Never Ending Security

It starts all here

List with useful links and handy webpages for Penetration Testers & Forensics

Forensic Challenges:
Host Forensics:
DigitalCorpora: http://digitalcorpora.org
Digital Forensics Tool Testing Images: http://dftt.sourceforge.net
DFRWS 2014 Forensics Rodeo: http://www.cs.uno.edu/~golden/dfrws-2014-rodeo.html
Linux LEO Supplemental Files: http://linuxleo.com
volatility memory samples: https://code.google.com/p/volatility/wiki/FAQ
ISFCE Sample Practical Exercise: http://www.isfce.com/sample-pe.htm
ForGe Forensic test image generator: https://github.com/hannuvisti/forge

Network Forensics:
Wireshark Sample Captures: http://wiki.wireshark.org/SampleCaptures
Wireshark Network Analysis Book Supplements: http://www.wiresharkbook.com/studyguide.html
pcapr: http://www.pcapr.net
PacketLife Capture Collection: http://packetlife.net/captures
DigitalCorpora Packet Dumps: http://digitalcorpora.org/corpora/packet-dumps
Evil Fingers PCAP Challenges: https://www.evilfingers.com/repository/pcaps_challenge.php
PCAPS Repository: https://github.com/markofu/pcaps
Chris Sanders Packet Captures: http://chrissanders.org/packet-captures
Tcpreplay Sample Captures: http://tcpreplay.appneta.com/wiki/captures.html
Enron Email Dataset: http://www.cs.cmu.edu/~enron
MAWI Working Group Traffic Archive: http://mawi.wide.ad.jp/mawi
LBNL-FTP-PKT: http://ee.lbl.gov/anonymized-traces.html

Malware Analysis:
Open Malware / Offensive Computing: http://openmalware.org
Contagio: http://contagiodump.blogspot.com
VX Heaven: http://vxheaven.org
VirusShare.com / VXShare: http://virusshare.com
VXVault: http://vxvault.siri-urz.net
MalShare: http://malshare.com
Virusign: http://www.virusign.com
theZoo / Malware DB: http://ytisf.github.io/theZoo
malc0de: http://malc0de.com/database
FakeAVs blog: http://www.fakeavs.com
malware_traffic: http://malware-traffic-analysis.net
Georgia Tech malrec page: http://panda.gtisc.gatech.edu/malrec
Kernelmode Forum: http://www.kernelmode.info
Malware Hub Forum: http://malwaretips.com/categories/malware-hub.103
MalwareBlacklist.com: http://www.malwareblacklist.com
Joxean Koret’s List: http://malwareurls.joxeankoret.com
Sucuri Research Labs: http://labs.sucuri.net/?malware
CLEAN MX realtime database: http://support.clean-mx.de/clean-mx/viruses.php
Contagio Mobile Malware: http://contagiominidump.blogspot.com
Android Sandbox: http://androidsandbox.net/samples
maltrieve: http://maltrieve.org
HoneyDrive: http://bruteforce.gr/honeydrive

Online and CTFs:
Honeynet Challenges: https://www.honeynet.org/challenges
Honeynet Challenges: http://old.honeynet.org/scans/index.html
I Smell Packets: http://ismellpackets.com/
Network Forensics Puzzle contest: http://forensicscontest.com/puzzles
DEF CON CTF Archive: https://www.defcon.org/html/links/dc-ctf.html
DFRWS: http://www.dfrws.org/2013/challenge/index.shtml
DFRWS: http://www.dfrws.org/2010/challenge/
DFRWS: http://www.dfrws.org/2011/challenge/index.shtml
DFRWS: http://www.dfrws.org/2007/challenge/index.shtml
DFRWS: http://www.dfrws.org/2006/challenge/
DFRWS: http://www.dfrws.org/2005/challenge/
ForensicKB Practicals: http://www.forensickb.com/2008/01/forensic-practical.html
ForensicKB Practicals: http://www.forensickb.com/2008/01/forensic-practical-2.html
ForensicKB Practicals: http://www.forensickb.com/2010/01/forensic-practical-exercise-3.html
ForensicKB Practicals: http://www.forensickb.com/2010/06/forensic-practical-exercise-4.html
ForensicKB Practicals: http://www.forensickb.com/2011/01/simple-forensic-puzzle-1.html
ForensicKB Practicals: http://www.forensickb.com/2011/02/forensic-puzzle-6.html
HackEire CTF: https://github.com/markofu/hackeire
UMass Trace Repository: http://traces.cs.umass.edu

Wireless:
SANS 802.11 Pocket Guide: http://www.willhackforsushi.com/papers/80211_Pocket_Reference_Guide.pdf
Wireless Pen Test Framework: http://wirelessdefence.org/Contents/Wireless%20Pen%20Test%20Framework.html
WPA Packet Capture Explained: http://www.aircrack-ng.org/doku.php?id=wpa_capture

Pentesting VPN:
VPNTester: http://www.amanhardikar.com/software.html
ike-scan, psk-crack: http://www.nta-monitor.com/tools-resources/security-tools/ike-scan
ike-scan-gpu: http://funoverip.net/2012/07/psk-crack-ike-scan-gpu-add-on
Cain & Able: http://www.oxid.it/cain.html
Hashcat: http://hashcat.net/hashcat
Ettercap: http://ettercap.github.io/ettercap
THC-pptp-bruter: http://www.thc.org/releases.php
IKEProbe: http://www.ernw.de/download/ikeprobe.zip
IKECrack: http://sourceforge.net/projects/ikecrack
IPSecScan: http://ntsecurity.nu/toolbox/ipsecscan
VPNMonitor: http://vpnmonitor.sourceforge.net
FakeIKEd: http://www.roe.ch/FakeIKEd
NIST SP800-113: Guide to SSL VPN: http://csrc.nist.gov/publications/nistpubs/800-113/SP800-113.pdf
IPSec Cheat Sheet: http://media.packetlife.net/media/library/6/IPsec.pdf

Pentesting VOIP:
Backtrack Guide: http://www.backtrack-linux.org/wiki/index.php/Pentesting_VOIP
SS7 and Telecomm Related: http://labs.p1sec.com/2013/04/04/ss7-traffic-analysis-with-wireshark
SS7 and Telecomm Related: http://www.o0o.nu/projects/ss7
SS7 and Telecomm Related: http://events.ccc.de/congress/2009/Fahrplan/events/3555.en.html
SS7 and Telecomm Related: http://www.hackitoergosum.org/2010/HES2010-planglois-Attacking-SS7.pdf
SS7 and Telecomm Related: http://www.slideshare.net/p1sec/telecom-security-from-ss7-to-all-ip-allopenv3zeronights
SS7 and Telecomm Related: https://www.youtube.com/watch?v=m9aruyjQQ_c
More Tools: http://skora.net/voice-over-ip-security
More Tools: http://www.hackingexposedvoip.com/sec_tools.html
More Tools: http://www.infiltrated.net/index.php?option=com_content&view=article&id=13&Itemid=18
VoWLAN: http://en.wikipedia.org/wiki/Voice_over_WLAN
VoWLAN: http://www.ciscopress.com/articles/article.asp?p=703793
VoWLAN: http://www.cisco.com/en/US/docs/solutions/Enterprise/Mobility/emob41dg/ch9_Voic.html
mVoIP: http://en.wikipedia.org/wiki/Mobile_VOIP
IMS: http://en.wikipedia.org/wiki/IP_Multimedia_Subsystem
IMS: http://www.rennes.enst-bretagne.fr/~gbertran/files/IMS_an_overview.pdf
IMS: http://www.radio-electronics.com/info/telecommunications_networks/ims-ip-multimedia-subsystem/tutorial-basics.php
Viper VAST: http://vipervast.sourceforge.net
VoIP Related Google Search Terms: http://www.hackingexposedvoip.com/google.html
Default Voicemail Sound Files: http://www.hackingexposedvoip.com/voicemail.html
Wireshark: http://www.wireshark.org/download.html
Xplico: http://www.xplico.org
VideoJak: http://videojak.sourceforge.net
TraceBuster: http://www.touchstone-inc.com/tracebuster.php
Oreka: http://oreka.sourceforge.net
SIPp: http://sipp.sourceforge.net
ACE: http://ucsniff.sourceforge.net/ace.html
OAT: http://voat.sourceforge.net
XTest: http://xtest.sourceforge.net
SIPVicious: https://code.google.com/p/sipvicious
UCSniff: http://ucsniff.sourceforge.net
Bluebox-ng: https://github.com/jesusprubio/bluebox-ng
SCTPScan: http://www.p1sec.com/corp/research/tools/sctpscan
SCTPScan: http://www.dailymotion.com/video/x2nq3d_frnog-10-philippe-langlois-sctpscan_tech
SS7calc: https://github.com/philpraxis/ss7calc

Others:
CommandLineKungFu: http://blog.commandlinekungfu.com
Bernardo’s Password Hashes Dump Tools: https://docs.google.com/spreadsheet/ccc?key=0Ak-eXPencMnydGhwR1VvamhlNEljVHlJdVkxZ2RIaWc

Virtual Machines and Live CD’s:
Backtrack: http://www.backtrack-linux.org
Kali Linux: http://www.kali.org
BackBox Linux: http://www.backbox.org
Matriux: http://www.matriux.com
VAST: http://vipervast.sourceforge.net
Security Onion: http://securityonion.blogspot.co.uk
Samurai: http://sourceforge.net/projects/samurai
OSWA-Assistant: http://securitystartshere.org/page-training-oswa-assistant-tools.htm
RFID Live Hacking System: http://www.openpcd.org/Live_RFID_Hacking_System
Ophcrack: http://ophcrack.sourceforge.net
REMnux: http://zeltser.com/remnux
ARE: https://redmine.honeynet.org/projects/are
HoneyDrive: http://bruteforce.gr/honeydrive
SIFT: http://computer-forensics.sans.org/community/downloads
Orion: http://orionlivecd.sourceforge.net
Raptor: http://forwarddiscovery.com/Raptor
Vyatta CORE: http://www.vyatta.org/downloads
NST: http://sourceforge.net/projects/nst
MobiSec: http://sourceforge.net/projects/mobisec
Santoku Linux: https://santoku-linux.com
Ultimate Boot CD: http://www.ultimatebootcd.com
Hiren’s BootCD: http://www.hiren.info/pages/bootcd
Turnkey Linux: http://www.turnkeylinux.org
Linux Mint: http://www.linuxmint.com
Fedora: http://fedoraproject.org
OpenSUSE: http://www.opensuse.org
Openindiana: http://openindiana.org
Haiku: http://haiku-os.org

.
Browser Addons / Plugins / Extensions:

Firefox:
Recon:
ShowIP: https://addons.mozilla.org/en-US/firefox/addon/showip
Domain Details: https://addons.mozilla.org/en-US/firefox/addon/domain-details
Passive Recon: https://addons.mozilla.org/en-US/firefox/addon/passiverecon

Request Capture and Modification:
Tamper Data: https://addons.mozilla.org/en-US/firefox/addon/tamper-data

Cookies:
Cookie Manager+: https://addons.mozilla.org/en-US/firefox/addon/cookies-manager-plus

Web Services:
Poster: https://addons.mozilla.org/en-us/firefox/addon/poster

Page and Script Analysis:
Firebug: https://addons.mozilla.org/en-US/firefox/addon/firebug
FlashFirebug: https://addons.mozilla.org/en-US/firefox/addon/flashfirebug
Web Developer: https://addons.mozilla.org/en-US/firefox/addon/web-developer
View Dependencies: https://addons.mozilla.org/en-US/firefox/addon/view-dependencies
JavaScript Deobfuscator: https://addons.mozilla.org/en-us/firefox/addon/javascript-deobfuscator

Header Analysis:
Live HTTP Headers: https://addons.mozilla.org/en-US/firefox/addon/live-http-headers
Wappalyzer: https://addons.mozilla.org/en-US/firefox/addon/wappalyzer

Multi Purpose:
Hackbar: https://addons.mozilla.org/en-US/firefox/addon/hackbar

Search Engines:
Offensive Security ExploitDB: https://addons.mozilla.org/en-US/firefox/addon/offensive-security-exploit-dat
OSVDB: https://addons.mozilla.org/en-US/firefox/addon/osvdb
PacketStorm: https://addons.mozilla.org/en-US/firefox/addon/packet-storm-search-plugin
SecurityFocus: https://addons.mozilla.org/en-US/firefox/addon/securityfocus-vulnerabilities-
Default Passwords – CIRT.net: https://addons.mozilla.org/en-US/firefox/addon/default-passwords-cirtne-58786

Utilities:
FireShot: https://addons.mozilla.org/en-US/firefox/addon/fireshot
Capture Fox (up to v6): https://addons.mozilla.org/en-US/firefox/addon/capture-fox
TabMix Plus: https://addons.mozilla.org/en-US/firefox/addon/tab-mix-plus
NoScript: https://addons.mozilla.org/en-US/firefox/addon/noscript
Less Spam, Please: https://addons.mozilla.org/en-US/firefox/addon/less-spam-please
IE Tab 2: https://addons.mozilla.org/en-US/firefox/addon/ie-tab-2-ff-36

Misc:
JSON View: https://addons.mozilla.org/en-US/firefox/addon/jsonview
RESTClient: https://addons.mozilla.org/en-US/firefox/addon/restclient
FirePath: https://addons.mozilla.org/en-US/firefox/addon/firepath
Groundspeed: https://addons.mozilla.org/en-US/firefox/addon/groundspeed
Elite Proxy Switcher: https://addons.mozilla.org/en-US/firefox/addon/elite-proxy-switcher
FoxyProxy Standard: https://addons.mozilla.org/en-US/firefox/addon/foxyproxy-standard
Host Spy: https://addons.mozilla.org/en-US/firefox/addon/host-spy
ViewStatePeeker: https://addons.mozilla.org/en-us/firefox/addon/viewstatepeeker
User Agent Switcher: https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher
CryptoFox: https://addons.mozilla.org/en-US/firefox/addon/cryptofox

Chrome:
Recon:

IP Address and Domain Information: https://chrome.google.com/webstore/detail/lhgkegeccnckoiliokondpaaalbhafoa
Network & Internet Tools: https://chrome.google.com/webstore/detail/ekpdpmpcgcmpaeokmclflfpadaklgpji

Request Capture and Modification:
Tampermonkey: https://chrome.google.com/webstore/detail/dhdgffkkebhmkfjojejmpbldmpobfkfo
Request Maker: https://chrome.google.com/webstore/detail/kajfghlhfkcocafkcjlajldicbikpgnp
Dev HTTP Client: https://chrome.google.com/webstore/detail/aejoelaoggembcahagimdiliamlcdmfm

Page and Script Analysis:
Firebug Lite: https://chrome.google.com/webstore/detail/bmagokdooijbeehmkpknfglimnifench
Web Developer: https://chrome.google.com/webstore/detail/bfbameneiokkgbdmiekhjnmfkcnldhhm
Web Edit: https://chrome.google.com/webstore/detail/knkafdhggfbbpbdojbegpokhiiclpnml

Cookies:
Swap My Cookies: https://chrome.google.com/webstore/detail/dffhipnliikkblkhpjapbecpmoilcama
Edit This Cookie: https://chrome.google.com/webstore/detail/fngmhnnpilhplaeedifhccceomclgfbg

Header Analysis:
Recx Security Analyzer: https://chrome.google.com/webstore/detail/ljafjhbjenhgcgnikniijchkngljgjda
Wappalyzer: https://chrome.google.com/webstore/detail/gppongmhjkpfnbhagpmjfkannfbllamg
HTTPHeaders: https://chrome.google.com/webstore/detail/hplfkkmefamockhligfdcfgfnbcdddbg

Utilities:
Awesome Screenshot: https://chrome.google.com/webstore/detail/alelhddbbhepgpmgidjdcjakblofbmce
NotScript: https://chrome.google.com/webstore/detail/odjhifogjcknibkahlpidmdajjpkkcfn
Easy Disposable Email Address https://chrome.google.com/webstore/detail/mkpfodpjhekjdhkchalfflggeoamfajh
IE Tab Multi: https://chrome.google.com/webstore/detail/fnfnbeppfinmnjnjhedifcfllpcfgeea
Advanced Encoder / Decoder https://chrome.google.com/webstore/detail/ochhcobhdebiaimobmlnjogeggcgafgd
Proxy Switchy: https://chrome.google.com/webstore/detail/caehdcpeofiiigpdhbabniblemipncjj
Chrome Remote Desktop: https://chrome.google.com/webstore/detail/gbchcmhmhahfdphkhkmpfmihenigjmpp

Misc:
XSS Rays: https://chrome.google.com/webstore/detail/kkopfbcgaebdaklghbnfmjeeonmabidj
Postman REST Client: https://chrome.google.com/webstore/detail/fdmmgilgnpjigdojojpjoooidkmcomcm
Simple REST Client: https://chrome.google.com/webstore/detail/fhjcajmcbmldlhcimfajhfbgofnpcjmb
JSON View: https://chrome.google.com/webstore/detail/chklaanhfefbnpoihckbnefhakgolnmc
XPath Helper: https://chrome.google.com/webstore/detail/hgimnogjllphhhkhlmebbmlgjoejdpjl

Prepackaged Browsers:
Mantra: http://www.getmantra.com/download/index.html
Sandcat: http://www.syhunt.com/?n=Sandcat.Browser
HconSTF: http://www.hcon.in/downloads.html

Public Key Infrastructure (PKI):
PKIX workgroup: http://datatracker.ietf.org/wg/pkix/charter
NIST PKI Program: http://csrc.nist.gov/groups/ST/crypto_apps_infra/pki/index.html
NIST PKI Program: http://csrc.nist.gov/publications/PubsTC.html#PKI
EJBCA: http://www.ejbca.org
OpenCA: http://www.openca.org/projects.shtml
XCA: http://xca.sourceforge.net
PHPki: http://phpki.sourceforge.net
UniCERT: http://www.verizonbusiness.com/Products/security/identity/unicert
Entrust Authority: http://www.entrust.com/pki
RSA Digital Certificate Manager: http://uk.emc.com/security/rsa-digital-certificate.htm
Secure PKI: http://uk.safenet-inc.com/Solutions/Industry_Solutions_for/Secure_PKI/
KeyOne: http://www.safelayer.com/en/products-and-services/solutions/public-key-infrastructures
CoSign: http://www.arx.com/products/security-products
Symantec / Verisign: http://www.symantec.com/en/uk/verisign/managed-pki-service
Entrust: http://www.entrust.com/managed_services/index.htm
Digicert: http://www.digicert.com/managed-pki-ssl.htm
Exostar: http://www.exostar.com/products-Federated_Identity_Service.aspx
Verizon: http://www.verizonbusiness.com/terms/us/products/security/managedPKI
QuoVadis: http://www.quovadisglobal.co.uk/CertificateServices/ManagedPKI.aspx
Keynectis OpenTrust: http://www.keynectis.com/en/certificate-based-identity-management
FreeIPA: http://www.freeipa.org/page/Main_Page

PCI DSS:
PCI DSS Standard: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf
PCI Council: https://www.pcisecuritystandards.org/
PCI Compliance Guide: http://www.pcicomplianceguide.org/
Focus on PCI: http://www.focusonpci.com/
Practical Threat Analysis: http://www.ptatechnologies.com
PCI DSS Summary of Changes v2.0 to v3.0: https://www.pcisecuritystandards.org/documents/PCI_DSS_v3_Summary_of_Chang es.pdf

ISO:
ISO 27001 Standard: http://www.iso.org/iso/home/store/catalogue_ics/catalogue_detail_ics.htm?csnumber=54534
ISO 27002 Standard: http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=54533
ISO27k Forum ISO27k Toolkit: http://www.iso27001security.com/html/iso27k_toolkit.html
SANS ISO 17799 Checklist: http://www.sans.org/score/checklists/ISO_17799_2005.doc
EBIOS: https://adullact.net/projects/ebios2010
openEBIOS: http://sourceforge.net/projects/openebios
Practical Threat Analysis: http://www.ptatechnologies.com
Verinice SerNet: http://www.verinice.org/en/
Guide to Implementing and Auditing of ISMS Controls: http://shop.bsigroup.com/ProductDetail/?pid=000000000030282631
SANS Security Policy Project: http://www.sans.org/security-resources/policies
Mapping of the two versions: http://www.slideshare.net/mpsinghrathore/mapping-of-iso-270012005-with-iso-270012013
BSi ISO27001 Transition Guide: http://www.slideshare.net/BSIGroupThailand/bsi-isoiec27001-transition-guide
More tools: http://rm-inv.enisa.europa.eu/tools

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s