| |
|
|
HG 0001 FLASH |
Keywords: "bot",
"trojan",
"rootkit",
"crypter". |
|
HG 0002 FLASH |
Keywords: "Metasploit",
"itunes",
"winamp". |
|
HG 0003 FLASH |
Keywords: "SDBot",
"IRC",
"Metasploit",
"Wireshark",
"DDoS". |
|
HG 0004 FLASH |
Keywords: "msfconsole",
"MS
RPC", "VNC
shell". |
|
HG 0005 FLASH |
Keywords: "WEP",
"Airodump-NG",
"Aireplay-NG",
"ARP",
"Aircrack-ptw". |
|
HG 0006 FLASH |
Keywords: "NetBot", "EvilHTTPServer",
"Wireshark", "DDoS". |
|
HG 0007 FLASH |
Keywords: "IDS",
"Snort", "Aanval
console", "Nmap",
"Metasploit". |
|
HG 0008 FLASH |
Keywords: "IDS",
"Snort", "Blade
IDS console",
Wireshark". |
|
HG 0009 FLASH |
Keywords: "Beast",
"EvilHTTPServer". |
|
HG 0010 FLASH |
Keywords: "Tribal
Flood Network (TFN)", "Etherape",
"TCPdump". |
|
HG 0011 FLASH |
Keywords: "HTTP
basic authentication", "password
cracking", "Brutus". |
|
HG 0012 FLASH |
Keywords: "Fotka", "Trojan". |
|
HG 0013 FLASH |
Keywords: "Apache
chunked attack", "FreeBSD". |
|
HG 0014 FLASH |
Keywords: "Bluetooth",
"Nokia
6310i". |
|
HG 0015 FLASH |
Keywords: "click kiddie", "RPC". |
|
HG 0016 FLASH |
Keywords: "WEP",
"Network
stumbler", "Dstumbler". |
|
HG 0017 FLASH |
Keywords: "FTP
Bounce Attack", "Nmap". |
|
HG 0018 FLASH |
Keywords: "SSH
port forwarding", "POP3". |
|
HG 0019 FLASH |
Keywords: "Ettercap",
"ARP". |
|
HG 0020 FLASH |
Keywords: "PPTP". |
|
HG 0021 FLASH |
Keywords: "OpenVPN"
& "Endian
Firewall". |
|
HG 0022 FLASH |
Keywords: "portscan",
"Excell", "Hedgehog". |
|
HG 0023 FLASH |
Keywords: "IIS",
"Extended
Unicode", "TFTP",
"idq.dll",
"MS
SAM", "NC". |
|
HG 0024 FLASH |
Keywords: "Shoutcast",
"/etc/passwd",
"/etc/shadow",
"(x86)RET",
"(x86)EIP",
"MD5",
"John The
Ripper", "SSH",
"netstat",
"chkrootkit". |
|
HG 0025 FLASH |
Keywords: "RealVNC
authentication bypass". |
|
HG 0026 FLASH |
Keywords: "ANI",
"Irfanview". |
|
HG 0027 FLASH |
Keywords: "ophcrack". |
|
HG 0028 FLASH |
Keywords: "Mercur Mail Server". |
|
HG 0029 FLASH |
Keywords: "RIP",
"sniff", "spoof". |
|
|
|
HG 0030 FLASH |
Keywords: "HoneyD",
"Honeypot" |
|
HG 0031 FLASH |
Keywords: "VoIP",
"Agilent". |
|
HG 0032 FLASH |
Keywords: "HTTPrint". |
|
HG 0033 FLASH |
Keywords: "Linux Ptrace", "local
privilege". |
|
HG 0034 FLASH |
Keywords: "MD5", "Hash collision". |
|
HG 0035 FLASH |
Keywords: "Cisco", "ip http
server", "integer overflow". |
|
HG 0036 FLASH |
Keywords: "MS IIS", "WebDAV", "VNC". |
|
HG 0037 FLASH |
Keywords: "MS Terminal Services",
"MS Remote Desktop", "TSgrinder". |
|
HG 0038 FLASH |
Keywords: "Owns sniffing". |
|
HG 0039 FLASH |
Keywords: "Visual route", "traceroute". |
|
HG 0040 FLASH |
Keywords: "MS Terminal Services",
"tscrack", "AI". |
|
HG 0041 FLASH |
Keywords: "IKE". |
|
HG 0042 FLASH |
Keywords: "sterm". |
|
HG 0043 FLASH |
Keywords: "Servu", "SEH". |
|
HG 0044 FLASH |
Keywords: "MS Terminal Services",
"tscrack", "W2K3". |
|
HG 0045 FLASH |
Keywords: "SNMP", "Dictionary
Attack", "Sweeping", "Cisco 7". |
|
HG 0046 FLASH |
Keywords: "SMB", "Dictionary
Attack". |
|
HG 0047 FLASH |
Keywords: "CDP", "spoof". |
|
HG 0048 FLASH |
Keywords: "CDP", "spoof", "DoS". |
|
HG
0049 FLASH |
Keywords: "wordlist generation",
"dictionary attack". |
|
HG 0050 FLASH |
Keywords: "URL spoofing". |
|
HG 0051 FLASH |
Keywords: "Basic Mail Spoofing". |
|
HG 0052 FLASH |
Keywords: "Metasploit", "VNCShell",
"MS DCOM". |
|
HG 0053 FLASH |
Keywords: "SMB
2", "SMB
2.0 Negotiate DoS and more". |
|
HG 0054 FLASH |
Keywords: "Debian", "PRNG",
"Openssl", "OpenSSH". |
|
HG 0055 FLASH |
Keywords: "Evil
Maid", "TrueCrypt",
"Invisible
Things Lab". |
| HG 0056 FLASH |
Keywords: CVE-2010-0232 |
|
HG 0057
FLASH | Keywords:
Fuzzing, TAOF, WarFTP. |
-
HG 0058 FLASH
| Keywords:
Rainbow Tables. |
|
HG 0059 FLASH |
Keywords: Zeus/ZdBot - Metasploit
- MS_IE_2010 |
|
HG 0060 FLASH |
Keywords: Ubuntu 10.X LTS - PAM
MOTD local priv. escalation. |
|
HG 0061 FLASH | Keywords:
Metasploit, IFrame, SDBOT. |
| HG 0062
FLASH | Keywords:
NeXpose Rapid7. |
|
HG 0063 FLASH |
Keywords: Nessus v4. |
| HG
0064 FLASH | Keywords: DDoS, Ion Cannon, 4Chan,
MPAA, ... |
|
HG 0065 FLASH |
Keywords: Check
Point R71 IPS, Traffice IQ Pro. |
| HG
0066 FLASH | Keywords:
Check Point R71 (long demo). |
|
HG 0067 FLASH | Keywords:
Botnet, Niksun,
Tufin. |
|
HG 0068 FLASH |
Keywords:
stack based buffer
overflow (x86). |
|
HG 0069 FLASH |
Keywords: Firesheep. |
|
HG 0070 FLASH |
Keywords:
CIFS, SMBDIE. |
|
HG 0071 FLASH |
Keywords:
Slowloris,
Pyloris. |
|
HG 0072 FLASH |
Keywords: PipeupAdmin, Privilege Escalation. |
|
HG 0073 FLASH |
Keywords:
Kerberos, cracking. |
|
HG 0074 FLASH |
Keywords:
RIP, spoofing. |
|
HG 0075 FLASH |
Keywords:
Elcomsoft,
OpenOffice,
distributed cracking,
CUDA. |
|
HG 0076 FLASH |
Keywords:
Core
Impact. |
|
HG 0077 FLASH |
Keywords:
Core
Impact, Client Pen Test. |
|
HG 0078 FLASH |
Keywords:
S/MIME,
PKI, OSCP,
CRL,
MS AD CS, ... |
|
HG 0079 FLASH |
Keywords:
Vasco IDENTIKEY,
Vasco Digipass,
RADIUS, ... |
|
HG 0080 FLASH |
Keywords:
IPv6,
RA DoS,
CVE-2010-4669. |
| |
|
# Papers |
| |
|
|
UNIXFUND5 |
Archived version of a
SuSE 10.x
installation on VMWare. |
|
UNIXFUND4 |
Archived version of text-based
Ubuntu
installation. |
|
UNIXFUND3 |
Archived version of
Fedora Core
7/8 installation (vs. Windows XP installation). |
|
UNIXFUND2 |
Set up a local mirror
for CentOS 5.6
and Yum. |
|
UNIXFUND1 |
Archived version of
Samba appendix (JCA
UNIXFUND) |
|
01 08 2004 PDF |
OpenVPN 101:
introduction to OpenVPN. |
|
01 02 2004 PDF |
Increasing
security awareness: visualising WEP insecurity. |
|
01 09 2003 PDF |
Implementing
your own PGP key server. |
|
01 08 2003 PDF |
Adding
hard drives to a Linux host. |
|
01 07 2003 PDF |
Taking a quick
look at 'Severn'. |
|
01 07 2003 PDF |
FTP 'Bounce
Attack' Fundamentals (attachment). |
|
01 06 2003 PDF |
Installation of
OpenBSD 3.3. |
|
05 03 2003 PDF |
Performing a
basic Red Hat Linux 9 installation. |
|
02 03 2003 PDF |
Implementing an
easy and secure broadband router using
Coyote Linux |
| |
|
#
Reference Cards. |
| JCA_SEC | IP security reference card. |
| JCA TCP/IP | TCP/IP reference card |
| |
|
#
Books |
| |
| // Book Reviews and Personal Ratings, Operating
Systems. |
| |
|
"The Debian System, concepts and techniques", Martin
F. Krafft. |
ISBN 1-59327-069-0 by Open Source Press GmbH (& No
Starch Press).
Overal rating: "must read, if you want to know more about Debian". |
| |
|
"Red Hat Certified Engineer Linux Study
Guide, 5Th edition", Michael Jang. |
| ISBN-13 978-0-07-226454-8, McGraw-Hill |
|
|
Overal rating: good, clear book to have an overview of most common topics,
but not always in depth. |
|
|
// Book Reviews and Personal
Ratings, Security.
|
| |
"CompTIA
Security + Study guide, fourth edition"
(SyBEX, eISBN:
978-0-470-37297-5) - 2009 (Kindle Edition).
By Emmett Dulaney
Very high-level with *very*
incomplete explanation of fundamental knowledge. Not
covering the essential things. Lot's of repetitions
of the same explanation in several chapters. Some
chapters like "hardening" must be a joke. Contains
wrong information: e.g. digital signatures created
with a public key, ... ?
Overal
rating: please, no.
|
"Nmap
Network Scanning" (Insecure.com LLC,
ISBN 0-9799587-1-7) - 2008.
By
Gordon "Fyodor" Lyon.
Well written, amuzing
and technical book about Nmap usage, logic, tweaking
and
optimalization. Even if you have used Nmap on
a regular basis, you will find interesting
details and background information. The occasional
humor is a plus.
Overall
rating: must read for
network, system administrators and pentesters that
want to learn more about common scanning techniques
and logic. Well written.
|
"The art of intrusion"
(Wiley, ISBN 0-7645-6959-7) - 2005.
By Kevin Mitnick and William L. Simon.
Overall rating: recommended light and entertaining reading describing several
techniques
and "cases".
|
"Official Certified Ethical Hacker ReviewGuide"
(SYBEX, ISBN 978-0-7821-4437-6) - 2008.
By Kimberly Graves.
Overall rating: very short review guide (e.g. chapters on crypto, SQL injection
& buffer overflows contain only a few pages). I wouldn't buy it.
|
"Certified Ethical Hacker, exam 312-50" (QUE,
ISBN 0-7897-3531-8) - 2006/2008.
By Michael Greg.
The book provides a (mainly) high level overview of some classic names,
scenarios,
attacks, malwares, the basics of Windows & Unix (very short), fundamental
security counter measures, crypto and policies.
The attacks themselves are not always explained, so use the book as a high level
walkthrough of classics and Google them up. Some historical tools mentioned
are outdated, even on the first print (e.g. SAINT). Some of the attack examples
don't go further then exploiting default settings.
Overall rating: OK to read if you want to have a quick and wide overview of some
classic security rules, attacks and names that you should know. Use the
references. Not a technical reference.
|
"Secrets of Computer Espionage"
(Wiley, ISBN
0-7645-3710-5) - 2003.
By Joel McNamara.
"Tactics and countermeasures" is a clear and well written (high-level) book
about some classic security (and spook) scenarios along will short, real life
facts.
The technical systems
represented might be outdated,
most of the book is still usuable for
learning
classical security related topics,
policies, and historical systems you should have heard about.
Overal rating: recommended.
|
"Syngress Force 2006, Emerging Threat Analysis"
(Syngress, ISBN 1-59749-056-3) - 2006.
By David Maynor & co.
"A one-stop reference containing the most read topics in the Syngress Security
Library" looked promising but turned out to be massive book with lots of
disappointing and mostly high-level chapters. If you are looking for lot's of
basic security threat information or information on email abuse, spam and
phishing - it could be interesting (e.g. "Spammer X") - otherwise, not.
Overall rating: "Not really, no".
|
"The hackers handbook"
(Auerbach Publications, ISBN 0-8493-0888-7) - 2004.
By Dave Aitel and Susan Young.
"The hackers handbook, the strategy behind breaking into and defening networks",
provides a very wide overview in how attackers might target your assets. It
contains
lot of new information for someone who is new to the security world.
For the more technical readers, sometimes the chapters stop where it the exiting
and interesting stuff would begin. Some of the more interesting items are left
quiet vague.
It contains some classic attacks and exploit - "blasts of the past" you should
have
heard about, but a little bit outdated if you are looking for specific new stuff
besides
the classic scenarios.
Overall rating: "Yeah, why not?"..
|
"Security+
Certifcation Training Kit" (Microsoft Press,
ISBN 0-7356-1822-4).
Consult the attached review.
Overall rating: new to Security? This might be a short and easy introduction.
|
"Security+
Study Guide" (M. Cross/Syngress,
ISBN 1-931836-72-8).
Check the attached review.
Overall rating: new to security? This might be a short and easy introdution.
|
"The
Art of Deception" (Kevin D. Mitnick,
ISBN 0-471-23712-4).
Check the attached review.
Overall rating: "must read", especialy when you are interested in
"real cases", social
engineering, procedures and general user awareness training.
|
| |
|
# Links |
| |
|
| *
http://links.duister.org |