Tools CTF Digital Intelligence and Investigation Tools | The CERT Division By providing operational support to high-profile intrusion, identity theft, and general computer crime investigations, DIID is able to see the current limitations of computer forensics and incident response in the field first hand. Combining applied research with the unique talents, operational experience, research capabilities, and the vast knowledge base of Carnegie Mellon University, we have developed resources, training, and tools to facilitate forensic examinations and assist authorized members of the law enforcement community. Restricted Access Tools Users can access the following tools after they register and are vetted. Live View LE allows forensic investigators to take a physical device or an image file of a disk or partition and automatically transform it into a virtual machine. CCFinder is a suite of utilities designed to facilitate the discovery, organization, and query of financial data and related personally identifiable information in large-scale investigations.
Metashield Analyser. Analisis of metadata online. Google hacking - Automated website hacking tools based on Google dorks Google hacking is a must for hackers and pen testers, the popular search engine is a mine of information for targeted analysis and reconnaissance phase. In the past we discussed on how to use Google hacking techniques to gather information on specific targets and discover vulnerable website on a large-scale. I decided to start from a submodule of the hacking program proposed by The Hacker Academy dedicated to use of Google during a penetration test to extend the discussion with a proof of concept. The attacker’s job is advantaged by the availability on the black market of numerous DIY tools that make possible the execution of the large amount of specifically crafted query to discover vulnerable websites. The security expert Dancho Danchev just published an interesting post on Google-dorks based mass Web site hacking/SQL injecting tool used by cyber criminals to facilitate the above malicious online activity.
Infosec Tricks & Treats. Happy Halloween! This time around, we thought we’d offer up a couple of infosec tricks and treats for your browsing pleasure. Around MSI, we LOVE Halloween! We dress up like hackers, bees and hippies. Here are a couple of tricks for you for this Halloween: Columbia University gives you some good tricks on how to do common security tasks here. University of Colorado gives you some password tricks here. and The Moneypit even provides some tricks on cheap home security here. And now for the TREATS!!!!! Here are some of our favorite free tools from around the web: Wireshark - the best network sniffer around Find your web application vulnerabilities with the FREE OWASP ZED Attack Proxy Crack some Windows passwords to make sure people aren’t being silly on Halloween with Ophcrack Actually fix some web issues for free with mod_security Grab our DREAD calculator and figure out how bad it really is.. Put those tricks and treats in your bag and smile.
Crackeando redes WPA y WPA2 sin diccionario. via @dragonjar Utilizar ingeniería social para crackear redes WPA y WPA2 sin diccionario no es una técnica nueva, pero como con casi toda técnica cuando se automatiza y se facilita su uso se incrementa su popularidad (¿alguien recuerda firesheep?), hoy varios medios se han hecho eco de la herramienta WiFiPhisher publicada en el sitio The Hacker News y la anuncian como si se tratara de una gran novedad. Lo que seguramente desconocen es que ya existían este tipo de herramientas hace años e incluso herramientas creadas por latinos como LINSET (Linset Is Not a Social Enginering Tool) del usuario vk496 de la comunidad SeguridadWireless supera con creses las prestaciones del ya famoso WiFiPhisher. ¿Como crackear redes WPA y WPA2 sin diccionario usando estos scripts? El funcionamiento de todos los scripts de este tipo es básicamente el mismo y siguen el siguiente proceso: ¿Por que usar LINSET para crackear redes WPA y WPA2 sin diccionario? Descargar LINSET para crackear redes WPA y WPA2 sin diccionario
Free Network Sniffers, Analyzers and Stumbers. This article will look at free network sniffers, analyzers, and stumblers for Windows, Mac, Linux, and even Android. Introduction There are many commercial network tools out there offering all the bells and whistles, but sometimes a simpler product will do the job. Wireshark (Multiple platforms) Wireshark (Formally Ethereal) is a popular network protocol analyzer. Kismet (Multiple platforms) Kismet is a wireless network sniffer, analyzer, stumbler and intrusion detection system that can run on multiple platforms, including Linux, Mac OS X, and Windows. InSSIDer (Multiple platforms) InSSIDer is a free Wi-Fi stumbler from MetaGeek, the maker of the Wi-Spy spectrum analyzer and many other network products. Vistumbler (Windows) Vistumbler is an open source stumbler for Windows, supporting just the 2.4GHz band. NetSurveyor (Windows) NetSurveyor is a free Wi-Fi stumbler and basic analyzer released by Nuts About Nets, supporting jus the 2.4GHz band. AnalogX PacketMon (Windows) G-MoN (Android)
Top 15 Open Source. Free Security. Tools. 1. Nmap Nmap (“Network Mapper”) is a free and open source (license) utility for network discovery and security auditing. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. Nmap homepage. 2. Wireshark is a network protocol analyzer. 3. Metasploit Community Edition simplifies network discovery and vulnerability verification for specific exploits, increasing the effectiveness of vulnerability scanners. 4. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 6400 potentially dangerous files/CGIs, checks for outdated versions of over 1200 servers, and version specific problems on over 270 servers. 5. 6. ettercap 7. 8. 9. 10. w3af 11. hping 12. burpsuite 13.
OWASP Testing Guide v4.0. Guia de seguridad en aplicaciones Web. La fundación Open Web Application Security Project lidera desde 2001 un proyecto libre sin ánimo de lucro orientado a promover la seguridad del software en general y de aplicaciones web en particular, manteniendo para ello varios proyectos e iniciativas. Bajo licencia Creative Commons, genera y distribuye libremente material de alta calidad desarrollado por decenas de profesionales relacionados con el desarrollo y seguridad del software, entre ellos guías, plataformas educativas y herramientas de auditoría, etc. Situadas entre las publicaciones más valoradas en relación al sector de auditorías de seguridad, las guías publicadas por la fundación OWASP se han convertido en un referente en el mundo de la seguridad del desarrollo y evaluación de aplicaciones. En 2008 se editó la versión 3 de la guía, con su traducción al castellano en 2009 en la que participó activamente INTECO. Guía de pruebas OWASP versión 4. • Gestión de Identidades • Control de errores • Criptografía 1. 2. 3. 4. 5. 6. 7.
Hardware-based security more effective against new threats With software security tools and network vulnerabilities constantly being targeted by hackers, securing hardware components will grow in importance given it is more secure and cybercriminals will find it difficult to alter the physical layer for their purposes. Patrick Moorhead, president and principal analyst of Moor Insight and Strategy, said hardware-based security is more secure than software tools such as antivirus since it cannot be altered. Hardware-based security refers to safeguarding the computer using components such as processors. An RSA spokesperson added the physical layer eliminates the possibility of malware, such as virtual rootkits, from infiltrating the operating system and penetrating the virtualization layer. In 2010, RSA, together with VMWare and Intel, introduced a proof-of-concept framework to integrate security into the entire hardware stack. One example is ARM's joint venture with Gemalto and Giesecke & Devrient to set up Trustonic in December 2012.