D90 Tools & Techniques

"So I can remember how I did stuff in the future…"

• Home
• About

Topics

• Auditing
• General Security
• Linux
• Networking
• Sysadmin Tools
• Uncategorized
• Web Hosting Tools
  • Lighttpd
  • Squid
• Windows

Archives

• April 2010
• February 2010
• January 2010
• December 2009
• October 2009
• September 2009
• August 2009
• July 2009
• June 2009
• May 2009
• March 2009
• February 2009
• December 2008
• November 2008
• October 2008
• July 2008
• May 2008
• April 2008
• January 2008
• December 2007
• October 2007
• September 2007

Handy References

• (Draft)
• SED One Liners
• Advanced Bash
• Advaned Bash (D90 Archive)
• ASCII Table
• Windows ALT Codes
• XHTML Codes
• CSS Codes
• SQL Reference
• Country / Language Codes
• CISCO IOS Reference

Search

Quick Reference Posts

• Favorite Commands
• Terms & Speeds
• Pre-press & Media
• Security Articles

Handy Services

• Whois
• IP Lookup
• MAC Address Lookup
• DIG
• Internet Traceroute
• MX Record Lookup
• File Transfer Speed
• Mac Address Lookup
• chmod calculator
• Internet Latency
• Akami Internet Visualization
• Unit Convertor
• Reverse Hash Database

Some Favorite Sites

• Schneier on Security
• Krebs on Security
• MalwareInt Blog
• CSO Online
• The Register
• Internet Storm Center
• Chronology of Data Breaches
• SANS Forensics Blog

More Favorite Posts

• Baloney Detector
• Default Passwords
• Data Center Naming

How do I do that again?

• Interpreting TOP
• Yahoo's Website Optimization Rules

Security Resources

• Professional Security Testers
• Open Source Security Test Methodology
• ISO 17799
• NIST Security Assessment Framework
• CERT OCTAVE Assessment Framework
• NSA System Hardening Guidelines
• Microsoft Baseline Security Analyzer, Other Tools, and Frameworks
• WebGoat Web Vulnerability Practice
• OWASP Web Application Vulnerabilities
• CyberCrime.gov Updated list of incidents
• Information Systems Audit Methodology
• Terry Ritter's Guideline for safe PC Banking

Forensic Resources

• Sleuth Kit

More Security Resources

• Typo Squatting

General Security

Seven Principles for Security Systems

Thursday, February 11th, 2010

This is a very good report: Understanding scam victims: seven principles for systems security Frank Stajano, Paul Wilson August 2009 Archived here. While reading the example scams in the article, it becomes clear much like corporate fraud they depend on collusion. A team pulling off a social hack is far stronger then a single person [...]

Atlantic article on Cyber Attacks

Thursday, February 11th, 2010

It is well-funded and pursued by mature individuals and groups of professionals with deep financial and technical resources, often with local government (or other countries’) toleration if not support. It is already responsible for billions of dollars a year in losses, and it is growing and becoming more capable. We have largely ignored it, and [...]

Rootkit Hunters

Wednesday, February 10th, 2010

A few resources for finding rootkits: Linux: Rootkit Hunter Chkrootkit Windows: RootkitRevealer

Card Skimmers

Saturday, January 30th, 2010

Photos from Mikko Hypponen, originally linked from Kreb’s On Security: Note how close the arrows are to the slot, that’s because there’s a skimmer inserted: Battery pack, pinhole camera to watch what PIN is typed in, and cell phone which would send the information from the card swipe + PIN as a text message live [...]

Failed Keyboard Logging…

Friday, March 6th, 2009

Interesting failed attempt using nanny software: http://www.theregister.co.uk/2009/03/06/sumitomo_scam_sentencing/ Can you call someone a hacker / cracker who uses commercial off the shelf software?  I wonder what the result would have been using either a custom written keylogger (to avoid AV signature hits), or if they had installed physical keyloggers on their keyboards?  In any case, interesting [...]

Passwords and Data Mining

Friday, February 27th, 2009

I believe the working assumption must be we’re under a persistent, long term attack by organized groups. This is not just organized crime, but I suspect organized criminal groups that are tolerated by states like Russia and China if not outright state sponsored.  It’s not just those old “boogey men” either — there are many [...]

Rainbow Tables

Wednesday, December 5th, 2007

Lovely   http://www.codinghorror.com/blog/archives/000949.html  Use a program like Ophcrack to launch a brute force attack using Rainbow Tables.  Rather then using bandwidth to download a Rainbow Table, and so you can customize the table with salts, extra characters, etc…get a RT Generator like the rtgen utility in the original RainbowCrack.  Ah, longing for the quaint old [...]

Security Articles

Saturday, October 20th, 2007

The post is to serve as a library for good articles on general Information Systems security. ================= Scott Berinato, October 2007 CIO Magazine This series of three articles (plus a technical write up) contain an in-depth look at a sophisticated malware enterprise revolving around a piece of malware called “Gozi.”  As an example of the [...]

D90 Tools & Techniques is proudly powered by WordPress - Designed by RFDN
Entries (RSS) and Comments (RSS)