The hacker community (the set of people who
would describe themselves as hackers, or who would be described by
others as hackers) falls into at least three partially overlapping
categories.
Hacker: Brilliant programmer
The positive usage of hacker. One who knows a (sometimes specified) set
of programming interfaces well enough to write software rapidly and
expertly. This type of hacker is well-respected, although the term
still carries some of the meaning of hack, developing programs without
adequate planning. This zugzwang gives freedom and the ability to be
creative against methodical careful progress.
At their best, hackers can be very productive. The downside of hacker
productivity is often in maintainability, documentation, and
completion. Very talented hackers may become bored with a project once
they have figured out all of the hard parts, and be unwilling to finish
off the "details". This attitude can cause friction in environments
where other programmers are expected to pick up the half finished work,
decipher the structures and ideas, and bullet-proof the code. In other
cases, where a hacker is willing to maintain their own code, a company
may be unable to find anyone else who is capable or willing to dig
through code to maintain the program if the original programmer moves
on to a new job.
Types of hackers in this sense are gurus and wizards. "Guru" implies
age and experience, and "wizard" often implies particular expertise in
a specific topic, and an almost magical ability to perform hacks no one
else understands.
Hacker: Intruder and criminal
The most common usage of "hacker" in the popular press is to describe
those who subvert computer security without authorization or indeed,
anyone who has been accused of using technology (usually a computer or
the internet) for terrorism, vandalism, credit card fraud, identity
theft, intellectual property theft, and many other forms of crime. This
can mean taking control of a remote computer through a network, or
software cracking. This is the pejorative sense of hacker, also called
cracker or black-hat hacker or simply "criminal" in order to preserve
unambiguity.
A hacktivist is a hacker who utilizes the World Wide Web as a medium to
announce their political message. These individuals use other people’s
websites, to promote their political views. For instance these hackers
may use a political candidate’s web page and adjust it to promote their
opposition candidate or promote vegetarianism through a meat
distributor’s internet site.
There are several recurring tools of the trade used by computer criminals:
Trojan horse -- These are malicious programs that are disguised as
legitimate software. A trojan horse can be used to set up a back door
in a computer system so that the criminal can return later and gain
access. Viruses that fool a user into downloading and/or executing them
by pretending to be useful applications are also sometimes called
trojan horses. See also: Dialer.
Virus -- A virus is a self-replicating program that spreads by
inserting copies of itself into other executable code or documents (for
a complete definition: see the article about computer viruses). Thus, a
computer virus behaves in a way similar to a biological virus, which
spreads by inserting itself into living cells.
Worm -- Like a virus, a worm is also a self-replicating program. The
difference between a virus and a worm is that a worm does not attach
itself to other code. After the comparison between computer viruses and
biological viruses, the obvious comparison here is to a bacterium. Many
people conflate the terms "virus" and "worm", using them both to
describe any self-propagating program.
Vulnerability scanner -- A tool used to quickly check computers on a
network for known weaknesses. Hackers also use port scanners. These
check to see which ports on a specified computer are "open" or
available to access the computer. (Note that firewalls defend computers
from intruders by limiting access to ports/machines both inbound and
outbound.)
Sniffer -- An application that captures password and other data while
it is in transit either within the computer or over the network
Exploit -- A prepared application that takes advantage of a known weakness.
Social engineering -- Using manipulation skills in order to obtain some
form of information. An example would be asking someone for their
password or account possibly over a beer or by posing as someone else.
Root kit -- A toolkit for hiding the fact that a computer's security
has been compromised. Root kits may include replacements for system
binaries so that it becomes impossible for the legitimate user to
detect the presence of the intruder on the system by looking at process
tables.
Leet -- An English pidgin that helps to obscure hacker discussions and
web sites, and paradoxically simplifies the location of resources in
public search engines for those who know the language. This is arguably
more of a social phenomenon than anything very useful for breaking
security, however. To more effectively keep conversations private,
encryption can be used.
Those who consider themselves hackers in this sense but who don't write
their own programs, and who generally don't really understand the inner
workings of the computers they gain access to, are known as script
kiddies.The term originates from the idea that no one is born with
knowledge of these things, and everyone must at some point use
"scripts" to learn. To some however the term expresses considerable
contempt, being meant to indicate that they are immature (or unable to
realize the equality lesson contained in the somewhat loaded term), and
only use "scripts" and programs created by other people, in what is
merely simple vandalism (if not outright theft).
Hacker: Security expert
There is a third meaning which is a kind of fusion of the positive and
pejorative senses of hacker. The term white hat hacker is often used to
describe those who attempt to break into systems or networks in order
to help the owners of the system by making them aware of security
flaws, or to perform some other altruistic activity. Many such people
are employed by computer security companies (such professionals are
sometimes called sneakers). Collections of these people are often
called Tiger Teams.
White hat hackers often overlap with black hat depending on your
perspective. The primary difference is that a white hat hacker claims
to observe the hacker ethic. Like black hats, white hats are often
intimately familiar with the internal details of security systems, and
can delve into obscure machine code when needed to find a solution to a
tricky problem without requiring support from a system manufacturer.
An example of a hack:Microsoft Windows ships with the ability to use
cryptographic libraries built into the operating system. When shipped
overseas this feature becomes nearly useless as the operating system
will refuse to load cryptographic libraries that haven't been signed by
Microsoft, and Microsoft will not sign a library unless the US
Government authorizes it for export. This allows the US Government to
maintain some perceived level of control over the use of strong
cryptography beyond its borders.
While hunting through the symbol table of a beta release of Windows, a
couple of overseas hackers managed to find a second signing key in the
Microsoft binaries. That is, without disabling the libraries that are
included with Windows (even overseas), these individuals learned of a
way to trick the operating system into loading a library that hadn't
been signed by Microsoft, thus enabling the functionality which had
been lost to non-US users.
Whether this is good or bad may depend on whether you respect the
letter of the law, but is considered by some in the computing community
to be a white hat type of activity. Some use the term grey hat to
describe someone on the borderline between black and white.
Anonymous
writes "The Microsoft Windows Malicious Software Removal Tool checks
Windows XP, Windows 2000, and Windows Server 2003 computers for and
helps remove infections by specific, prevalent malicious
software—including Blaster, Sasser, and Mydoom. When the detection and
removal process is complete, the tool displays a report describing the
outcome, including which, if any, malicious software was detected and
removed. The tool creates a log file named mrt.log in the %WINDIR%debug
folder.
Note The version of this tool delivered by Windows
Update runs on your computer once a month, in the background. If an
infection is found, the tool will display a status report the next time
you start your computer.
If
you would like to run this tool more than once a month, run the version
that is available from this Web page or use the version on the Malicious Software Removal Tool Web site.
System Restore is a feature of Windows XP and Windows ME and if the
virus infects the computer, it is possible that the virus could be
backed up in the system restore folder. You need to disable System
Restore and here are steps how to do it.
Windows XP
1. Select My Computer (right click).
2. Select Properties.
3. Select the System Restore tab.
4. Select "Turn off System Restore".
5. Press Apply.
6. Press OK.
7. Restart the computer.
8. Scan all hard drives and all files.
When you have scanned all files and disinfected them, please go through those steps again and turn on the system restore.
Windows ME:
1. Close all open programs.
2. On the Windows desktop.
3. Right-click My Computer.
4. Select Properties.
5. Select the Performance tab.
6. Select File System.
7. Select the Troubleshooting tab.
8. Select Disable System Restore.
9. Select OK.
10. Select Close.
11. Select Yes to restart your computer.
12. Scan all hard drives and all files.
When you have scanned all files and disinfected them, please go through those steps again and turn on the system restore.
Millenium Hacking (Hacking 2000) CyberTech Security (UHF); 1998; ASCII A general HOWTO for hacking with a goal of showing
what hacking was like at the end of the millenium.
Packets Found on an
Internet Bellovin, Steven M.; 1993; Postscript A very interesting paper describing the various
attacks, probes, and miscellaneous packets floating past AT&T Bell Labs' net
connection.
Security Problems in the
TCP/IP Protocol Suite Bellovin, Steven M.; 1989; Postscript A broad overview of problems within TCP/IP itself,
as well as many common application layer protocols which rely on TCP/IP.
There Be Dragons Bellovin, Steven M.; 1992; Postscript Another Bellovin paper discussing the various
attacks made on att.research.com. This paper is also the source for this page's title.
An Advanced 4.3BSD IPC Tutorial -
PDF Version Berkeley CSRG; date unknown; Postscript This paper describes the IPC facilities new to
4.3BSD. It was written by the CSRG as a supplement to the manpages.
NFS Tracing by Passive Network
Monitoring Blaze, Matt; 1992; ASCII Blaze, now famous for cracking the Clipper chip while at Bell
Labs, wrote this paper while he was a PhD candidate at Princeton.
An Evening with Berferd Cheswick, Bill; 1991; Postscript A cracker from Norway is "lured, endured, and
studied."
Improving the Security of
your Unix System Curry, David, SRI International; 1990; Postscript This is the somewhat well known SRI
Report on Unix Security. It's a good solid starting place for securing a Unix box.
COPS and Robbers Farmer, Dan; 1991; ASCII This paper discusses a bit of general security and then goes into
detail reguarding Unix system misconfigurations, specifically ones that COPS checks for.
A Simple Active Attack Against TCP -
PDF Version Joncheray, Laurent; 1995; Postscript This paper describes an active attack against TCP
which allows re-direction (hijacking) of the TCP stream.
Foiling the Cracker Klein, Daniel; Postscript A Survey of, and Improvements to, Password Security. Basically a
treatise on how to select proper passwords.
Thinking About Firewalls - PDF Version Ranum, Marcus; Postscript A general overview of firewalls, with tips on how to select one
to meet your needs.
ALT2600.txt Voyager; 1995; ASCII This is the FAQ from the internet news group Alt.2600. Deals with
various topics concerning hacking and phreaking.
The Hacker's Handbook Cornwall, Hugo; 1985; ASCII A book about hacking techniques, hacking intelligence,
Networks, etc.
Crash Course in X-Windows Security Unknown Author; Unknown Date; ASCII This document will help you learn about X-Windows
Security and how to make it more secure.
Things that go Bump on the net Unknown Author; Unknown Date; ASCII This is a brief look at some of the more colorful
characters in the menagerie of network security threats, with an emphasis on how they
relate to agent-based sytems.
Securing X Windows Fisher, John; 1995; ASCII This document talks about how X-windows works, Host
Authenticiation and Token Authenticiation, Xterm Vulnerablities and related security
information.
A Unix Hacking Tutorial Sir Hackalot; Unknown date; ASCII A Excellent hacking tutorial for the starting hacker or
hacker-wanna-be.
The Neophyte's Guide to Hacking Deicide; August 1993; ASCII Another guide for beginning hackers that talks about a wide
range of topics.
Hacking Kit version 2.0 Beta Invisible Evil; March 1997;ASCII A very detailed and well written guide for hackers. This
document is also fairly up to date and includes examples and source code.
IP Hijacking Laurant Joucheray; April 24, 1995; Postscript This paper discuesses the art of IP
hijacking.
Linux security archives by date Various Authors; March 1995 through October 1996; ASCII The Linux Security list-archives
from March 1995 through October 1996.
Sockets Frequently Asked Questions Vic Metcalfe; August 1996; ASCII (tarred and zipped) Socket Frequently Asked Questions
includes many examples and source code.
Common Insecurities Fail Scrutiny *Hobbit*; January 1997 ; ASCII An analysis of TCP/IP NetBIOS file-sharing protocols is
presented as well as the examination of protocol and administrative vulnerabilities.
Linux Stack OverFlows Willy Tarreau; June 1997 ; HTML An HTML page with sample utilities describing stack
overruns on Linux.
Hacking Unix Systems Red Knight; October 1989 ; ASCII An Indepth Guide to Hacking UNIX and the Concept of Basic
Networking.
Sequence Number Attacks Rik Farrow; December 1994 ; ASCII A brief article that gives an overview of TCP sequence
number attacks. (Includes rfc1948 which shows how to protecte against TCP sequence no.
attacks.)
Buffer OverWrites Various Authors; June 1997 ; Various Formats A collection of papers and utilities
concerning the art of buffer overwriting.
Backdoors Christopher Klaus; August 1997; ASCII A discussion of many common backdoors and ways to
check for them.
Them and Us Paul Taylor; June 1997; ASCII Chapter 6 of Paul Taylor's Hacker Book which talks about
some of the ethics and boundaries of hacking.
The Design of a Secure Internet Gateway Bill Cheswick; Unknown Date; Postscript This paper describes an internet gateway
configuration that helps protect the internal network even if an external machine is
compromised.
Some Problems with the FTP Protocol David Sacerdote; April 1996; ASCII Discusses problems with the File Transfer Protocol, a
failure of common implementations, and suggestions for repair.
Psychotic's Unix Bible Virtual Circuit; Unknown Date; Zipped An excellent Unix resource to have. The Unix Bible
contains and illustrates many Unix commands and their syntaxes.
The interaction of SSH and X11 Ulrich Flegel; September 1997; Postscript Thoughts concerning the security of SSH in
conjunction with X11.
Beginners Guide to Hacking Phantom; October 1997; ASCII An excellent guide with examples and text discussing getting
access, hacking root, covering tracks, and much more.
Spaces membership is designed for individuals 13 years of age or older.
As a Member you will uphold this Code of Conduct, and are liable for all activities and content you post.
Prohibited Uses
Violations
of the MSN Spaces Code of Conduct may result in the termination of
access to MSN Spaces services or deletion of content without notice.
You
will not upload, post, transmit, transfer, disseminate, distribute, or
facilitate distribution of any content, including text, images, sound,
data, information, or software, that:
incites,
advocates, or expresses pornography, obscenity, vulgarity, profanity,
hatred, bigotry, racism, or gratuitous violence.
misrepresents the source of anything you post, including impersonation of another individual or entity.
provides or create links to external sites that violate this Code of Conduct.
is intended to harm or exploit minors in any way.
is designed to solicit, or collect personally identifiable information
of any minor (anyone under 18 years old), including, but not limited
to: name, email address, home address, phone number, or the name of
their school.
invades anyone's privacy by attempting to harvest,
collect, store, or publish private or personally identifiable
information, such as passwords, account information, credit card
numbers, addresses, or other contact information without their
foreknowledge and willing consent.
is illegal or violates any local and national laws that
apply to your location; including but not limited to child pornography,
illegal drugs, copyright material and intellectual property not
belonging to you.
is intended to threaten, stalk, defame, defraud,
degrade, victimize, or intimidate an individual or group of individuals
for any reason; including on the basis of age, gender, disability,
ethnicity, sexual orientation, race, or religion; or to incite or
encourage any one else to do so.
intends to harm or disrupt another user's computer or
would allow others to illegally access software or bypass security on
Web sites, or servers, including but not limited to spamming.
attempts to impersonate a Microsoft employee, agent, manager, host, another user, or any other person though any means.
Termination and Cancellation
Microsoft
reserves the right, at its sole discretion, to review and remove
user-created services and content at will and without notice, and
delete postings or ban participants that are deemed objectionable.
Rights and Responsibilities
We
encourage our Members to not share information that others could use to
harm you, and for parents to be aware of and help exercise control over
content posted by and activities of their children to keep them safe
online.
Microsoft is not responsible for the content or
activities in any user-created MSN Space. The decision to view or
engage all content is yours and we advise you to use your judgment.
Microsoft
reserves the right to amend or change the Code of Conduct at any time
without notice, and encourage you to periodically review these
guidelines to ensure you are in compliance.
Thank you for joining MSN Spaces and honoring this Code of Conduct!
Scan
the net for shared PCs through NetBios.Legion gives you access without
a trojan. Scan and see for yourself how easy it is to access a PC •CGI/Bug Scanners
TCS is propably the best tool to scan for Exploits and known bugs.Scan your or someone else server ,fast ,for 518 bugs The best Exploit scanner ! •CGI/Bug Scanners
Brutus
is all you ever needed from a brute force attack tool. It finds
passwords for websites ftps and any shell that has a pass. Set the
details carefully ! •Brute Forcers
NetView is similar to above but it also has a brute forcer ! подобно к вышеуказанному но оно также имеет brute forcer •CGI/Bug Scanners
SuperScan ,the best net scan tool.Provides you port details! •IP Scanners
The most famous brute forcer similar to above. •Brute Forcers
Microsoft Windows AntiSpyware (Beta) is a security technology that
helps protect Windows users from spyware and other potentially unwanted
software. Known spyware on your PC can be detected and removed. This
helps reduce negative effects caused by spyware, including slow PC
performance, annoying pop-up ads, unwanted changes to Internet
settings, and unauthorized use of your private information. Continuous
protection improves Internet browsing safety by guarding more than 50
ways spyware can enter your PC. Participants in the worldwide SpyNet™
community play a key role in determining which suspicious programs are
classified as spyware. Microsoft researchers quickly develop methods to
counteract these threats, and updates are automatically downloaded to
your PC so you stay up to date
In May/June of 2000, we conducted a survey of 1200 Nmap users from the nmap-hackers mailing list to determine their favorite security tools. Each respondant could list up to 5.
I was so impressed by the list they created that I am putting the top 50 up here where everyone can benefit from them. I think anyone in the security field would be well advised to go over the list and investigate any tools they are unfamiliar with. I also plan to point newbies to this page whenever they write me saying "I do not know where to start".
Respondants were allowed to list open source or commercial tools on any platform. Commercial tools are noted as such in the list below.
Note that many of the descriptions in this list were taken from the Debian package descriptions, the Freshmeat descriptions, or from the home pages of the application. I didn't count any votes for Nmap because the survey was taken on an Nmap mailing list.
Without further ado, here is the list (starting with the most popular):
Description: Remote network security auditor, the client The Nessus Security Scanner is a security auditing tool. It makes possible to test security modules in an attempt to find vulnerable spots that should be fixed. . It is made up of two parts: a server, and a client. The server/daemon, nessusd, is in charge of the attacks, whereas the client, nessus, interferes with the user through nice X11/GTK+ interface. . This package contains the GTK+ 1.2 client, which exists in other forms and on other platforms, too.
Note: This is an unofficial site Description: TCP/IP swiss army knife A simple Unix utility which reads and writes data across network connections using TCP or UDP protocol. It is designed to be a reliable "back-end" tool that can be used directly or easily driven by other programs and scripts. At the same time it is a feature-rich network debugging and exploration tool, since it can create almost any kind of connection you would need and has several interesting built-in capabilities.
Description: A powerful tool for network monitoring and data acquisition This program allows you to dump the traffic on a network. It can be used to print out the headers of packets on a network interface that matches a given expression. You can use this tool to track down network problems, to detect "ping attacks" or to monitor the network activities.
Description: flexible packet sniffer/logger that detects attacks Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba.
Description: SAINT (Security Administrator's Integrated Network Tool) is a security assesment tool based on SATAN. Features include scanning through a firewall, updated security checks from CERT & CIAC bulletins, 4 levels of severity (red, yellow, brown, & green) and a feature rich HTML interface.
Description: Network traffic analyzer Ethereal is a network traffic analyzer, or "sniffer", for Unix and Unix-like operating systems. It uses GTK+, a graphical user interface library, and libpcap, a packet capture and filtering library.
Description: Portscan detection daemon PortSentry has the ability to detect portscans(including stealth scans) on the network interfaces of your machine. Upon alarm it can block the attacker via hosts.deny, dropped route or firewall rule. It is part of the Abacus program suite. . Note: If you have no idea what a port/stealth scan is, I'd recommend to have a look at http://www.psionic.com/products/portsentry.html before installing this package. Otherwise you might easily block hosts you'd better not(e.g. your NFS-server, name-server, ...).
Description: A suite of powerful for sniffing networks for passwords and other information. Includes sophisticated techniques for defeating the "protection" of network switchers.
Note: Depending on usage, this tool may have expensive licensing fees associated with it. Description: A file and directory integrity checker. Tripwire is a tool that aids system administrators and users in monitoring a designated set of files for any changes. Used with system files on a regular (e.g., daily) basis, Tripwire can notify system administrators of corrupted or tampered files, so damage control measures can be taken in a timely manner.
Note: This tool costs significant $$$ to use, and does not come with source code. A powerful demo version is available for testing. Description: Another popular commercial scanner
Description: hping2 is a network tool able to send custom ICMP/UDP/TCP packets and to display target replies like ping does with ICMP replies. It handles fragmentation and arbitrary packet body and size, and can be used to transfer files under supported protocols. Using hping2, you can: test firewall rules, perform [spoofed] port scanning, test net performance using different protocols, packet size, TOS (type of service), and fragmentation, do path MTU discovery, tranfer files (even between really Fascist firewall rules), perform traceroute-like actions under different protocols, fingerprint remote OSs, audit a TCP/IP stack, etc. hping2 is a good tool for learning TCP/IP.
Description: The Security Auditor's Research Assistant (SARA) is a third generation security analysis tool that is based on the SATAN model which is covered by the GNU GPL-like open license. It is fostering a collaborative environment and is updated periodically to address latest threats.
Description: packet sniffer and monitoring tool sniffit is a packet sniffer for TCP/UDP/ICMP packets. sniffit is able to give you very detailed technical info on these packets (SEC, ACK, TTL, Window, ...) but also packet contents in different formats (hex or plain text, etc. ).
Description: Security Auditing Tool for Analysing Networks This is a powerful tool for analyzing networks for vulnerabilities created for sysadmins that cannot keep a constant look at bugtraq, rootshell and the like.
Description: IP Filter is a TCP/IP packet filter, suitable for use in a firewall environment. To use, it can either be used as a loadable kernel module or incorporated into your UNIX kernel; use as a loadable kernel module where possible is highly recommended. Scripts are provided to install and patch system files, as required.
Description: IP packet filter administration for 2.4.X kernels Iptables is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. The iptables tool also supports configuration of dynamic and static network address translation.
Description: Firewalking is a technique developed by MDS and DHG that employs traceroute-like techniques to analyze IP packet responses to determine gateway ACL filters and map networks. Firewalk the tool employs the technique to determine the filter rules in place on a packet forwarding device. The newest version of the tool, firewalk/GTK introduces the option of using a graphical interface and a few bug fixes.
Note: No source code is included (except in research version) and there is a $100 registration fee. Description: L0phtCrack is an NT password auditting tool. It will compute NT user passwords from the cryptographic hashes that are stored by the NT operation system. L0phtcrack can obtain the hashes through many sources (file, network sniffing, registry, etc) and it has numerous methods of generating password guesses (dictionary, brute force, etc).
Description: Advanced packet sniffer and connection intrusion. Hunt is a program for intruding into a connection, watching it and resetting it. . Note that hunt is operating on Ethernet and is best used for connections which can be watched through it. However, it is possible to do something even for hosts on another segments or hosts that are on switched ports.
Note: The ssh.com version cost money for some uses, but source code is available. Description: Secure rlogin/rsh/rcp replacement (OpenSSH) OpenSSH is derived from OpenBSD's version of ssh, which was in turn derived from ssh code from before the time when ssh's license was changed to be non-free. Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It is intended as a replacement for rlogin, rsh and rcp, and can be used to provide rdist, and rsync with a secure communication channel.
Description: Wietse Venema's TCP wrappers library Wietse Venema's network logger, also known as TCPD or LOG_TCP. . These programs log the client host name of incoming telnet, ftp, rsh, rlogin, finger etc. requests. Security options are: access control per host, domain and/or service; detection of host name spoofing or host address spoofing; booby traps to implement an early-warning system.
Description: display network usage in top-like format ntop is a Network Top program. It displays a summary of network usage by machines on your network in a format reminicent of the unix top utility. . It can also be run in web mode, which allows the display to be browsed with a web browser.
Description: These are utilities that virtually all UNIX boxes already have. In fact, even Windows NT has them ( but the traceroute command is called tracert ).
Note: This is an unofficial download site. Description: The NetBIOS Auditing Tool (NAT) is designed to explore the NETBIOS file-sharing services offered by the target system. It implements a stepwise approach to gather information and attempt to obtain file system-level access as though it were a legitimate local client.
Note: Source code was once freely available but I do not know if this is still the case. Some usage may cost money. Description: A commercial sniffing application for creating intrusion detection systems. Source code was at one time available, but I do not know if that is still the case.
Description: Mails anomalies in the system logfiles to the administrator Logcheck is part of the Abacus Project of security tools. It is a program created to help in the processing of UNIX system logfiles generated by the various Abacus Project tools, system daemons, Wietse Venema's TCP Wrapper and Log Daemon packages, and the Firewall Toolkit� by Trusted Information Systems Inc.(TIS). . Logcheck helps spot problems and security violations in your logfiles automatically and will send the results to you in e-mail. This program is free to use at any site. Please read the disclaimer before you use any of this software.
Description: A very powerful scripting language which is often used to create "exploits" for the purpose of verifying security vulnerabilities. Of course, it is also used for all sorts of other things.
Description: grep for network traffic ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular expressions to match against data payloads of packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP, SLIP and null interfaces, and understands bpf filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.
Description: A GTK based network "swiss-army-knife" Cheops gives a simple interface to most network utilities, maps local or remote networks and can show OS types of the machines on the network.
Description: Vetescan is a bulk vulnerability scanner which contains programs to check for and/or exploit many remote network security exploits that are known for Windows or UNIX. It includes various programs for doing different kinds of scanning. Fixes for vulnerablities are included along with the exploits.
Note: Commercial product with no source code available. A demo binary is available for testing. Description: A commercial security scanner by the great guys at eeye.
Description: Routines for the construction and handling of network packets. libnet provides a portable framework for low-level network packet writing and handling. . Libnet features portable packet creation interfaces at the IP layer and link layer, as well as a host of supplementary functionality. Still in it's infancy however, the library is evolving quite a bit. Additional functionality and stability are added with each release. . Using libnet, quick and simple packet assembly applications can be whipped up with little effort. With a bit more time, more complex programs can be written (Traceroute and ping were easily rewritten using libnet and libpcap).
Description: Crack 5 is an update version of Alec Muffett's classic local password cracker. Traditionally these allowed any user of a system to crack the /etc/passwd and determine the passwords of other users (or root) on the system. Modern systems require you to obtain read access to /etc/shadow in order to perform this. It is still a good idea for sysadmins to run a cracker occasionally to verify that all users have strong passwords.
Description: CIS is a free security scanner written and maintained by Cerberus Information Security, Ltd and is designed to help administrators locate and fix security holes in their computer systems. Runs on Windows NT or 2000. No source code is provided.
Description: Swatch was originally written to actively monitor messages as they were written to a log file via the UNIX syslog utility. It has multiple methods of alarming, both visually and by triggering events. The perfect tools for a master loghost. This is a beta release of version 3.0, so please use it with caution. The code is still slightly ahead of the documentation, but examples exist. NOTE: Works flawlessly on Linux (RH5), BSDI and Solaris 2.6 (patched).
Description: The OpenBSD project produces a FREE, multi-platform 4.4BSD-based UNIX-like operating system. Our efforts place emphasis on portability, standardization, correctness, security, and cryptography. OpenBSD supports binary emulation of most programs from SVR4 (Solaris), FreeBSD, Linux, BSDI, SunOS, and HPUX.
Description: The Nemesis Project is designed to be a commandline-based, portable human IP stack for UNIX/Linux. The suite is broken down by protocol, and should allow for useful scripting of injected packet streams from simple shell scripts.
Description: List open files. Lsof is a Unix-specific diagnostic tool. Its name stands for LiSt Open Files, and it does just that. It lists information about any files that are open by processes current running on the system. The binary is specific to kernel version 2.2
Description: The LIDS is an intrusion detection/defense system in the Linux kernel. The goal is to protect linux systems against root intrusions, by disabling some system calls in the kernel itself. As you sometimes need to administrate the system, you can disable LIDS protection.
Description: Interactive Colorful IP LAN Monitor IPTraf is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others. . Note that since 2.0.0 IPTraf requires a kernel >= 2.2
Description: iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP and ICMP traffic. iplog 2.0 is a complete re-write of iplog 1.x, resulting in greater portability and better performance. iplog 2.0 contains all the features of iplog 1.x as well as several new ones. Major new features include a packet filter and detection of more scans and attacks. It currently runs on Linux, FreeBSD, OpenBSD, BSDI and Solaris. Ports to other systems, as well as any contributions at all, are welcome at this time.
Description: Fragrouter is aimed at testing the correctness of a NIDS,according to the specific TCP/IP attacks listed in the Secure Networks NIDS evasion paper. [2] Other NIDS evasion toolkits which implement these attacks are in circulation among hackers or publically available, and it is assumed that they are currently being used to bypass NIDSs
Note: A couple of the OS detection tests in Queso were later incorporated into Nmap. A paper we wrote on OS detection is available here. Description: Guess the operating system of a remote machine by looking in the TCP replies.
Description: The GNU Privacy Guard (GnuPG) is a complete and free replacement for PGP, developed in Europe. Because it does not use IDEA or RSA it can be used without any restrictions. GnuPG is a RFC2440 (OpenPGP) compliant application. PGP is the famous encryption program which helps secure your data from eavesdroppers and other risks.
~~R3c~~
R3C is a client/server program, which allows you to control remote computers if server part is running there. Server part is actually a trojan, when run it will install itself in the system and will start when the computer starts (you can remove it using client program remotely). Server is completely invisible to the user (Win9letely invisible to the user (Win9X task manager doesn't show it) and is VERY small. Have you seen any trojans smaller than 30 kb? However, it is very powerful. Client has an integrated scanner, so you can search networks for the server. Using these tools you can remote administer computers on your own network, or use for fun.
When you use large trojans, it is very likely that user notices that 400+ kb monster in his memory, but tiny 28 kb R3C server looks like orinary Microsoft's process.
It is free, so use it at your own risk. I am not responsible for anything you do using this program.
The CISSP Certification examination consists of 250 multiple choice questions. Candidates have up to six hours to complete the examination. The CISSP examination will cover the 10 Information System Security domains in the Common Body of Knowledge (CBK):
* Access Control Systems and Methodology * Applications and Systems Development * Business Continuity Planning * Cryptography * Law, Investigation and Ethics * Operations Security * Physical Security * Security Architecture and Models * Security Management Practices * Telecommunications, Network and Internet Security
SuperScan 4.0 is for Windows 2000 and XP only. Administrator privileges are required to run the program. It will not run on Windows 95/98/ME.
Superior scanning speed
Support for unlimited IP ranges
Improved host detection using multiple ICMP methods
TCP SYN scanning
UDP scanning (two methods)
IP address import supporting ranges and CIDR formats
Simple HTML report generation
Source port scanning
Fast hostname resolving
Extensive banner grabbing
Massive built-in port list description database
IP and port scan order randomization
A selection of useful tools (ping, traceroute, Whois etc)
Extensive Windows host enumeration capability
Microsoft Antispyware Beta is updated on 16th Feb, 2005.
It is better to update Beta release from the following
link
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Minimum system requirements for Windows AntiSpyware (Beta):
•
Microsoft Internet Explorer 6.0 or higher
•
A 300 MHz or faster processor with at least 64 MB of RAM
•
Microsoft Windows 2000, Windows XP, or Windows Server™ 2003
•
At least 10 MB of available free space on your hard disk
•
Internet access with at least a 28.8 Kbps connection to use SpyNet™
1. ISA Server 2004 Standard Edition Service Pack 1 consists of two components: one to update the ISA Server computer, and the other to update computers running ISA Server 2004 Firewall Client software. To update Firewall client computers, do one of the following:
* Install the Firewall Client update included in the service pack download on each client computer.
* Update Firewall client computers from the Firewall Client Share on the ISA Server computer. You can do this by one or two methods:
o Run the Update.bat script located in the Firewall Client Share (usually \\ISA\Mspclnt\Webinst\Update.bat).
o Run the msiexec command in the Firewall Client Share, as follows. At the command prompt, type: msiexec /feumsv \\ISA\Mspclnt\MS_FWC.msi.
2. Ensure that the Windows Installer service is enabled before installing Service Pack 1.
3. To uninstall ISA Server 2004 Standard Edition Service Pack 1 after installation, you must install Microsoft Windows Installer 3.0 before installing the service pack. You can install this application on the ISA Server computer, and on client computers running Firewall Client software. Download this application from Windows Installer 3.0 Redistributable.
4. During uninstall, the service pack installation source files are required (for example, the CD or the network location of the ISA Server Standard Edition installation files).
5. The packet filter driver (fweng) that applies the firewall policy may be stopped briefly during uninstall. We recommended that you physically disconnect the ISA Server computer from untrusted networks before uninstalling Service Pack 1.
6. After running an unattended install of ISA Server 2004 Service Pack 1 (or running Repair) on a computer running Windows 2000 Server, error messages related to performance counters (Event ID 3009) may appear in the Event Viewer. These can be ignored.
7. Before uninstalling Service Pack 1, disable the Routing and Remote Access service.
Famatech is proud to present our new Radmin Viewer 3.0 beta version available for download! This version has many new features, a smarter interface, faster speed and even tighter security. Radmin 3.0 is the most up-to-date remote control solution combining all the features necessary for network management, remote support and helpdesk. Currently you can download this beta for testing.
Famatech announces the release of version 2.2 of Remote Administrator (Radmin).
Radmin 2.2
is a solution to ever growing requirements and escalating security threats. This new version ensures the secure usage of Radmin even if a user is unconcerned about Radmin's security settings.
Radmin 2.2 includes new security module where the following improvements were implemented:
1. To prevent incorrect Radmin server configurations, it now cannot be used without a password or NT security. Blank password installs are no longer possible.
2. Smart protection from password-guessing. This protection includes such features as password anti-guessing security delays, banning IP adresses with excessive number of password guess attempts, etc.
3. Server password protection. Now the server software actively protects its settings, which are stored in the system registry. Only a user with administrator privileges can access this registry branch.
4. New, fully OS-integrated NT security system with NTLMv2 support. Now permissions for Radmin connections can be given to users from trusted domains and Active Directories. Also, our users will see a familiar security GUI from the Windows OS series.
5. Radmin server now starts as a service only on Windows NT/2000/XP, which improves security.
Outils 
Download: Microsoft Malicious Software Removal Tool 1.10 (980 KB)
Microsoft Anti Spyware (6.54 MB) 
