background preloader

NetworkMiner - The NSM and Network Forensics Analysis Tool

NetworkMiner is a Network Forensic Analysis Tool (NFAT) for Windows (but also works in Linux / Mac OS X / FreeBSD). NetworkMiner can be used as a passive network sniffer/packet capturing tool in order to detect operating systems, sessions, hostnames, open ports etc. without putting any traffic on the network. NetworkMiner can also parse PCAP files for off-line analysis and to regenerate/reassemble transmitted files and certificates from PCAP files. NetworkMiner makes it easy to perform advanced Network Traffic Analysis (NTA) by providing extracted artifacts in an intuitive user interface. The way data is presented not only makes the analysis simpler, it also saves valuable time for the analyst or forensic investigator. NetworkMiner has, since the first release in 2007, become a popular tool among incident response teams as well as law enforcement. NetworkMiner showing files extracted from sniffed network traffic to disk NetworkMiner showing thumbnails for images extracted to disk

PsExec Introduction Utilities like Telnet and remote control programs like Symantec's PC Anywhere let you execute programs on remote systems, but they can be a pain to set up and require that you install client software on the remote systems that you wish to access. PsExec is a light-weight telnet-replacement that lets you execute processes on other systems, complete with full interactivity for console applications, without having to manually install client software. PsExec's most powerful uses include launching interactive command-prompts on remote systems and remote-enabling tools like IpConfig that otherwise do not have the ability to show information about remote systems. Note: some anti-virus scanners report that one or more of the tools are infected with a "remote admin" virus. Installation Just copy PsExec onto your executable path. Using PsExec See the July 2004 issue of Windows IT Pro Magazine for Mark's article that covers advanced usage of PsExec. psexec \\marklap"c:\long name app.exe"

Port Search - Find Ports by Name, Number or Trojan Often, a firewall allows programs to communicate unrestricted over the internet; if that program was targeted by a virus or missed by your antivirus, it may now be reporting your personal information to a malicious websites or simply waiting for remote commands. Simply enter your port number above to find detailed information. Want to browse our port database rather than use our easy search tool? Here is a listing of computer ports below with each linking to individual pages about what programs may have that port open. Ports Page · Ports Page 2 · Ports Page 3 · Ports Page 4 · Ports Page 5 · Ports Page 6 · Ports Page 7

Play Session Injection Difficulty Beginner Details This exercise covers the exploitation of a session injection in the Play framework Warning, make sure you give at least 512MB of RAM to the VM What you will learn? Session injection Play framework Play's cookies Requirements A computer with a virtualisation software A basic understanding of HTTPYes, that's it! Download Nessus Vulnerability Scanner | Tenable Network Security With Advanced Support for Nessus Pro, your teams will have access to phone, Community, and chat support 24 hours a day, 365 days a year. This advanced level of technical support helps to ensure faster response times and resolution to your questions and issues. Advanced Support Plan Features Phone Support Phone support 24 hours a day, 365 days a year, available for up to ten (10) named support contacts. Chat Support Chat support available to named support contacts, accessible via the Tenable Community is available 24 hours a day, 365 days a year. Tenable Community Support Portal All named support contacts can open support cases within the Tenable Community. Initial Response Time P1-Critical: < 2 hr P2-High: < 4 hr P3-Medium: < 12 hr P4-Informational: < 24 hr Support Contacts Support contacts must be reasonably proficient in the use of information technology, the software they have purchased from Tenable, and familiar with the customer resources that are monitored by means of the software.

IP Address Tracker: IP Address Tracer - Trace Country, City, Map IP Address Locator IP finder and IP Address Tracker aids you in tracking the real IP address of the system you are currently working on. The address is given in the corresponding format along with the logical name of the system. The conversion of IP address to the respective name is done using Domain Naming Systems. There are many IP address locator and IP address tracker on the Internet of which only the reliable ones are to be trusted. As mentioned earlier, IP addresses are unique. The extended version of IP address tracker has come up under the name IP to city. On the other hand several malpractices has occurred by locating the IP address through improper channels. IP Address Tracker to track IP location Our Web based IP Address Tracker tool is very effective to trace and track fast and exactly location of any IP address.

Open Port Check Tool Troubleshooting Microsoft Windows Event Logs FreeSWITCH | Communication Consolidation s | Password Haystacks: How Well Hidden is Your Needle? ... and how well hidden is YOUR needle? Every password you use can be thought of as a needle hiding in a haystack. After all searches of common passwords and dictionaries have failed, an attacker must resort to a “brute force” search – ultimately trying every possible combination of letters, numbers and then symbols until the combination you chose, is discovered. If every possible password is tried, sooner or later yours will be found. The question is: Will that be too soon . . . or enough later? This interactive brute force search space calculator allows you to experiment with password length and composition to develop an accurate and quantified sense for the safety of using passwords that can only be found through exhaustive search. <! (The Haystack Calculator has been viewed 8,151,017 times since its publication.) IMPORTANT!!! It is NOT a “Password Strength Meter.” Since it could be easily confused for one, it is very important for you to understand what it is, and what it isn't: Okay.

John the Ripper password cracker John the Ripper is free and Open Source software, distributed primarily in source code form. If you would rather use a commercial product tailored for your specific operating system, please consider John the Ripper Pro, which is distributed primarily in the form of "native" packages for the target operating systems and in general is meant to be easier to install and use while delivering optimal performance. This version integrates lots of contributed patches adding GPU support (OpenCL and CUDA), support for a hundred of additional hash and cipher types (including popular ones such as NTLM, raw MD5, etc., and even things such as encrypted OpenSSH private keys, ZIP and RAR archives, PDF files, etc.), as well as some optimizations and features. To verify authenticity and integrity of your John the Ripper downloads, please use our PGP public key. You may browse the documentation for John the Ripper online, including a summary of changes between versions.

Clearinghouse for Incident Handling Tools Disclaimer Inclusion of a particular piece of software does not imply any form of recommendation from ENISA, TERENA or the contributors. This is up to you to decide whether a particular program is suitable for your purposes. Also note that an unauthorised use of some of these tools may constitute a criminal offence. Please read our warning before proceeding. Please take note that adding and removing of entries in the clearinghouse is done based on decisions made within the Task Force, and only tools that actively are being used and suggested by member teams are included! Clearinghouse Organisation The first group of tools relates directly to the investigation of incidents. Gathering evidence from the scene of an incident Investigating evidence of an incident Supportive tools for handling evidences Recovering the system after an incident The second group constitutes tools to support daily operations of CSIRT. Implementing CSIRT operational procedures Providing secure Remote access

Scanning the Internet with Nmap (Defcon 16) Tutorial Scanning The Internet With Nmap (Defcon 16) Description: How would you like to scan millions of hosts on the Internet and catalog all the interesting insights? This is exactly what Fyodor, the author of Nmap or Network Mapper did last summer. In this talk Fyodor demos many of the new features he has added in Nmap lately including but not limited to - optimizing the host discovery process using TCP and UDP techniques, finding most used TCP and UDP ports on the Internet and inside Intranets of large corporations, packet rate control with a minimum and maximum setting, the pack trace option, ncat - which is a netcat clone and ndiff which allows one to diff between different scan dumps. The slides for the presentation are available here and a high resolution video can be downloaded here. Disclaimer: We are a infosec video aggregator and this video is linked from an external website.