skipfish - Project Hosting on Google Code
march 2010 by jtth
A fully automated, active web application security reconnaissance tool. Key features:
High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.
google
scanner
security
testing
web
High speed: pure C code, highly optimized HTTP handling, minimal CPU footprint - easily achieving 2000 requests per second with responsive targets.
Ease of use: heuristics to support a variety of quirky web frameworks and mixed-technology sites, with automatic learning capabilities, on-the-fly wordlist creation, and form autocompletion.
Cutting-edge security logic: high quality, low false positive, differential security checks, capable of spotting a range of subtle flaws, including blind injection vectors.
The tool is believed to support Linux, FreeBSD, MacOS X, and Windows (Cygwin) environments.
march 2010 by jtth
Matasano Security LLC - Chargen - Exercises for a burgeoning Army of Ninjas
january 2010 by jtth
The competition portion of the event is loosely modeled after the Defcon Capture the Flag competitions of recent years. This past year, the CSAW-CTF competition brought talent from all around the world together during the National Cyber Security Awareness Month which is celebrated at NYU:Poly as CSAW (Cyber Security Awareness Week)
security
competition
computerscience
january 2010 by jtth
de-ice.net
january 2010 by jtth
A quick introduction to the site and its offerings is probably appropriate. Chances are, you’ve arrived here looking for one of my projects. Check out the links on the right to find the appropriate web pages. However, now that you’re here, I hope you’ll stay a while and enjoy my blog or join the forums. On the blog, I talk (more likely “ramble”) about the latest events within Information System Security or Penetration Testing. The forums are intended for discussions on PenTest tools as well as Projects available on the Heorot.net web site.
security
pentest
january 2010 by jtth
STOP™ 7 - BAE Systems
january 2010 by jtth
STOP 7 is the premier secure operating system that provides flexible security policies, a Linux™-compatible application programming interface, and high performance. STOP 7 gives the defense, intelligence community, government, and enterprise solution providers and integrators a trustworthy and robust foundation for developing trusted information sharing, guarding, and server applications.
security
os
unix
january 2010 by jtth
Nmap Network Scanning
july 2009 by jtth
Nmap Network Scanning is the official guide to the Nmap Security Scanner, a free and open source utility used by millions of people for network discovery, administration, and security auditing. From explaining port scanning basics for novices to detailing low-level packet crafting methods used by advanced hackers, this book by Nmap's original author suits all levels of security and networking professionals. The reference guide documents every Nmap feature and option, while the remainder demonstrates how to apply them to quickly solve real-world tasks. Examples and diagrams show actual communication on the wire. Topics include subverting firewalls and intrusion detection systems, optimizing Nmap performance, and automating common networking tasks with the Nmap Scripting Engine.
scan
sysadmin
hack
reference
hacking
tutorials
software
network
ebook
nmap
tools
book
manual
tutorial
books
firewall
linux
computers
packet
read
scanning
research
security
free
networking
apps
july 2009 by jtth
L0phtCrack - Windows & Unix Password Auditing & Recovery
may 2009 by jtth
We made L0phtCrack available once again because hard core security professionals have found it to be the best and have yearned for up-to-date OS support. After 12 years, L0phtCrack is still a mainstay at many leading security consulting firms and the US military.
password
security
windows
tools
software
hacking
recovery
analysis
cracking
may 2009 by jtth
Security Fix - ZeusTracker and the Nuclear Option
may 2009 by jtth
But try telling that to Roman Hüssy, a 21-year-old Swiss information technology expert, who last month witnessed a collection of more than 100,000 hacked Microsoft Windows systems tearing themselves apart at the command of their cyber criminal overlords.
article
security
News
it
zeus
botnet
may 2009 by jtth
Keyboard "eavesdropping" just got way easier, thanks to electromagnetic emanations - Engadget
october 2008 by jtth
Van Eck phreaking for keyboards. This is awesome.
vaneckphreaking
vaneck
phreaking
phreak
eavesdrop
keyboard
computerscience
security
october 2008 by jtth
The Things He Carried - The Atlantic (November 2008)
october 2008 by jtth
Airport security in America is a sham—“security theater” designed to make travelers feel better and catch stupid terrorists. Smart ones can get through security with fake boarding passes and all manner of prohibited items—as our correspondent did with ease.
usa
terrorism
security
politics
interesting
government
freedom
theater
stupidity
tsa
waste
travel
atlantic
article
october 2008 by jtth
Blender Defender
october 2008 by jtth
Defends the counter from cats. I need this for my plants.
webcam
video
tech
security
motion
invention
humor
howto
hillarious
funny
october 2008 by jtth
NIST Computer Security Special Publications
september 2008 by jtth
Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations.
nist
publications
special
bestpractice
guidance
cryptography
management
government
networking
tech
howto
reference
computer
technology
tutorial
security
network
standards
standard
guides
documentation
paper
infosec
dhs
september 2008 by jtth
Download old vulnerable softwares version
september 2008 by jtth
Old versions of software on which one may practice.
exploits
testing
software
tools
security
hacking
exploit
download
vulnerable
old
september 2008 by jtth
SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc
september 2008 by jtth
Shows a little bit about malware analysis.
malware
security
article
sans
disassembly
september 2008 by jtth
Demo Facebook app creates DoS botnet | Zero Day | ZDNet.com
september 2008 by jtth
How to make a DoS botnet on facebook. The vulnerability is still there; Zuck refuses to fix it!
facebook
vulnerability
security
article
proof-of-concept
september 2008 by jtth
Review : Top 11 IDS products put to real world test on University network :: Hack In The Box :: Keeping Knowledge Free
august 2008 by jtth
Ridiculously comprehensive NIDS review and comparison.
nids
ids
security
network
networking
review
august 2008 by jtth
What is my IPv6 Address?
july 2008 by jtth
Tests your IPv6 address. Click on 'IPv6 only.' If a page loads, you're golden. If not, you don't have an IPv6 connection.
ip
security
test
ipv6
ipv4
networking
july 2008 by jtth
Wireless DoD Solutions from AT&T | AT&T Wireless Services
march 2008 by jtth
AT&T provides worldwide service that meets the stringent security standards set by the Department of Defense (DoD). From soldiers on the field to officials at the Pentagon, it is critical that DoD personnel stay connected with reliable voice and data comm
security
dod
at&t
phone
encryption
march 2008 by jtth
McGrew Security - msramdmp : McGrew Security RAM Dumper
march 2008 by jtth
The Princeton researchers applied this method to the recovery of encryption keys, with great results. They also cooked up a way to image the contents of RAM with a very small footprint, only overwriting a small amount of memory in the process. Unfortunate
security
ram
hack
hacking
research
experiment
it
encryption
usb
paper
march 2008 by jtth
WaterRoof ipfw firewall frontend
january 2008 by jtth
WaterRoof is an IPFW firewall frontend for Mac OS X with a easy interface and many options. Features include dynamic rules, bandwidth management, NAT configuration and port redirection, pre-defined rule sets and a wizard for easy configuration.
firewall
osx
security
mac
Freeware
macosx
software
GUI
january 2008 by jtth
Blowfish encrypt and decrypt online
january 2008 by jtth
A blowfish cypher.
encryption
computer
security
crypto
cryptography
codes
cypher
january 2008 by jtth
Hackszine.com: Eavesdropping on Bluetooth headsets
january 2008 by jtth
Eavesdropping on Bluetooth Headsets when they're not in use is so easy. Maybe this will muscle manufacturers to allow variable headset pins.
bluetooth
linux
hack
hacks
hacking
Reference
wireless
mobile
hardware
Security
technology
electronics
video
january 2008 by jtth
ONLamp.com -- File Integrity and Anti-DDoS Utilities
december 2007 by jtth
Working with Yafic
yafic
file
integrity
tripwire
security
bsd
unix
december 2007 by jtth
WebGoat Walkthrough - phreak.geeker
december 2007 by jtth
Walkthrough for the web application pen-testing tutorial suite WebGoat.
webgoat
walkthrough
security
java
webcast
video
movie
movies
internet
december 2007 by jtth
Software Integrity Checksum and Code Signing Vulnerability
december 2007 by jtth
How to spoof MD5 checksums on applications.
security
cryptography
md5
crypto
programming
hacking
hacks
infosec
math
reference
attack
vulnerability
exploit
december 2007 by jtth
Get My FBI File -- Step 1 of 2
october 2007 by jtth
If you'll just fill in the information below, we'll gin up some nice letters you can send off to get a copy of your file from the FBI or other government agencies...
file
files
government
howto
hack
information
Privacy
Security
october 2007 by jtth
Former CEO Says U.S. Punished Phone Firm - washingtonpost.com
october 2007 by jtth
Former chief executive Joseph P. Nacchio, convicted in April of 19 counts of insider trading, said the NSA approached Qwest more than six months before the Sept. 11, 2001, attacks, according to court documents unsealed in Denver this week.
bush
corruption
government
law
nsa
politics
Privacy
rights
Security
spying
surveillance
war
october 2007 by jtth
Wikileaks - Wikileaks
october 2007 by jtth
Wikileaks is developing an uncensorable system for safe mass document leaking and public analysis. Our primary interests are in Asia, the former Soviet bloc, Latin America, Sub-Saharan Africa and the Middle East, but we expect to be of assistance to peopl
activism
web2.0
wiki
leak
secret
security
journalism
search
october 2007 by jtth
TG Daily - Point and click Gmail hacking at Black Hat
august 2007 by jtth
An article explaining cookie-snatching over wifi and how it is used to access login-based sites which dole out cookies.
exploit
gmail
security
blackhat
defcon
august 2007 by jtth
Scan This Guy's E-Passport and Watch Your System Crash
august 2007 by jtth
A German security researcher who demonstrated last year that he could clone the computer chip in an electronic passport has revealed additional vulnerabilities in the design of the new documents and the inspection systems used to read them. It crashs them
passport
rfid
todo
security
august 2007 by jtth
NEOHAPSIS - Peace of Mind Through Integrity and Insight
july 2007 by jtth
Someone broke the password hashes on the iPhone. Go go John the Ripper against DES.
security
full-disclosure
username
password
iphone
apple
july 2007 by jtth
Main Page - OWASP
june 2007 by jtth
The Open Web Application Security Project (OWASP) is dedicated to finding and fighting the causes of insecure software. Everything here is free and open source.
open
source
software
foundation
web
application
security
code
auditing
audit
june 2007 by jtth
SECURITY System Encryption DM-Crypt with LUKS - Gentoo Linux Wiki
june 2007 by jtth
A guide for encrypting swap space and other filesystems using a variety of methods.
encryption
security
filesystem
gentoo
linux
howto
guide
wiki
june 2007 by jtth
Operating Systems Guides
march 2007 by jtth
NSA operational guidelines for securing Desktop and Server Operating Systems.
os
guide
howto
security
nsa
secure
march 2007 by jtth
Windows Update Checklist
january 2007 by jtth
A checklist of methods one can use to restore Windows Update functionality to a crippled PC.
howto
windows
security
microsoft
guide
january 2007 by jtth
macosxhints.com - Take iSight snapshots during invalid login attempts
december 2006 by jtth
How to use the MacBook and MacBook Pro's built in iSight camera to take a picture during an invalid login attempt.
security
apple
macbook
macbookpro
os
x
osx
camera
isight
december 2006 by jtth
eEye Digital Security - Research
december 2006 by jtth
A website for tracking Zero-day vulnerabilities in realtime.
advisory
alert
computer
digital
exploit
exploits
hack
hacking
malware
monitoring
news
pentest
zero
windows
hacks
virus
technews
sysadmin
spyware
Security
reference
research
Portal
vulnerability
0day
eeye
day
december 2006 by jtth
Locking Down Ubuntu - Linux Forums
december 2006 by jtth
How to (kind of) lock down Ubuntu. I'm still a fan of Bastille.
security
linux
ubuntu
kubuntu
firewall
setting
settings
december 2006 by jtth
CE-Infosys - FREE CompuSec
october 2006 by jtth
Get free boot-disk encryption plus many more features. No trial limitations. Just security.
free
encryption
security
privacy
october 2006 by jtth
Encrypting AIM
october 2006 by jtth
How to encrypt communications with iChat without having .Mac.
encryption
aim
communication
security
wiretap
wiretapping
ichat
apple
mac
osx
october 2006 by jtth
ShieldZone - Home of the iPod Screen Protector: Add Item
september 2006 by jtth
The invisible shield is a layer of... something that goes over most of the metal parts of your Mac (or other device) and protects it. They'll replace it for life. For free. For life. Wow.
wishlist
apple
macbookpro
shield
protection
security
accessory
september 2006 by jtth
YouTube - Mythbusters-Beat Finger Print Security System
september 2006 by jtth
The Mythbusters defeat different types of fingerprint scanners with various methods.
biometrics
security
forensics
mythbusters
youtube
video
september 2006 by jtth
Using TrueCrypt as a backup tool
september 2006 by jtth
Notes on installation and configuration of TrueCrypt with reference to backups and partitioning.
cryptography
windows
security
backup
september 2006 by jtth
How To: Building a BlueSniper Rifle - Part 2 | Tom's Networking
september 2006 by jtth
Excellent build tutorial. This one covers the software side of the gumstix module.
bluetooth
Security
wireless
september 2006 by jtth
How To: Building a BlueSniper Rifle - Part 1 | Tom's Networking
september 2006 by jtth
I have one of these antennas. I should make one.
bluetooth
crack
hack
hacking
hacks
Security
tech
technology
todo
tools
wireless
september 2006 by jtth
geektechnique.org: OpenBSD encrypted fileserver HOWTO
september 2006 by jtth
Guide to setting up encrypted file systems in OpenBSD
encryption
filesystem
howto
Security
unix
openbsd
september 2006 by jtth
Hidden Camera Locator
september 2006 by jtth
I would cry if I got this for my birthday. In a good way.
wishlist
surveillance
gadget
Security
september 2006 by jtth
related tags
0day ⊕ a ⊕ accessory ⊕ account ⊕ accounts ⊕ activex ⊕ activism ⊕ admin ⊕ administration ⊕ advisory ⊕ aim ⊕ alarm ⊕ alert ⊕ analysis ⊕ anonymity ⊕ anonymizer ⊕ anonymous ⊕ anonymously ⊕ antivirus ⊕ apple ⊕ application ⊕ apps ⊕ article ⊕ articles ⊕ at&t ⊕ atlantic ⊕ attack ⊕ audit ⊕ auditing ⊕ awesome ⊕ backup ⊕ bastille ⊕ bestpractice ⊕ bigbrother ⊕ biometrics ⊕ blackhat ⊕ blog ⊕ blogging ⊕ blogs ⊕ bluetooth ⊕ book ⊕ books ⊕ boot ⊕ botnet ⊕ browser ⊕ bsd ⊕ bullshit ⊕ bush ⊕ business ⊕ C ⊕ camera ⊕ camp ⊕ cd ⊕ cellphone ⊕ centos ⊕ chroma ⊕ cisco ⊕ clone ⊕ code ⊕ codes ⊕ color ⊕ communication ⊕ competition ⊕ complex ⊕ computer ⊕ computers ⊕ computerscience ⊕ con ⊕ control ⊕ convention ⊕ cool ⊕ copy ⊕ corruption ⊕ crack ⊕ cracker ⊕ cracking ⊕ crypto ⊕ cryptography ⊕ cs ⊕ css ⊕ cute ⊕ cypher ⊕ daily ⊕ data ⊕ day ⊕ defcon ⊕ del.icio.us ⊕ design ⊕ dev ⊕ development ⊕ dhs ⊕ digg ⊕ digital ⊕ disassembly ⊕ distribution ⊕ distro ⊕ DIY ⊕ document ⊕ documentation ⊕ dod ⊕ download ⊕ eavesdrop ⊕ ebook ⊕ eeye ⊕ electronics ⊕ email ⊕ encryption ⊕ eu ⊕ experiment ⊕ exploit ⊕ exploits ⊕ explorer ⊕ facebook ⊕ field ⊕ file ⊕ files ⊕ filesystem ⊕ firefox ⊕ firewall ⊕ flash ⊕ forensics ⊕ foundation ⊕ free ⊕ freebsd ⊕ freedom ⊕ freeware ⊕ ftp ⊕ full-disclosure ⊕ fun ⊕ funny ⊕ gadget ⊕ gadgets ⊕ Geek ⊕ generator ⊕ gentoo ⊕ gmail ⊕ google ⊕ google-apps ⊕ googleapps ⊕ government ⊕ gui ⊕ guidance ⊕ guide ⊕ guides ⊕ hack ⊕ hacker ⊕ hackercon ⊕ hacking ⊕ hacks ⊕ hardware ⊕ hash ⊕ hci ⊕ hillarious ⊕ history ⊕ home ⊕ howto ⊕ html ⊕ humor ⊕ ichat ⊕ idea ⊕ ids ⊕ image ⊕ imported ⊕ information ⊕ infosec ⊕ input ⊕ insurance ⊕ integrity ⊕ interaction ⊕ interesting ⊕ interface ⊕ internet ⊕ invention ⊕ ip ⊕ iphone ⊕ iptv ⊕ ipv4 ⊕ ipv6 ⊕ ir ⊕ isight ⊕ it ⊕ java ⊕ javascript ⊕ journalism ⊕ jquery ⊕ justice ⊕ key ⊕ keyboard ⊕ kubuntu ⊕ languages ⊕ law ⊕ leak ⊕ life ⊕ lifehacker ⊕ lifehacks ⊕ linux ⊕ list ⊕ live ⊕ livecd ⊕ lojack ⊕ mac ⊕ macbook ⊕ macbookpro ⊕ macosx ⊕ magnets ⊕ make ⊕ malware ⊕ management ⊕ manual ⊕ math ⊕ mbr ⊕ md5 ⊕ media ⊕ meeting ⊕ microsoft ⊕ misc ⊕ missile ⊕ missilesilo ⊕ mobile ⊕ monitor ⊕ monitoring ⊕ motion ⊕ movie ⊕ movies ⊕ mythbusters ⊕ nagios ⊕ network ⊕ networking ⊕ news ⊕ nids ⊕ nist ⊕ nmap ⊕ nsa ⊕ old ⊕ online ⊕ open ⊕ open-source ⊕ openbsd ⊕ opensource ⊕ openssh ⊕ oreilly ⊕ os ⊕ osx ⊕ packet ⊕ pair ⊕ paper ⊕ passport ⊕ password ⊕ passwords ⊕ pentest ⊕ personality ⊕ phone ⊕ php ⊕ phreak ⊕ phreaking ⊕ physical ⊕ police ⊕ politics ⊕ port ⊕ Portal ⊕ printers ⊕ privacy ⊕ productivity ⊕ program ⊕ programming ⊕ project ⊕ proof-of-concept ⊕ protection ⊕ proxies ⊕ proxy ⊕ proxyserver ⊕ publications ⊕ python ⊕ Radio ⊕ rainbow ⊕ ram ⊕ read ⊕ recovery ⊕ reference ⊕ remote ⊕ repair ⊕ rescue ⊕ research ⊕ review ⊕ rfid ⊕ rights ⊕ root ⊕ rootkit ⊕ router ⊕ rules ⊕ sans ⊕ scan ⊕ scanner ⊕ scanning ⊕ scantron ⊕ scapy ⊕ school ⊕ script ⊕ scripting ⊕ search ⊕ secret ⊕ secure ⊕ security ⊖ selinux ⊕ server ⊕ service ⊕ setting ⊕ settings ⊕ shell ⊕ shield ⊕ shopping ⊕ signature ⊕ snort ⊕ social ⊕ software ⊕ source ⊕ spam ⊕ special ⊕ spotify ⊕ spying ⊕ spyware ⊕ ssh ⊕ ssl ⊕ standard ⊕ standards ⊕ store ⊕ strange ⊕ stupidity ⊕ support ⊕ surveillance ⊕ surveillancecamera ⊕ sysadmin ⊕ tables ⊕ teaching ⊕ tech ⊕ technews ⊕ technology ⊕ terminal ⊕ terrorism ⊕ test ⊕ testing ⊕ theater ⊕ time ⊕ tips ⊕ todo ⊕ tool ⊕ tools ⊕ toorcamp ⊕ tracking ⊕ travel ⊕ tripwire ⊕ tsa ⊕ tunnel ⊕ tutorial ⊕ tutorials ⊕ twitter ⊕ ubuntu ⊕ ui ⊕ uk ⊕ underground ⊕ unix ⊕ upload ⊕ usa ⊕ usability ⊕ usb ⊕ username ⊕ utilities ⊕ ux ⊕ vaneck ⊕ vaneckphreaking ⊕ video ⊕ virus ⊕ vista ⊕ visualization ⊕ voip ⊕ vpn ⊕ vulnerability ⊕ vulnerable ⊕ walkthrough ⊕ war ⊕ waste ⊕ watchclock ⊕ web ⊕ web2.0 ⊕ webapp ⊕ webcam ⊕ webcast ⊕ webdesign ⊕ webdev ⊕ webgoat ⊕ webproxy ⊕ weird ⊕ wga ⊕ wi-fi ⊕ wifi ⊕ wiki ⊕ windows ⊕ winxp ⊕ wired ⊕ wireless ⊕ wiretap ⊕ wiretapping ⊕ wishlist ⊕ witopia ⊕ work ⊕ world ⊕ wpa ⊕ x ⊕ xp ⊕ yafic ⊕ youtube ⊕ zero ⊕ zeus ⊕Copy this bookmark: