F0rb1dd3n
The Story is F1ct10n The threats are real


Links from the book
 

 

STAR Chapter 1
 


Securities and Exchange Commission web site - http://www.sec.gov/

Real-Time E-mail Harvesting - http://news.softpedia.com/news/Real-time-E-mail-Harvesting-on-Twitter-111609.shtml

Maltego is an open source intelligence and forensics application - http://www.paterva.com/maltego/

Netcraft is an Internet services company based in Bath, England - http://news.netcraft.com/

Sam Spade is a network querying tool used to collect information on remote computers - http://preview.samSpade.org/ssw/

DNSPredict PERL script, by Jimmy Neutron, is great for determining DNS names with Google - http://johnny.ihackstuff.com/downloads/task,cat_view/gid,16/limit,5/limitstart,0/order,name/dir,ASC/

 

STAR Chapter 2

 

Kismet - http://www.kismetwireless.net/documentation.shtml

SuperScan - http://www.foundstone.com/us/resources/proddesc/superscan4.htm

Nmap - http://nmap.org/download.html

Paratrace - http://linux.die.net/man/1/paratrace.

Scanrand - http://linux.die.net/man/1/scanrand

Amap - http://freeworld.thc.org/thc-amap/

The Matrix and Nmap - http://news.bbc.co.uk/2/hi/technology/3039329.stm -

 

STAR Chapter 3

 

My Top 5 Fav Tools - https://cisco.hosted.jivesoftware.com/blogs/network-sheriff/2009/05/14/my-top-5-fav-recon-tools.

Hacking Web 2.0 Applications with Firefox - http://www.securityfocus.com/infocus/1879

Firefox Plugins for Security Professionals by Chris Schmidt - http://weblogs.asp.net/dvravikanth/archive/2009/04/14/firefox-plugins-for-security-professionals-by-schmidt-chris.aspx

IBM Internet Security Systems - http://www.iss.net/about/index.html

10 Best hacking and security software tools - http://blogs.iium.edu.my/jaiz/2008/09/23/10-best-hacking-and-security-software-tools-for-linux//

Nessus Ð http://www.nessus.org/

Nessus goes Closed License - http://www.tenablesecurity.com/; http://software.newsforge.com/article.pl?sid=05/10/06/1716257&tid=132&tid=78&tid=27; http://www.nessus.org/news/data/nessus_feed_letter.pdf; http://www.nessus.org/documentation/index.php?doc=nessus3

NeWT Pro 2.0 is a complete, commercially supported network vulnerability scanner from Tenable which allows for scanning any target IP address - http://www.tenablesecurity.com/news/data/pr12.shtml

Rapid7 is a software company which provides computer vulnerability management, risk assessment and policy compliance solutions that help organizations understand the risk of vulnerabilities in their IT environment and ensure their networks are not compromised Ð http://www.rapid7.com/

NeXpose - http://www.rapid7.com/support/faq-answer2.jsp

Microsoft Baseline Security Analyzer - http://technet.microsoft.com/en-us/security/cc184924.aspx

Retina Vulnerability Assessment Scanner Ð http://www.eeye.com/

Open Source Vulnerability Database (OSVDB) - http://osvdb.org/

 

STAR Chapter 4

 

Exploit used to breach university - http://news.cnet.com/8301-1009_3-10245815-83.html

Subseven - http://www.sub7legends.com/

Stopping Sub7 - http://www.crime-research.org/library/grcdos.pdf

Milw0rm.com is a database of exploits categorized by type Ð http://milw0rm.com/

Metasploit Project is a computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development Ð http://www.metasploit.com/

CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide Ð http://www.immunitysec.com/

CORE IMPACT Pro is a commercial automated penetration testing software solution developed by Core Security Technologies which allows the user to probe for and exploit security vulnerabilities in computer networks, endpoints and web applications Ð http://www.coresecurity.com/

 

STAR Chapter 5

 

Securing your logs - http://codeidol.com/sql/network-security-hack/Windows-Host-Security/Secure-Your-Event-Logs/

Manipulate last user logged on using Lognamer tool - http://www.e-sushi.net/files/lognamer.zip

Cleaning out the Internet Explorer cache, cookies, and history using IEClean tool - http://www.e-sushi.net/files/ieclean.zip

Last True Login tool - http://www.dovestones.com/Downloads/Demos/TrueLastLogonTrial.msi

Recording users last logoff time - http://www.dovestones.com/active-directory/true-last-logon/last-logoff.html#script

Windows Security Log - http://www.microsoft.com/technet/archive/winntas/maintain/security/ntsecuri.mspx?mfr=true; http://www.windowsitpro.com/Windows/Article/ArticleID/8785/8785.html; http://technet.microsoft.com/en-us/library/Bb742436.aspx; http://www.windowsitpro.com/Windows/Article/ArticleID/40022/40022.html; http://technet2.microsoft.com/windowsserver/en/library/962f5863-15df-4271-9ae0-4b0412e297491033.mspx?mfr=true

Winzapper - http://www.ntsecurity.nu/toolbox/winzapper/

 

 

STAR Chapter 6

 

 

Microsoft said .pst files are vulnerable with passwords applied - http://support.microsoft.com/kb/143241

Intermountain Health Care issuing visitor tags - http://findarticles.com/p/articles/mi_qn4188/is_20041227/ai_n11495483/

National Institute of Standards and Technology (NIST) Ð http://www.nist.gov/

CIO Pilot Best Security Practices (BSPs) Ð http://csrc.nist.gov/groups/SMA/fasp/resources.html

SANS Security Policy Project Ð http://www.sans.org/resources/polices/

CompTIA Ð http://www.comptia.org/

EC-Council Ð http://www.eccouncil.org/

International Information Systems Security Certification Consortium or (ISC)2 Ð http://www.isc2.rog/

SANS Ð http://www.sans.org/

Internet Storm Center Ð http://isc.sans.org/

 

 

STAR Chapter 7

 

 

The Honeynet Project Ð http://www.honeynet.org/

Null Session Exploit - http://www.governmentsecurity.org/hack_exploit_ipc_share

Null Session Vulnerability Ð http://msdn.microsoft.com/en-us/library/ms913275(WinEmbedded.5).aspx

PGP Ð http://www.pgp.com/

BitbLocker - http://www.microsoft.com/windows/windows-vista/features/bitlocker.aspx

Cold Boot attacks - http://secude.com/htm/801/en/White_Paper%3A_Cold_Boot_Attacks.htm

Snort Ð http://www.snort.org/

Sourcefire - http://www.sourcefire.com/

BlackIce - http://documents.iss.net/literature/ICEcap/BlackICE_Sentry_User_Guide30.pdf

Common Vulnerabilities and Exposures Ð http://cve.mitre.org/

IBM RealSecure Ð http://www-935.ibm.com/services/us/index.wss/offerfamily/iss/a1029097

SonicWALL - http://www.sonicwall.com/us/

Juniper - http://www.juniper.net/us/en/

TippingPoint - http://www.tippingpoint.com/

Web Applications Firewalls - http://www.cso.com.au/article/307044/web_app_firewalls_how_evaluate_buy_implement

Enterprise Anti-virus - http://windowsitpro.com/article/articleid/98441/enterprise-antivirus-software.html.

 

 

STAR Chapter 8

 

VMware leader in virtualization market - http://www.hostreview.com/icontent/the-blog/vmware-leader-virtualization-market

Cloudburst - http://www.syscan.org/Sg/program.html

BackTrack 4 Forensics Mode - visit http://www.cybersec.eu/?p=128

Helix - http://www.404techsupport.com/2009/03/17/helix-computer-security-forensics/

Belgian Federal Computer Crime Unit (FCCU) GNU/Linux Boot CD - http://www.forensicswiki.org/wiki/FCCU_Gnu/Linux_Boot_CD; http://www.lnx4n6.be/; http://www.secguru.com/link/fccu_linux_forensic_bootable_cd

Wireshark - http://www.wireshark.org/

ZoneAlarm Pro - http://www.zonealarm.com/

Outpost Pro Firewall - http://www.agnitum.com/products/outpost/

Norman Personal Firewall - http://www.norman.com/

eConceal Firewall Pro - http://www.mwti.net/products/firewall/econceal_pro/econceal_pro.asp

Webroot Desktop Firewall - http://www.webroot.com/En_US/consumer-products-desktopfirewall.html

InJoy Firewall - http://www.injoy-firewall.com/

Writing a Perl script by Doug Sheppard - http://www.perl.com/pub/a/2000/10/begperl1.html

Twitter - http://twitter.com/

Twitter and the Swine Flu - http://www.business-standard.com/india/news/swine-flu%5Cs-tweet-tweet-causes-online-flutter/356604/

Twitter and Iran? - http://www.washingtonpost.com/wp-dyn/content/discussion/2009/06/17/DI2009061702232.html

Privacy and Security Issues in Social Networking - http://www.fastcompany.com/articles/2008/10/social-networking-security.html

Online Social Networking - http://web.pacific.edu/x4989.xml

Bluesnarf - http://www.alighieri.org/tools/bluesnarfer.tar.gz

The Role of Bluesnarfing - http://bluesnarf.blogspot.com/

Bluetooth Hacking Tools - http://www.hackersenigma.com/

Bluejacking Tools website - http://www.google.com/interstitial?url=http://www.bluejackingtools.com/

 

STAR Chapter 9

 

Infrared hotel attack - http://www.defcon.org/html/defcon-13/dc13-speakers.html#major

WinMD5 tool - http://www.blisstonia.com/software/WinMD5/

Breaking SSL using 200 PS3s - http://hackaday.com/2008/12/30/25c3-hackers-completely-break-ssl-using-200-ps3s/

Echelon - http://auscannzukus.net/; http://www.newstatesman.com/; http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//NONSGML+REPORT+A5-2001-0264+0+DOC+PDF+V0//EN&language=EN;

TOR Network - https://www.torproject.org

Sniper Yagi rifle - http://www.theregister.co.uk/2004/08/03/wi-fi_aerial_gun/

Bluetooth Yagi rifle - http://www.wired.com/

GhostNet - http://www.thestar.com/News/World/Article/610860

Cold Boot Attack - http://www.boingboing.net/2008/07/19/cold-boot-encryption.html

Virtual Machine Exploit -

http://www.zdnetasia.com/news/security/0,39044215,62054876,00.htm

 

Cloudburst - http://www.securityvibes.com/cloudburst-a-weaponsied-attack-on-the-cloud-benchai7-news-3003225.html

Weaponizing the Web at DEFCON 17 - http://www.defcon.org/html/defcon-17/dc-17-speakers.html#Moyer

Taking over Voice over IP (VOIP) conversations at DEFCON 17 - http://www.defcon.org/html/defcon-17/dc-17-speakers.html#Beale.

The Blue Pill - http://news.cnet.com/2100-7349_3-6102458.html

Ph-neutral Talks - http://ph-neutral.darklab.org/talks.html

Side Channel Attacks Using Optical Sampling Of Mechanical Energy And Power Line Leakage - http://ph-neutral.darklab.org/talks/andrea.html

SyferLock - http://www.syferlock.com/

Changing how humans use passwords - http://www.cloudave.com/link/syferlock-almost-solves-the-password-security-problem

 

 

STAR Chapter 10

 

Spot the FED - http://www.defcon.org/html/defcon-13/dc13-spotthefed.html

2600 - http://www.2600.com/; http://2600.wrepp.com/index.php

Gary McKinnon - http://news.bbc.co.uk/2/hi/technology/4715612.stm; http://news.bbc.co.uk/1/hi/scotland/glasgow_and_west/6360917.stm; http://news.bbc.co.uk/1/hi/uk/6521255.stm; http://freegary.org.uk/; http://www.londontv.net/latestnews.htm; http://news.bbc.co.uk/1/hi/technology/4715612.stm;

http://www.politics.co.uk/news/legal-and-constitutional/british-hacker-loses-extradition-appeal-$1238262.htm; http://www.guardian.co.uk/world/2008/jul/27/internationalcrime.hacking;

http://www.hackervoice.co.uk/show/archive/2007/hackervoiceradio19mar2007.MP3

The HackerÕs Handbook - http://www.textfiles.com/etext/MODERN/hhbk

Donna Hare - http://www.examiner.com/x-2024-Denver-UFO-Examiner~y2009m1d15-Whistleblowers-evidence-of-NASA-UFO-fraud-might-kill-UK-hacker-case

PSP hack Ð http://www.psp-hacks.com

iDefense and ZDI - http://www.labs.idefense.com; http://www.zerodayinitiative.com/

Adam Laurie (a.k.a. Major Malfunction) -

Dan Kaminsky - http://www.wired.com/politics/security/news/2005/11/69573

Felix ÔFXÕ Lindner Ð

Goodwell and China Eagle - http://www.squidoo.com/thedarkvisitor; https://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=6164&mode=thread&order=0&thold=0

HD Moore - http://osvdb.org/contributors

Jake Kouns Ð

Jeff Moss - http://pcworld.about.com/news/Apr032001id43842.htm

Joanna Rutkowska - http://www.eweek.com/article2/0,1895,2078362,00.asp

Johnny Long - http://johnny.ihackstuff.com/

Kevin Mitnick - http://www.kevinmitnick.com/

Stephan Northcutt - http://www.sans.edu/directors.php

Tony Watson - http://www.themanwhosavedtheinternet.com/; http://www.paw.org/about.html

Wikiality - http://en.wikipedia.org/w/index.php?title=The_Colbert_Report_recurring_elements&diff=prev&oldid=66945346; http://en.wikipedia.org/w/index.php?title=George_Washington&diff=prev&oldid=66945427

Megyeri Bridge Naming Poll - http://index.hu/gazdasag/magyar/megya080930/

NASA and Colbert - http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2009/04/14/entertainment/e171111D36.DTL&type=health.

Gobbles - http://encyclopediadramatica.com/GOBBLES

n3td3v - http://www.securityfocus.com/news/11419

ARES Ð The International Dependability Conference (The International Conference on Availability, Reliability and Security) - http://www.ares-conference.eu/conf/

Best of Open Source Security (BOSS) Conference - http://www.bossconference.com/

BlackHat - http://www.blackhat.com/

BlueHat - http://technet.microsoft.com/en-us/security/cc261637.aspx

Brucon - http://www.brucon.org/index.php/Main_Page

New Camelot Council - http://www.newcamelotcouncil.com/indexEN.html

CanSecWest - http://cansecwest.com/index.html; http://cansecwest.com/dojo.html

Chaos Communication Congress (CCC) - http://events.ccc.de/congress/2009/

Computer and Communications Security (CCS) - http://www.sigsac.org/ccs/CCS2009/

Computer and Enterprise Investigations Conference (CEIC) - http://www.ceicconference.com/

Computer Forensics Show - http://www.computerforensicshow.com/

Computer Security Institute Annual Conference (CSI) - http://www.gocsi.com/

Computer Security Institute Security Exchange (CSI-SX ) - http://www.csisx.com/

CONFidence - http://2009.confidence.org.pl/

DeepSec In-Depth Security Conference - https://deepsec.net/

DEFCON - http://www.defcon.org/

DojoSec Monthly Briefings - http://www.dojosec.com/

Ekoparty Security Conference Ð http://www.ekoparty.com.ar/

EUSecWest London - http://eusecwest.com/index.html

FRHACK International IT Security Conference - http://www.frhack.org/

Hack.in - http://www.security.iitk.ac.in/hack.in/2009/

Hack in the box Ð HITBSecConf - https://conference.hackinthebox.org/

Hacker Halted - http://www.hackerhalted.com/

IPTComm: Principles, Systems and Applications of IP Telecommunications - http://iptcomm.org/

Infosecurity Europe - http://www.infosec.co.uk/

International Conference on Security and Cryptography (SECRYPT) Ð http://www.secrypt.org/

International Workshop on Fast Software Encryption (FSE) -

https://www.cosic.esat.kuleuven.be/fse2009/

Internet Security Operations and Intelligence (ISOI) - http://www.isotf.org/isoi6.html

Kiwicon - http://www.kiwicon.org/

LayerOne - http://layerone.info/

PacSec - http://pacsec.jp/

RSA - https://365.rsaconference.com/index.jspa

Rocky Mountain Information Security Conference (RMISC) Ð http://www.issa-denver.org/RMISC.htm

SEaCURE.it - http://www.seacure.it/

SecTor - Security Education Conference Toronto - http://www.sector.ca/

SecureWorld Expo - http://www.secureworldexpo.com/

Shakacon - http://www.shakacon.org/

ShmooCon - http://www.shmoocon.org/

SOURCE Conference - http://www.sourceconference.com/

SyScan - http://www.syscan.org/

Techno Forensics Conference - http://www.thetrainingco.com/html/TechnoForensics2009.html

Techno Security Conference - http://www.thetrainingco.com/html/Techno2009.html

Toorcamp - http://www.toorcamp.org/

ToorCon - http://www.toorcon.org/

uCon - http://ucon-conference.org/

USENIX Security Symposium Ð http://www.usenix.org/

Workshop on Collaboration and Security (COLSEC) - http://www.univ-orleans.fr/lifo/Manifestations/COLSEC/

Adrian Lamo - http://pax.vox.com/

Chris Gates - http://carnal0wnage.blogspot.com/

Christophe Veltsos - http://blog.drinfosec.com/

Dan Kaminsky - http://www.doxpara.com/

Dustin L. Fritz Ð http://en.wikipedia.org/wiki/Main_Page

Felix ÔFXÕ Lindner - http://www.phenoelit.net/lablog/

HD Moore - http://blog.metasploit.com/

Jayson E. Street Ð http://jayson-street.tumblr.com/

Joanna Rutkowska - http://theinvisiblethings.blogspot.com/

Joe Grand - http://en.wordpress.com/tag/joe-grand/

Joe McCray Ð http://www.learnsecurityonline.com/

Johnny Long Ð http://www.hackersforcharity.org/

Kevin Poulsen - http://www.wired.com/

Linus Torvalds - http://torvalds-family.blogspot.com/

Marcus J. Carey - http://blog.marcusjcarey.com/

Marcus J. Ranum Ð http://www.ranum.com/

Richard Bejtlich - http://taosecurity.blogspot.com/

Richard Stallman - http://www.fsf.org/blogs/rms

Rob Fuller - http://www.room362.com/

Robert Tappan Morris - http://pdos.csail.mit.edu/~rtm/

Ron Gula - http://blog.tenablesecurity.com/

Stephen Wozniak - http://www.woz.org/

Tim Berners-Lee - http://dig.csail.mit.edu/breadcrumbs/blog/4

PaulDotCom - http://pauldotcom.com/

Securabit - http://securabit.com/

Security Justice - http://securityjustice.com/

 

 

STAR Chapter 11

 

The account number - http://swiss-bank-accounts.com/e/fiction/bourne-identity-1988/index.html

Odysseus - http://projectsx.dartmouth.edu/classics/history/bronze_age/lessons/les/27.html

What is WarGames? - http://www.imdb.com/title/tt0086567/

What is Aurora? - http://www.fas.org/irp/mystery/aurora.htm; http://accelerationresearch.tripod.com/

The Net ÔInternet ChatÕ with Cyberbob - http://www.imdb.com/title/tt0113957/

Sydney Bristow - http://www.hollywood.com/news/Garner_Changes_Her_Name_to_Affleck/3473623

Chimera film and mythology - http://www.tiscali.co.uk/reference/encyclopaedia/hutchinson/m0024745.html

 

 

STAR Chapter 12

 

Perverted Justice - http://www.perverted-justice.com/

IRC Carders/ Credit Card Scam - http://www.gcnews.com/news/2009/0529/Front_page/004.html

Carders - http://www.wyldryde.org/a/000918.php

MPORPG for Communications channel - http://www.gamespot.com/pc/rpg/worldofwarcraft/review.html; http://www.worldofwarcraft.com/info/basics/realmtypes.html; http://www.gamespot.com/pc/rpg/worldofwarcraft/news.html?sid=6153338&mode=news

WoW has Terrorists - http://www.wired.com/threatlevel/2008/04/government-to-s/

InfraGard - http://www.infragard.net/

Information System Security Association Ð http://issa.org/

WiFiFoFum Ð http://www.aspecto-software.com/rw/applications/wififofum/index.html

CHP and WiFi - http://www.tropos.com/pdf/case_studies/tropos_casestudy_smpd.pdf

Locked, but not secure - http://www.engadget.com/videos/lockdown/lockdown_defcon.wmv; http://www.engadget.com/2006/08/24/the-lockdown-locked-but-not-secure-part-i/

36 stratagems - http://www.bjreview.com.cn/exclusive/txt/2006-12/21/content_51557.htm

Sun Tzu - http://en.wikipedia.org/wiki/Sun_Tzu#CITEREFSawyer1994

 

OLD LINKS
(yes some are redundant but didn't think anybody would actually surf this far down) ;-)

Blue tooth
Yagi Rifle

Tools

Metasploit
Nmap
Kismet
NetStumbler

INFOSEC

iDefense
Snort
NeXpose
ISS Real Secure
SANS Reading Room
Tipping Point

News and Resources

Open Source Vulnerability Database
SANS Storm Center
Security Focus

Culture

DEFCON
Black Hat
2600

Misc.

Teen Angels
Perverted Justice
Angel Talk
Red Cross
Cancer.org
Relay for Life
Hackers (The Movie)
War Games (The Movie)


45/ 61/ 73/ 74/ 65/ 72/ 20/ 45/ 67/ 67/ 73/
????????

43:6c:69:63:6b:20:6f:6e:20:74:68:65:20:45:59:45:21