Links from the book
STAR Chapter 1
Securities and Exchange Commission web site -
http://www.sec.gov/
Real-Time E-mail Harvesting -
http://news.softpedia.com/news/Real-time-E-mail-Harvesting-on-Twitter-111609.shtml
Maltego is an open source intelligence and forensics
application -
http://www.paterva.com/maltego/
Netcraft is an Internet services company based in
Bath, England -
http://news.netcraft.com/
Sam Spade is a network querying tool used to collect
information on remote computers -
http://preview.samSpade.org/ssw/
DNSPredict PERL script, by Jimmy Neutron, is great for
determining DNS names with Google -
http://johnny.ihackstuff.com/downloads/task,cat_view/gid,16/limit,5/limitstart,0/order,name/dir,ASC/
STAR Chapter 2
Kismet -
http://www.kismetwireless.net/documentation.shtml
SuperScan -
http://www.foundstone.com/us/resources/proddesc/superscan4.htm
Nmap -
http://nmap.org/download.html
Paratrace -
http://linux.die.net/man/1/paratrace.
Scanrand -
http://linux.die.net/man/1/scanrand
Amap -
http://freeworld.thc.org/thc-amap/
The Matrix and Nmap -
http://news.bbc.co.uk/2/hi/technology/3039329.stm -
STAR Chapter 3
My Top 5 Fav Tools -
https://cisco.hosted.jivesoftware.com/blogs/network-sheriff/2009/05/14/my-top-5-fav-recon-tools.
Hacking Web 2.0 Applications with Firefox -
http://www.securityfocus.com/infocus/1879
Firefox Plugins for Security Professionals by Chris
Schmidt -
http://weblogs.asp.net/dvravikanth/archive/2009/04/14/firefox-plugins-for-security-professionals-by-schmidt-chris.aspx
IBM Internet Security Systems -
http://www.iss.net/about/index.html
10 Best hacking and security software tools -
http://blogs.iium.edu.my/jaiz/2008/09/23/10-best-hacking-and-security-software-tools-for-linux//
Nessus Ð
http://www.nessus.org/
Nessus goes Closed License -
http://www.tenablesecurity.com/;
http://software.newsforge.com/article.pl?sid=05/10/06/1716257&tid=132&tid=78&tid=27;
http://www.nessus.org/news/data/nessus_feed_letter.pdf;
http://www.nessus.org/documentation/index.php?doc=nessus3
NeWT Pro 2.0 is a complete, commercially supported
network vulnerability scanner from Tenable which allows for scanning any target
IP address -
http://www.tenablesecurity.com/news/data/pr12.shtml
Rapid7 is a software company which provides computer
vulnerability management, risk assessment and policy compliance solutions that
help organizations understand the risk of vulnerabilities in their IT
environment and ensure their networks are not compromised Ð
http://www.rapid7.com/
NeXpose -
http://www.rapid7.com/support/faq-answer2.jsp
Microsoft Baseline Security Analyzer -
http://technet.microsoft.com/en-us/security/cc184924.aspx
Retina Vulnerability Assessment Scanner Ð
http://www.eeye.com/
Open Source Vulnerability Database (OSVDB) -
http://osvdb.org/
STAR Chapter 4
Exploit used to breach university -
http://news.cnet.com/8301-1009_3-10245815-83.html
Subseven -
http://www.sub7legends.com/
Stopping Sub7 -
http://www.crime-research.org/library/grcdos.pdf
Milw0rm.com is a database of exploits categorized by
type Ð http://milw0rm.com/
Metasploit Project is a computer security project
which provides information about security vulnerabilities and aids in
penetration testing and IDS signature development Ð
http://www.metasploit.com/
CANVAS makes available hundreds of exploits, an
automated exploitation system, and a comprehensive, reliable exploit development
framework to penetration testers and security professionals worldwide Ð
http://www.immunitysec.com/
CORE IMPACT Pro is a commercial automated penetration
testing software solution developed by Core Security Technologies which allows
the user to probe for and exploit security vulnerabilities in computer networks,
endpoints and web applications Ð
http://www.coresecurity.com/
STAR Chapter 5
Securing your logs -
http://codeidol.com/sql/network-security-hack/Windows-Host-Security/Secure-Your-Event-Logs/
Manipulate last user logged on using Lognamer tool -
http://www.e-sushi.net/files/lognamer.zip
Cleaning out the Internet Explorer cache, cookies, and
history using IEClean tool -
http://www.e-sushi.net/files/ieclean.zip
Last True Login tool -
http://www.dovestones.com/Downloads/Demos/TrueLastLogonTrial.msi
Recording users last logoff time -
http://www.dovestones.com/active-directory/true-last-logon/last-logoff.html#script
Windows Security Log -
http://www.microsoft.com/technet/archive/winntas/maintain/security/ntsecuri.mspx?mfr=true;
http://www.windowsitpro.com/Windows/Article/ArticleID/8785/8785.html;
http://technet.microsoft.com/en-us/library/Bb742436.aspx;
http://www.windowsitpro.com/Windows/Article/ArticleID/40022/40022.html;
http://technet2.microsoft.com/windowsserver/en/library/962f5863-15df-4271-9ae0-4b0412e297491033.mspx?mfr=true
Winzapper -
http://www.ntsecurity.nu/toolbox/winzapper/
STAR Chapter 6
Microsoft said .pst files are vulnerable with
passwords applied -
http://support.microsoft.com/kb/143241
Intermountain Health Care issuing visitor tags -
http://findarticles.com/p/articles/mi_qn4188/is_20041227/ai_n11495483/
National Institute of Standards and Technology (NIST)
Ð http://www.nist.gov/
CIO Pilot Best Security Practices (BSPs) Ð
http://csrc.nist.gov/groups/SMA/fasp/resources.html
SANS Security Policy Project Ð
http://www.sans.org/resources/polices/
CompTIA Ð
http://www.comptia.org/
EC-Council Ð
http://www.eccouncil.org/
International Information Systems Security
Certification Consortium or (ISC)2 Ð
http://www.isc2.rog/
SANS Ð
http://www.sans.org/
Internet Storm Center Ð
http://isc.sans.org/
STAR Chapter 7
The Honeynet Project Ð
http://www.honeynet.org/
Null Session Exploit -
http://www.governmentsecurity.org/hack_exploit_ipc_share
Null Session Vulnerability Ð
http://msdn.microsoft.com/en-us/library/ms913275(WinEmbedded.5).aspx
PGP Ð
http://www.pgp.com/
BitbLocker -
http://www.microsoft.com/windows/windows-vista/features/bitlocker.aspx
Cold Boot attacks -
http://secude.com/htm/801/en/White_Paper%3A_Cold_Boot_Attacks.htm
Snort Ð
http://www.snort.org/
Sourcefire -
http://www.sourcefire.com/
BlackIce -
http://documents.iss.net/literature/ICEcap/BlackICE_Sentry_User_Guide30.pdf
Common Vulnerabilities and Exposures Ð
http://cve.mitre.org/
IBM RealSecure Ð
http://www-935.ibm.com/services/us/index.wss/offerfamily/iss/a1029097
SonicWALL -
http://www.sonicwall.com/us/
Juniper -
http://www.juniper.net/us/en/
TippingPoint -
http://www.tippingpoint.com/
Web Applications Firewalls -
http://www.cso.com.au/article/307044/web_app_firewalls_how_evaluate_buy_implement
Enterprise Anti-virus -
http://windowsitpro.com/article/articleid/98441/enterprise-antivirus-software.html.
STAR Chapter 8
VMware leader in virtualization market -
http://www.hostreview.com/icontent/the-blog/vmware-leader-virtualization-market
Cloudburst -
http://www.syscan.org/Sg/program.html
BackTrack 4 Forensics Mode - visit
http://www.cybersec.eu/?p=128
Helix -
http://www.404techsupport.com/2009/03/17/helix-computer-security-forensics/
Belgian Federal Computer Crime Unit (FCCU) GNU/Linux
Boot CD -
http://www.forensicswiki.org/wiki/FCCU_Gnu/Linux_Boot_CD;
http://www.lnx4n6.be/;
http://www.secguru.com/link/fccu_linux_forensic_bootable_cd
Wireshark -
http://www.wireshark.org/
ZoneAlarm Pro -
http://www.zonealarm.com/
Outpost Pro Firewall -
http://www.agnitum.com/products/outpost/
Norman Personal Firewall -
http://www.norman.com/
eConceal Firewall Pro -
http://www.mwti.net/products/firewall/econceal_pro/econceal_pro.asp
Webroot Desktop Firewall -
http://www.webroot.com/En_US/consumer-products-desktopfirewall.html
InJoy Firewall -
http://www.injoy-firewall.com/
Writing a Perl script by Doug Sheppard -
http://www.perl.com/pub/a/2000/10/begperl1.html
Twitter -
http://twitter.com/
Twitter and the Swine Flu -
http://www.business-standard.com/india/news/swine-flu%5Cs-tweet-tweet-causes-online-flutter/356604/
Twitter and Iran? -
http://www.washingtonpost.com/wp-dyn/content/discussion/2009/06/17/DI2009061702232.html
Privacy and Security Issues in Social Networking -
http://www.fastcompany.com/articles/2008/10/social-networking-security.html
Online Social Networking -
http://web.pacific.edu/x4989.xml
Bluesnarf -
http://www.alighieri.org/tools/bluesnarfer.tar.gz
The Role of Bluesnarfing -
http://bluesnarf.blogspot.com/
Bluetooth Hacking Tools -
http://www.hackersenigma.com/
Bluejacking Tools website -
http://www.google.com/interstitial?url=http://www.bluejackingtools.com/
STAR Chapter 9
Infrared hotel attack -
http://www.defcon.org/html/defcon-13/dc13-speakers.html#major
WinMD5 tool -
http://www.blisstonia.com/software/WinMD5/
Breaking SSL using 200 PS3s -
http://hackaday.com/2008/12/30/25c3-hackers-completely-break-ssl-using-200-ps3s/
Echelon -
http://auscannzukus.net/;
http://www.newstatesman.com/;
http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A5-2001-0264+0+DOC+PDF+V0//EN&language=EN;
TOR Network -
https://www.torproject.org
Sniper Yagi rifle -
http://www.theregister.co.uk/2004/08/03/wi-fi_aerial_gun/
Bluetooth Yagi rifle -
http://www.wired.com/
GhostNet -
http://www.thestar.com/News/World/Article/610860
Cold Boot Attack -
http://www.boingboing.net/2008/07/19/cold-boot-encryption.html
Virtual Machine Exploit -
http://www.zdnetasia.com/news/security/0,39044215,62054876,00.htm
Cloudburst -
http://www.securityvibes.com/cloudburst-a-weaponsied-attack-on-the-cloud-benchai7-news-3003225.html
Weaponizing the Web at DEFCON 17 -
http://www.defcon.org/html/defcon-17/dc-17-speakers.html#Moyer
Taking over Voice over IP (VOIP) conversations at
DEFCON 17 -
http://www.defcon.org/html/defcon-17/dc-17-speakers.html#Beale.
The Blue Pill -
http://news.cnet.com/2100-7349_3-6102458.html
Ph-neutral Talks -
http://ph-neutral.darklab.org/talks.html
Side Channel Attacks Using Optical Sampling Of
Mechanical Energy And Power Line Leakage -
http://ph-neutral.darklab.org/talks/andrea.html
SyferLock -
http://www.syferlock.com/
Changing how humans use passwords -
http://www.cloudave.com/link/syferlock-almost-solves-the-password-security-problem
STAR Chapter 10
Spot the FED -
http://www.defcon.org/html/defcon-13/dc13-spotthefed.html
2600 -
http://www.2600.com/;
http://2600.wrepp.com/index.php
Gary McKinnon -
http://news.bbc.co.uk/2/hi/technology/4715612.stm;
http://news.bbc.co.uk/1/hi/scotland/glasgow_and_west/6360917.stm;
http://news.bbc.co.uk/1/hi/uk/6521255.stm;
http://freegary.org.uk/;
http://www.londontv.net/latestnews.htm;
http://news.bbc.co.uk/1/hi/technology/4715612.stm;
http://www.politics.co.uk/news/legal-and-constitutional/british-hacker-loses-extradition-appeal-$1238262.htm;
http://www.guardian.co.uk/world/2008/jul/27/internationalcrime.hacking;
http://www.hackervoice.co.uk/show/archive/2007/hackervoiceradio19mar2007.MP3
The HackerÕs Handbook -
http://www.textfiles.com/etext/MODERN/hhbk
Donna Hare -
http://www.examiner.com/x-2024-Denver-UFO-Examiner~y2009m1d15-Whistleblowers-evidence-of-NASA-UFO-fraud-might-kill-UK-hacker-case
PSP hack Ð
http://www.psp-hacks.com
iDefense and ZDI -
http://www.labs.idefense.com;
http://www.zerodayinitiative.com/
Adam Laurie (a.k.a. Major Malfunction) -
Dan Kaminsky -
http://www.wired.com/politics/security/news/2005/11/69573
Felix ÔFXÕ Lindner Ð
Goodwell and China Eagle -
http://www.squidoo.com/thedarkvisitor;
https://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=6164&mode=thread&order=0&thold=0
HD Moore -
http://osvdb.org/contributors
Jake Kouns Ð
Jeff Moss -
http://pcworld.about.com/news/Apr032001id43842.htm
Joanna Rutkowska -
http://www.eweek.com/article2/0,1895,2078362,00.asp
Johnny Long -
http://johnny.ihackstuff.com/
Kevin Mitnick -
http://www.kevinmitnick.com/
Stephan Northcutt -
http://www.sans.edu/directors.php
Tony Watson -
http://www.themanwhosavedtheinternet.com/;
http://www.paw.org/about.html
Wikiality -
http://en.wikipedia.org/w/index.php?title=The_Colbert_Report_recurring_elements&diff=prev&oldid=66945346;
http://en.wikipedia.org/w/index.php?title=George_Washington&diff=prev&oldid=66945427
Megyeri Bridge Naming Poll -
http://index.hu/gazdasag/magyar/megya080930/
NASA and Colbert -
http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2009/04/14/entertainment/e171111D36.DTL&type=health.
Gobbles -
http://encyclopediadramatica.com/GOBBLES
n3td3v -
http://www.securityfocus.com/news/11419
ARES Ð The International Dependability
Conference (The International Conference on Availability,
Reliability and Security) -
http://www.ares-conference.eu/conf/
Best of Open Source Security (BOSS) Conference -
http://www.bossconference.com/
BlackHat -
http://www.blackhat.com/
BlueHat -
http://technet.microsoft.com/en-us/security/cc261637.aspx
Brucon -
http://www.brucon.org/index.php/Main_Page
New Camelot Council -
http://www.newcamelotcouncil.com/indexEN.html
CanSecWest -
http://cansecwest.com/index.html;
http://cansecwest.com/dojo.html
Chaos Communication Congress (CCC) -
http://events.ccc.de/congress/2009/
Computer and Communications Security (CCS) -
http://www.sigsac.org/ccs/CCS2009/
Computer and Enterprise Investigations Conference
(CEIC) -
http://www.ceicconference.com/
Computer Forensics Show -
http://www.computerforensicshow.com/
Computer Security Institute Annual Conference (CSI) -
http://www.gocsi.com/
Computer Security Institute Security Exchange (CSI-SX
) - http://www.csisx.com/
CONFidence - http://2009.confidence.org.pl/
DeepSec In-Depth Security Conference -
https://deepsec.net/
DEFCON -
http://www.defcon.org/
DojoSec Monthly Briefings -
http://www.dojosec.com/
Ekoparty Security Conference Ð
http://www.ekoparty.com.ar/
EUSecWest London -
http://eusecwest.com/index.html
FRHACK International IT Security Conference -
http://www.frhack.org/
Hack.in -
http://www.security.iitk.ac.in/hack.in/2009/
Hack in the box Ð HITBSecConf -
https://conference.hackinthebox.org/
Hacker Halted -
http://www.hackerhalted.com/
IPTComm: Principles, Systems and Applications of IP
Telecommunications -
http://iptcomm.org/
Infosecurity Europe -
http://www.infosec.co.uk/
International Conference on Security and Cryptography
(SECRYPT) Ð
http://www.secrypt.org/
International Workshop on Fast Software Encryption (FSE)
-
https://www.cosic.esat.kuleuven.be/fse2009/
Internet Security Operations and Intelligence (ISOI) -
http://www.isotf.org/isoi6.html
Kiwicon -
http://www.kiwicon.org/
LayerOne -
http://layerone.info/
PacSec -
http://pacsec.jp/
RSA -
https://365.rsaconference.com/index.jspa
Rocky Mountain Information Security Conference (RMISC)
Ð
http://www.issa-denver.org/RMISC.htm
SEaCURE.it -
http://www.seacure.it/
SecTor - Security Education Conference Toronto -
http://www.sector.ca/
SecureWorld Expo -
http://www.secureworldexpo.com/
Shakacon -
http://www.shakacon.org/
ShmooCon -
http://www.shmoocon.org/
SOURCE Conference -
http://www.sourceconference.com/
SyScan -
http://www.syscan.org/
Techno Forensics Conference -
http://www.thetrainingco.com/html/TechnoForensics2009.html
Techno Security Conference -
http://www.thetrainingco.com/html/Techno2009.html
Toorcamp -
http://www.toorcamp.org/
ToorCon -
http://www.toorcon.org/
uCon -
http://ucon-conference.org/
USENIX Security Symposium Ð
http://www.usenix.org/
Workshop on Collaboration and Security (COLSEC) -
http://www.univ-orleans.fr/lifo/Manifestations/COLSEC/
Adrian Lamo -
http://pax.vox.com/
Chris Gates -
http://carnal0wnage.blogspot.com/
Christophe Veltsos -
http://blog.drinfosec.com/
Dan Kaminsky -
http://www.doxpara.com/
Dustin L. Fritz Ð
http://en.wikipedia.org/wiki/Main_Page
Felix ÔFXÕ Lindner -
http://www.phenoelit.net/lablog/
HD Moore -
http://blog.metasploit.com/
Jayson E. Street Ð
http://jayson-street.tumblr.com/
Joanna Rutkowska -
http://theinvisiblethings.blogspot.com/
Joe Grand -
http://en.wordpress.com/tag/joe-grand/
Joe McCray Ð
http://www.learnsecurityonline.com/
Johnny Long Ð
http://www.hackersforcharity.org/
Kevin Poulsen -
http://www.wired.com/
Linus Torvalds -
http://torvalds-family.blogspot.com/
Marcus J. Carey -
http://blog.marcusjcarey.com/
Marcus J. Ranum Ð
http://www.ranum.com/
Richard Bejtlich -
http://taosecurity.blogspot.com/
Richard Stallman -
http://www.fsf.org/blogs/rms
Rob Fuller -
http://www.room362.com/
Robert Tappan Morris -
http://pdos.csail.mit.edu/~rtm/
Ron Gula -
http://blog.tenablesecurity.com/
Stephen Wozniak -
http://www.woz.org/
Tim Berners-Lee -
http://dig.csail.mit.edu/breadcrumbs/blog/4
PaulDotCom -
http://pauldotcom.com/
Securabit -
http://securabit.com/
Security Justice -
http://securityjustice.com/
STAR Chapter 11
The account number -
http://swiss-bank-accounts.com/e/fiction/bourne-identity-1988/index.html
Odysseus -
http://projectsx.dartmouth.edu/classics/history/bronze_age/lessons/les/27.html
What is WarGames? -
http://www.imdb.com/title/tt0086567/
What is Aurora? -
http://www.fas.org/irp/mystery/aurora.htm;
http://accelerationresearch.tripod.com/
The Net ÔInternet ChatÕ with Cyberbob -
http://www.imdb.com/title/tt0113957/
Sydney Bristow -
http://www.hollywood.com/news/Garner_Changes_Her_Name_to_Affleck/3473623
Chimera film and mythology -
http://www.tiscali.co.uk/reference/encyclopaedia/hutchinson/m0024745.html
STAR Chapter 12
Perverted Justice -
http://www.perverted-justice.com/
IRC Carders/ Credit Card Scam -
http://www.gcnews.com/news/2009/0529/Front_page/004.html
Carders -
http://www.wyldryde.org/a/000918.php
MPORPG for Communications channel -
http://www.gamespot.com/pc/rpg/worldofwarcraft/review.html;
http://www.worldofwarcraft.com/info/basics/realmtypes.html;
http://www.gamespot.com/pc/rpg/worldofwarcraft/news.html?sid=6153338&mode=news
WoW has Terrorists -
http://www.wired.com/threatlevel/2008/04/government-to-s/
InfraGard -
http://www.infragard.net/
Information System Security Association Ð
http://issa.org/
WiFiFoFum Ð
http://www.aspecto-software.com/rw/applications/wififofum/index.html
CHP and WiFi -
http://www.tropos.com/pdf/case_studies/tropos_casestudy_smpd.pdf
Locked, but not secure -
http://www.engadget.com/videos/lockdown/lockdown_defcon.wmv;
http://www.engadget.com/2006/08/24/the-lockdown-locked-but-not-secure-part-i/
36 stratagems -
http://www.bjreview.com.cn/exclusive/txt/2006-12/21/content_51557.htm
Sun Tzu -
http://en.wikipedia.org/wiki/Sun_Tzu#CITEREFSawyer1994
OLD LINKS
(yes some are redundant but didn't think anybody would actually surf this far
down) ;-)
Blue tooth
Yagi Rifle
Tools
Metasploit
Nmap
Kismet
NetStumbler
INFOSEC
iDefense
Snort
NeXpose
ISS Real Secure
SANS Reading Room
Tipping Point
News and Resources
Open Source Vulnerability Database
SANS Storm Center
Security Focus
Culture
DEFCON
Black Hat
2600
Misc.
Teen Angels
Perverted Justice
Angel Talk
Red Cross
Cancer.org
Relay for Life
Hackers (The Movie)
War Games (The Movie)
45/ 61/ 73/ 74/ 65/ 72/ 20/ 45/ 67/ 67/ 73/
????????
43:6c:69:63:6b:20:6f:6e:20:74:68:65:20:45:59:45:21
|