Bookmarks List |
| Display Mode : One Cat | | by Cats Grouped | by Alpha Not Grouped |
<< Start < Prev [1] 2 3 4 Next > End >>
Results: 1 - 50 of 166
|
|
|
| 4G8  |
4G8 is a sniffer for switched networks. It utilizes ARP cache poisoning, packet capture and packet reconstruction techniques, 4G8 works with nearly all TCP, ICMP and UDP IPv4 traffic flows.
|
947 |
|
| |
|
|
|
| Achilles proxy |
Achilles is an intercepting HTTP/HTTPS proxy that can be used for hacking/pentesting web-applications. This tool is for Windows-platform and is simple and usable.
|
917 |
|
| adm.freelsd.net |
This is the page of FreeLSD, a member of ADM hacking group. I listed this page mainly because it had some resources about programming that could be of interest to some people. It contains other stuff too, but it appears FreeLSD promotes safe programm |
838 |
|
| Advanced SQL injection paper (ngssoftware) |
NGSSoftware's SQL injection papers. The first paper focuses on ASP/MS-SQL issues and is quite throughtout with the details. The second paper is an addennum to the first, and clarifies some issues that was not perhaps that clearly explained in the fir |
1'008 |
|
| Airsnort |
AirSnort is a wireless LAN (WLAN) tool which recovers encryption keys. AirSnort operates by passively monitoring transmissions, computing the encryption key when enough packets have been gathered. This exploits the weaknesses in the Wired Equivalent |
744 |
|
| All WHOIS |
|
656 |
|
| anujseth.com crypto-page |
This page is an effort to provide a one-stop-shop for all your cryptography/security related queries. This site has lots of detailed information on topics ranging from the history of cryptography to the latest of crypto algorithms and products to hit |
824 |
|
| Application Security Blog |
|
189 |
|
| astalavista.box.sk |
Astalavista is a search engine for exploits and cracks. Especially the exploit part is good for security/pentesters. However, a word of warning, as with Packetstorm, beware of trojanized code. Same warning goes with cracks, those can contain virii so |
854 |
|
| Attacking the DNS protocol |
This paper explains pretty well some of the attacks plaguing the DNS protocol. Attacking DNS for zone transfers, cache poisoning and so on might not be the most common practice in audits, but it is good to be aware of these kind of attack possibiliti |
968 |
|
| |
|
|
|
| badc0ded |
This site focuses deeply on exploiting buffer overflows and other vulnerabilities in code. Very good read if you are a programmer and might get one to understand buffer overflows even if the papers are quite technical. |
892 |
|
| Basic cryptanalysis |
This manual is intended as practice material for basic cryptanalysis, originally developed for the army, but apparently it has been available to the public for some time already. This is old material, but should give you some insights about cryptanal |
955 |
|
| Bigadmin portal |
The BigAdmin portal SUN has, is focusing on Solaris security. They have FAQs, How-To's, discussion areas, ready-made scripts, additional resource and lots more. Worth checking out if you're managing Solaris boxes. From here you also know of latest vu |
716 |
|
| Binary Revolution  |
These are the creators of the radio show Binrev, HackTV, and <BR> magazine. |
537 |
|
| Blindfolded SQL injection |
This whitepaper explains how it is not always necessary to have descriptive error-messages to perform successful SQL injection attacks. It is clean and written well. |
874 |
|
| bsd airtools |
BSD-airtools is a package that provides a toolset for wireless 802.11b auditing. Namely, it currently contains a bsd-based wep cracking application, called weputils (as well as kernel patches for NetBSD, OpenBSD, and FreeBSD). It also contains a curs |
1'154 |
|
| |
|
|
|
| CGI/1.1 specifications |
This site has the specification for CGI/1.1 that helps understanding how the webserver & CGI-scripts interact with each others and what can be done and what not. Might help understand some attack-points on web-applications.
|
726 |
|
| chkrootkit |
Chkrootkit is a rootkit discovery tool. It can at the moment detect 44 rootkits, worms & LKMs. If you suspect you have been hacked and someone is using your system, check this tool out. This tool works on several unix platforms.
|
699 |
|
| Cross site scripting FAQ |
This paper is about Cross Site Scripting and explains to the reader what an XSS is about and why it is dangerous, giving some examples. This is a good briefer into the XSS-attacks. |
909 |
|
| Cryptcat |
A netcat alternative. |
760 |
|
| cve.mitre.org |
CVE aims to standardize the names for all publicly known vulnerabilities and security exposures. It tries to make it easier to share data across separate vulnerability databases and security tools. In the sense if many products use the same CVE entri |
621 |
|
| |
|
|
|
| detection of sql injection and cross-site scripting |
This article goes through creating snort-rules that attempt to detect possible SQL injection attacks against a web-application. It also explains how to detect CSS attacks, usually meaning injecting HTML code into the fields, that could result in code |
693 |
|
| dhcping |
DHCPing is a lightweight and featureful security tool written in PERL and designed to test the security of various flavors of DHCP implementations around. Many options allow DHCPing users to craft malicious DHCP/BOOTP packets "a la HPING"
|
830 |
|
| DNS protocol specifications RFC882 |
These RFC-specifications dig into DNS inner workings. In my opinion it would be good general knowledge to know how DNS works as it is quite centric in todays networking. It could also give security-related & pentest-related tips how one should procee |
674 |
|
| DNS protocol specifications RFC883 |
These RFC-specifications dig into DNS inner workings. In my opinion it would be good general knowledge to know how DNS works as it is quite centric in todays networking. It could also give security-related & pentest-related tips how one should procee |
693 |
|
| DSN 411 |
|
654 |
|
| dsniff |
Dsniff is a collection of tools for network auditing and penetration testing. Passively monitor a network for interesting data (passwords, e-mail, files, etc.). Facilitate the interception of network traffic normally unavailable to an attacker (e.g, |
815 |
|
| |
|
|
|
| ethereal |
Ethereal is a free network protocol analyzer for Unix and Windows. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, viewing summary and detail information for each packet |
735 |
|
| ettercap |
Ettercap NG is a network sniffer/interceptor/logger for switched LANs. It uses ARP poisoning and the man-in-the-middle technique to sniff all the connections between two hosts. Features character injection in an established connection.
|
822 |
|
| Evidence gathering and archiving best practices |
This rfc attempts to bring the common best practices for evidence gathering & archiving in incident response & forensics situations. There is plenty of ir/forensics related stuff out there, but this might be an interesting piece to read. |
740 |
|
| Exploiting cisco routers (part 1) |
This article-serie shows some methods of enumerating and exploiting Cisco routers. Good read for those that require network device knowledge, but has never had the chance to experiment. |
949 |
|
| Exploiting cisco routers (part 2) |
This article-serie shows some methods of enumerating and exploiting Cisco routers. Good read for those that require network device knowledge, but has never had the chance to experiment. |
891 |
|
| |
|
|
|
| fake ap |
Black Alchemy's Fake AP generates thousands of counterfeit 802.11b access points. Hide in plain sight amongst Fake AP's cacophony of beacon frames. As part of a honeypot or as an instrument of your site security plan, Fake AP confuses Wardrivers, Net |
1'300 |
|
| Fingerprinting port 80 attacks |
In these articles is shown what actual attacks would look like in the web-logs and gives some examples what to expect. Why I posted these is that they give also clues of possible attack methods. |
888 |
|
| Fingerprinting port 80 attacks (part 2) |
In these articles is shown what actual attacks would look like in the web-logs and gives some examples what to expect. Why I posted these is that they give also clues of possible attack methods. |
854 |
|
| Fire Forensics CD |
FIRE is a portable bootable cdrom based distribution with the goal of providing an immediate environment to perform forensic analysis, incident response, data recovery, virus scanning and vulnerability assessment. This is a living project and might b |
793 |
|
| Firewalk |
Firewalk is an active reconnaissance network security tool that attempts to determine what layer 4 protocols a given IP forwarding device will pass. Firewalk works by sending out TCP or UDP packets with a TTL one greater than the targeted gateway. To |
832 |
|
| Firewalls complete |
Secinf.net offers the Firewalls Complete book online. This covers pretty much all about firewalls and is very good read if you need to learn how to create rulesets and find out the best topologies for your own projects.
|
749 |
|
| Forensic analysis of a live linux system (part 1) |
In this article serie is explained some of the methodologies how to analyse a running linux system properly, including the building of a toolbox for the job. |
763 |
|
| Forensic analysis of a live linux system (part 2) |
In this article serie is explained some of the methodologies how to analyse a running linux system properly, including the building of a toolbox for the job. |
621 |
|
| Fragroute |
Fragroute is an IDS stress testing tool and verification tool. It has a rulebase it acts on and sends "attacks" against specified hosts. IDSes should pick these up and generate alerts and so on.
|
578 |
|
| |
|
|
|
| Gera insecure programming |
This site also focuses deeply into programming errors and how to exploit those. As I'm not a programmer, I can't provide much more information, but that it feels pretty good, as badc0ded. |
675 |
|
| Google search strings assist in auditing |
This site contains loads of google search strings that can reveal sensitive information on a site. A nice addition to put in use, maybe some day there will be a tool automating these. |
933 |
|
| |
|
|
|
| Hacking guide (roelof temmingh) |
Roelof Temmingh's excellent "paper" of hacking techniques, I recommend reading this one. It contains a bit humor and pretty nice description of what one would really do when h4x0ring/pentesting away. |
1'744 |
|
| Hackproofing ibm db2 |
This presentation gives you an overview of the security-measures you have to take to make your IBM DB2 installation more secure. |
543 |
|
| Handbook of applied cryptography |
A recommended crypto-book is available for download as e-book, for free! This is a must-read book and I recommend you get it. Perhaps now I finally get to read it :) Paper-back would be much nicer, thought. This book is intended as a reference for pr |
722 |
|
| Honeynet Project |
The Honeynet Project aims to discovering ways blackhats intrude into systems, including the tools used & tactics after getting foothold of a system. This information is then shared with the community so that better defenses can be invented. They also |
508 |
|
| How to create a sniffing cable |
This page explains in detail how one can create a receive-only cable that can be used for example in IDSes for added protection. It means the IDS never returns anything because it can't, if such a cable is installed. |
703 |
|
| Hping 3 |
hping is a command-line oriented TCP/IP packet assembler/analyzer. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
|
580 |
|
| HTML specifications |
This page hosts the HTML 4.0 specifications. Might be useful read if you need to find out how you could try to exploit html-based pages and other things. Atleast it has been helpful when building pages or trying to find ways how to do XSS attacks.
|
505 |
|
|
|
<< Start < Prev [1] 2 3 4 Next > End >>
Results: 1 - 50 of 166
|
by Alpha Grouped