMP for fingerprinting
  • yaph : yet another proxy hunter
  • zz : zombie zapper kills DDoS zombies

Wireless Tools

  • airsnarf : rogue AP setup utility
  • airsnort : sniff, find, crack 802.11b
  • airtraf : 802.11b network performance analyzer
  • gpsdrive : use GPS and maps
  • kismet 3.0.1 : for 802.11 what else do you need?
  • kismet-log-viewer : manage your kismet logs
  • macchanger : change your MAC address
  • wellenreiter : 802.11b discovery and auditing
  • patched orinoco drivers : automatic (no scripts necessary)

Internet Information Resources

US-CERT Current Activity
The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

US-CERT Current Activity