CEH Certification Resources
CEH Tips
CEH: Certified Ethical Hacker -
Taking the Exam
CEH: Practice Exams
CEH: TechExams
-- Certified Ethical Hacker (CEH) exam
EC-Council
- Certified Ethical Hacker (312-50) Practice Exam - This is the one I used
Chapter Links
Ch 1a: Google Hacking Database
Ch
1b: A search that finds password hashes
Ch
1c: Nessus Reports from Google
Ch
1d: More Passwords from Google
Ch 1e: Google
Hacks Volume III by Halla - Interesting but highly
irresponsible
Ch 1f: G-Zapper Blocks the
Google Cookie to Search Anonymously
Ch 1g1: Get
the .NET Framework 1.1
Ch
1g2: Download details: .NET Framework Version 1.1 Redistributable Package
Ch 1g:
SiteDigger 2.0 searches Google’s cache to look for
vulnerabilities
Ch 1h: BeTheBot
- View Pages as the Googlebot Sees Them
Ch 1i:
An experts-exhange page to demonstrate the
Googlebot
CH 1j: HTTP Header
Viewer
Ch
1k: Masquerading Your Browser
Ch 1l: User Agent
Switcher :: Firefox Add-ons
Ch 1m: Modify
Headers :: Firefox Add-ons
Ch 1n: User Agent Sniffer
for Project 1
Ch 1o: GNU Wget
- Tool to Mirror Websites
Ch 1p: Teleport Pro
- Tool to Mirror Websites
Ch 1q:
Google Earth
Ch 1r: Finding Subdomains
(Zone Transfers)
Ch
1s: N. Dakota Judge rules that Zone Transfers are Hacking
Ch 1t: Internet Archive -
Wayback Machine
Ch 1u: Wikto
- Web Server Assessment Tool - With Google Hacking
Ch 1v: VeriSign
Whois Search from VeriSign, Inc.
Ch 1w:
uwhois.com
Ch 1x:
ARIN: WHOIS Database Search
Ch
1y: Border Gateway Protocol (BGP) and AS Numbers
Ch 1z0: Internic
| Whois - the only one that finds hackthissite.org
Ch
1z1: Teenager admits eBay domain hijack
Ch 1z2: NeoTrace
Ch 1z3: VisualRoute
traceroute: connection test, trace IP address, IP
trace, IP address locations
Ch
1z4: oxid.it - Cain and Abel
Ch 1z5: Snort
- the de facto standard for intrusion detection/prevention
Ch 1z6:
RotoRouter 1.0 - Traceroute log
& fake
Ch 1z7: SiteDigger McAfee Free Tools
Ch 1z8: SensePost - Wikto
Ch 1z9: FOCA searches metadata
Ch 1z10: HolisticInfoSec: OSINT: large email address list imports with Maltego
Ch 1z11: InfoSec Resources -- DNS Hacking (Beginner to Advanced)
Ch 1z12: 1 Million Domain DNS Zone Transfer Test -- 14 percent vulnerable
Ch 1z13: DNS zone transfer tools
Ch 1z14: ZoneTransfer.me - teaching tool for DNS Zone Transfer Demos
Ch 1z15: ICANNIANAASO Explained
Ch 1z16: Whois server compromised? Try whois microsoft.com
Ch 2a:
Man page of fping
Ch 2b: Fping
download for Windows
Ch 2c:
SuperScan - for Windows 2000 and XP Without SP 2
Ch 2d: Network Management Software
Products - SolarWinds
Ch 2e: How to enable ICMP echo
requests (Ping) in Windows XP (Service Pack 2)
Ch
2f: Can't Ping the Server 2003 SP 1
Ch
2g: What is port 113 used for?
Ch 2h: RPC Scan (-
sR)
Ch 2h: THC-AMAP - fast and reliable
application fingerprint mapper
Ch 2i:
Insecure.Org - Nmap Free Security Scanner, Tools
& Hacking resources
Ch 2j: Icmpenum
information
Ch
2k: Download Icmpenum 1.0 for Linux -
Icmpenum sends ICMP traffic for host enumeration. -
Softpedia
Ch 2l: SANS
Institute - Intrusion Detection FAQ: How can attacker use ICMP for
reconnaissance?
Ch 2m:
Phrack Magazine - Loki - ICMP Covert Channel
Ch 2n:
ICMPQuery, remote host-type detection
Ch 2v: TCP Header Format
Ch 2w: Window Scan (-
sW)
Ch 2x9: SourceForge.net: hping2
Ch 2x: The
Window Scan explained very well
Ch
2y: How an RPC Scan Works
Ch
2z1: FTP Bounce Attack
Ch 2z2: IPEye
- TCP port scanner (for Windows 2000 / XP Pre SP2)
Ch 2z3:
ScanLine from Foundstone -
Windows Command-Line Port Scanner
Ch 2z4:
PortSentry and LogCheck from
SourceForge.net: Sentry Tools
Ch
2z5: The Siphon Project: The Passive Network Mapping Tool
Ch 2z6: the new p0f
Ch 2z7: Cheops-
ng - Screenshots
Ch 2z8: Tutorial:
Hping2 Basics
Ch 2z9: ICMP Ping Sweep Detection on Windows
Ch 3a: dnsenum - DNSenum is a pentesting cool created to enumerate DNS info about domains
Ch 3b: Backtrack 5- DNSenum Information Gathering Tool
Ch 3c: How to use Fierce -- DNS Analysis perl script
Ch 3d: Restricting DNS Cache Snooping with Bind Configuration
Ch 3e: Grendel Scan Web Application Security Scanner -- in BackTrack
Ch 3f: Microsoft RPC Services
Ch 3f: Microsoft RPC Services
Ch 3g: winfingerprint
Ch 3h: Host Name Resolution in Windows
Ch 3i: nbtscan - NETBIOS nameserver scanner
Ch 3j: DumpSec download
Ch 3k: Project Camelot interviews Gary McKinnon
Ch 3l: Windows Enumeration: USER2SID & SID2USER
Ch 3m: NBTEnum 3.3 Download
Ch 3n: How to restrict access to the registry from a remote computer
Ch 3o: SNMP Tutorial
Ch 3p: DNS Version Scan Results
Ch 4a: 10 Most
Common Passwords
Ch 4a1: Comprehensive List of password-guessing software
Ch 4b:
IPsec filters in Windows
Ch 4c:
IDS finds niche as analytical tools - Network World (2003)
Ch
4d: Setting Up an Intrusion Detection System - Networking Center - Network
Computing (2004)
Ch 4e: Top 10 Password Crackers
Ch 4f: Elcomsoft
Distributed Password Recovery
Ch 4f1: MITM Attack on Terminal Server (pdf)
Ch 4f2: Top 3 Vulnerability Exploitation Tools
Ch 4g: Microsoft Windows
DCOM RPC Interface Buffer Overrun Vulnerability
Ch 4h:
Microsoft Security Bulletin MS03-026
Ch
4i: eEye announcement of the LSASS Buffer Overflow
Ch 4j:
Microsoft Security Bulletin MS04-011: Security Update for Microsoft Windows
(835732)
Ch 4k: How to disable PCT
1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
Ch
4l: Denmark builds XML-based Web services commerce network
Ch
4m: OASIS Security Services (SAML) TC - an XML-based framework
Ch 4n:
Securing ASP Data Access Credentials Using the IIS Metabase
Ch
4o: ADOConn.Open - Google Code Search
Ch 4q:
Security Guidance for IIS
Ch
4r: Gaining Administrator Access on NT with getadmin.exe
Ch 4s:
MS03-013 - Buffer Overrun in Windows Kernel Message Handling could Lead to
Elevated Privileges
Ch 4t: Service
Changes for Windows Vista -- Session 0 Isolation means SYSTEM tasks can't be
interactive
Ch 4u:
Cracking Windows Vista Beta 2 Local Passwords (SAM and SYSKEY)
Ch 4v:
Cracking Syskey and the SAM on Windows XP, 2000 and
NT 4 using Open Source Tools
Ch 4w: How to use the
SysKey utility to secure the Windows Security Accounts
Manager database
Ch
4x: Windows NT/2000/XP/2003/Vista password crackers - recovery, auditing, and
PWDUMP tools
Ch 4y: Password Recovery
Software, ElcomSoft
Ch
4z-4: CacheDump - Recovering Windows Password Cache
Entries
Ch 4z01: Full
Disclosure: Windows XP Home LSA secrets stores XP login passphrase in plain text
Ch 4z02: Administrators can
display contents of service account passwords in Windows NT
Ch
4z03: Auditing Cached Credentials With Cachedump
Ch
4z04: CacheDump - Recovering Windows Password Cache
Entries
Ch
4z05: More information about Cachedump and
countermeasures from Arnauld Pilon
Ch 4z06:
cachebf - Tool for cracking Cached Logon Hashes
Ch 4z07:
PsExec - remote execution tool
Ch 4z08: VNC feature
comparison and download selector
Ch
4z09: RatForge.NET R.A.T and Computer Security Community
Ch
4z10: GoToMyPC : Remote Access to Your PC from
Anywhere -- Secure PC Remote Access Software
Ch 4z11:
LogMeIn Hamachi - Instant VPN
Software for your PC
Ch 4z12:
Foundstone, Inc.© Fpipe - Port
Redirection Tool
Ch 4z13: Tripwire
- Configuration Audit & Control Solutions
Ch 4z14:
Process Explorer
Ch 4z15:
Fport - Shows processes and ports
Ch 4z16: LADS - List Alternate
Data Streams
Ch 4z17: BITLOCKER HACKED - Hard disk
encryption defeated by recovering the key from RAM
Ch 4z18: Exploiting 802.11 Wireless Driver Vulnerabilities on Windows
Ch 4z19: TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet
Ch 4z20: NTLM Hash is MD4
Ch 4z21: Different Types of Hashes and Salts -- EXCELLENT RESOURCE
Ch 4z22: Mac OS X 10.8 Mountain Lion password hash algorithm
Ch 4z23: EFS doesn't set a default Data Recovery Agent in Win XP
Ch 4z24: Pass the Hash on Windows 8.1 with Instructions
Ch 4z25: Password Cracking, Hashes Dumping, Brute-Forcing, Auditing and Privileges Escalation Daniela Elmi IT Space
Ch 4z26: KerbCrack --cracks Windows Kerberos password hashes
Ch 4z27: Cracking Kerberos Passwords with KerbCrack -- DEMO
Ch 4z28: Attacking Kerberos Deployments (from 2010) -- GOOD EXPLANATION OF PREAUTHENTICATION
Ch 4z29: Excellent explanation of Pass The Hash, NTLM, and Kerberos from 2012
Ch 5a: Unix Firewalls Forwarding Source-Routed Packets (from 1996)
Ch 500: CORE IMPACT demonstration video - professional penetration testing toolkit
Ch 500a: Unix Firewalls Forwarding Source-Routed Packets (from 1996)
Ch
501: CrackLib-2.8.12
Ch 501a: THC-HYDRA - fast and flexible network login hacker
Ch 502:
Secure remote password protocol - Wikipedia
Ch
503: SRP JavaScript Demo
Ch 504: Linux
IPCHAINS-HOWTO: Introduction
Ch 505:
grsecurity
Ch 506: Solaris
10 Security Features (with historical context, and Trusted Solaris 8)
Ch 507: Heap Overflow
Exploits
Ch 508:
Saint Jude for Linux - Intrusion Prevention
Ch 509: WWW Security
FAQ: CGI Scripts
Ch
510: Ubuntu: Enabling remote X-windows
Ch
511: Finjan uncovers database storing more than 8,700
stolen FTP credentials
Ch
512: nfsshell - NFS auditing tool
Ch
512a: XSECURE.TXT - Crash Course in X Windows Security
Ch 513: Sun Solaris Telnet Remote Authentication Bypass Vulnerability
Ch 514: Dan Kaminsky Reveals DNS Flaw At Black Hat
Ch 515: Caching bugs exposed in djbdns (2-27-09)
Ch 516: Detecting use after free() on windows. (dangling pointers)
Ch 517: Microsoft Security Bulletin MS12-063 - Critical : Cumulative Security Update for Internet Explorer (2744842)
Flaw in Oracle Logon Protocol Leads to Easy Password Cracking -- SECURITY TEST PROJECT
Ch 518: Sendmail--Anti-Spam Configuration Control
Ch 519: Apache Killer
Ch 6a: Robtex
Ch 6b: PhishTank Statistics about phishing activity and PhishTank usage
Ch 6c: MoonSols Windows Memory Toolkit
Ch 6d: CurrPorts: Monitoring TCPIP network connections on Windows
Ch 6e: Process Explorer
Ch 6f: Process Monitor
Ch 6g: VMMap
Ch 6h: Remote Desktop Connection Bitmap Cache Viewer
Ch 6i: New IE zero day exploit circulating, used to install Poison Ivy (From Sept. 2012)
Ch 6j: Poison Ivy - Remote Administration Tool
Ch 6k: How Malware hides and is installed as a Service
Ch 7a: WarVOX
Ch 7b: Phone hacking: timeline of the scandal
Ch 7c: sipvicious - Tools for auditing SIP based VoIP systems
Ch 7d: Uncovering spoken phrases in encrypted VoIP conversations
Ch 7e: Microsoft says don't use PPTP and MS-CHAP
Ch 7f: Microsoft Security Advisory (2743314): Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure
Ch 8a: Wireless chipsets and drivers
Ch 8b: How-To: Build a WiFi biquad dish antenna
Ch 8c: Fortinet manual, Rogue Access Point Suppression on page 53
Ch 8d: Reaver cracking WPS in 19 hours
Ch 8e: HotSpotter
Ch 8f: Divide and Conquer: Cracking MS-CHAPv2 with a 100 success rate
Ch 8g: Microsoft says don't use PPTP and MS-CHAP
Ch 8h: FreeRADIUS-WPE -- RADIUS server impersonation attack on 802.1x
Ch 8i: 'Validate server certificate' option in PEAP properties
Ch 8j: Vistumbler
Ch 8k: Lawsuits Mount Over Google Wi-Fi Sniffing
Ch 920: Lock bumping - Wikipedia
Ch 921: White House High-Security Locks Broken: Bumped and Picked at DefCon
Ch 922: Magnetic stripe card - Wikipedia
Ch 923: Magnetic Stripe Reader/Writer (encoder)
Ch 924: Portable Credit Card Hacking, Portable Credit Card Hacking Software
Ch 925: Passport RFIDs cloned wholesale by $250 eBay auction spree
Ch 926: MIFARE - Wikipedia
Ch 927: Mifare--Little Security, Despite Obscurity
Ch 928: DefCon: Boston Subway Officials Sue to Stop Talk on Fare Card Hacks -- Update: Restraining Order Issued; Talk Cancelled
Ch 929: Parallel ATA - Wikipedia
Ch 930: ATA_Security_Roadblock_to_Computer_Forensics.pdf
Ch 931: Laptop Password Removal : Vogon Password Cracker Pod
Ch 932: Password Cracker Pod: for laptop hard drive passwords
Ch 933: RISE Security - ASUS Eee PC Rooted Out of the Box
Ch 934: Default Password List
Ch 935: Eavesdropping on Bluetooth Headsets -- Video
Ch 936: Two Arrested in First Bust for ATM Reprogramming Scam | Threat Level from Wired.com
Ch 937: Microsoft Pushes Fix to Disable AutoRun (from 2011)
Ch 939: ATM security problem at LayerOne conference (from May 2012)
Ch 940: HowStuffWorks 'What's the difference between RFID and NFC?'
Ch 941: Google Wallet - Wikipedia
Ch_10a:
Foundstone White Papers - Including Hacme
Bank Solution Guide
Ch_10b:
Hacme Travel User Guide (pdf)
Ch_10c:
Foundstone Free Tools including Hacme
Bank and Hacme Travel
Ch_10d2:
Netcat for Windows - Alternate Link
Ch_10d: Netcat
for Windows
Ch_10e:
Strings v2.40 - reads strings from enecutable files
Ch_10f:
Process Explorer
Ch_10g:
Wireshark Protocol Analyzer
Ch_10h:
Foundstone - Resources - Videos of Hacme
Lessons
Ch_10i:
xkcd - Little Bobby Tables
Ch_10k: IBM WebSphere
- Wikipedia
Ch_10l:
Fortune 1000 Research: Top 1000 Web Servers Survey
Ch_10m: Web
Server Survey Archives - Netcraft
Ch_10n:
Watchfire products including AppShield
Ch_10o:
URLScan Security Tool
Ch_10p:
Macromedia - Allaire Security Bulletin (ASB99-01) -
ColdFusion Expression Evaluator patch
Ch_10q:
Microsoft Security Bulletin (MS00-031): IIS HTR File Fragment Reading
vulnerability
Ch_10r: IIS ASP::$DATA
Vulnerability (Canonicalization attack)
Ch_10s:
New in IIS 7 - App Pool Isolation
Ch_10t:
Understanding IIS 7.0 URL Authorization: Configuring Security
Ch_10u: Microsoft IIS 5.0
Translate: f Source Disclosure Vulnerability
Ch_10v:
Exploit code for the Translate: f bug
Ch_10z01:
Nikto Web Server Vulnerability Scanner
Ch_10z02:
TRACE vulnerability explained (pdf)
Ch_10z03: Wget
- Wikipedia
Ch_10z04: Parosproxy.org - Web
Application Security
Ch_10z05:
Hijacking a Macbook in 60 Seconds or Less - Jon
Elich and David Maynor
Ch_10z06:
XSS (Cross Site Scripting) Cheat Sheet
Ch_10z07: URL Encoded
Attacks - Double Decoding Attack Examples
Ch_10z08:
Damn Vulnerable Linux 1.0 - download here - create an account
Ch_10z09: How main() is
executed on Linux
Ch 10z15: Google Search to find Amazon Private Keys on Github
Ch 10z16: GitHub Forced to Disable Search After Exposing Private SSH Keys
Ch 10z17: Prolexic Report on Dr-DOS
Ch 11a: Android 4.1 'Jelly Bean' reaches 1.8 percent market share
Ch 11b: sqlite encryption for android
Link Ch 11c: Using DDMS Android Developers
Ch 11d: shortfuse.org Official Home of SuperOneClick!
Ch 11e: APP z4root - xda-developers
Ch 11f: GingerBreak APK (root for GingerBread) - xda-developers
Ch 11g: BurritoRoot for Kindle Fire
Ch 11h: What is the NDK? Android Developers
Ch 11i: android-apktool - A tool for reverse engineering Android apk files
Ch 11j: DefCon 18 - These Aren't the Permissions You're Looking For on Vimeo
Ch 11k: Eligible devices for use with Google Wallet - Wallet Help
Ch 11l: iBooks Not Working on Jailbroken iPhones: Here's the Fix
Ch 11m: iOS dictionary apps posting false piracy 'confessions' onto users' Twitter accounts
Ch 11n: Just How Much Of A Problem Is Android Malware? (Aug. 2012)
Ch 11o: About the security content of iOS 4.3.4 Software Update
Ch 11p: iKee--the first iPhone worm (2009)
Ch 11q: CVE-2009-1683: iPhone DoS via ICMP
Ch 11r: Android climbed to 79 percent of smartphone market share in 2013, but its growth has slowed
Ch 11s: Gartner ignores Apple's sales numbers, reports Android marketshare doubled iPad in 2013
Ch 11t: Debunking four myths about Android, Google, and open-source ZDNet
Ch 11u: Android Version Popularity
Ch 11v: Number of the week: list of malicious Android apps hits 10 million
Ch 11w: TOOL Rootx 2.2 (Rev 3 )- Root almost all android devices - xda-developers
Ch 11x: CarrierIQ Android Security Test
Ch 11y: Google Wallet Purchase Protection - Wallet Help
Ch 11z: iOS Encryption Is So Good, Not Even the NSA Can Hack It
Ch 11z2: How The NSA Hacks Your iPhone (Presenting DROPOUT JEEP) Zero Hedge
Ch 11z3: The iPhone Has Passed a Key Security Threshold (encryption, 2012)
Ch 11z4: iOS Keychain Weakness FAQ (from 2012)
Links from Previous Textbook Edition
Ch 3a: Droop's Box:
Simple Pen-test Using Nmap, Nikto,
Bugtraq, Nslookup, and
Other Tools
Ch
3b: CAN numbers and CVE numbers
Ch
3c: Vista: Install or Enable the Telnet Client or Server
Ch 3d: Netcat for Windows
Ch 3d1: Local mirror of netcat for windows
Ch 3d2: Local mirror of netcat for windows- encrypted with 7-zip - password sam
Ch 3d3: Netcat in windows (another site)
Ch 3e: TCP Wrappers
(Wikipedia)
Ch 3f: TCP Wrappers (more details)
Ch
3g: Microsoft Security: IIS Lockdown Tool
Ch 3h:
URLScan Security Tool
Ch 3i: Port knocking -
Wikipedia
Ch 3j: PORTKNOCKING -
A system for stealthy authentication across closed ports. : IMPLEMENTATIONS : implementations
Ch 3k:
PortKnocking - Community Ubuntu
Documentation
Ch 3l:
IPTables HowTo - Community
Ubuntu Documentation
Ch 3m: How to change eth1 to
eth0 in a VMware Linux Machine
Ch 3n: Download
epdump scanner
Ch 3v:
Host Name Resolution in Windows XP and Server 2003
CH 3w: nbtscan
- NETBIOS nameserver scanner
Ch
3x: Null session attacks: Who's still vulnerable?
Ch 3y:
Registry Keys to Control Null Sessions in XP and 2003
Ch 3z00: The effects of removing
null sessions from the Microsoft Windows 2000 and Microsoft Windows NT
environment
Ch 3z01: Null Sessions don't
apply to Win 95, 98, or Me
Ch
3z02: SystemTools.com -DumpSec and Hyena
Ch 3z03:
Project Camelot interviews Gary McKinnon
Ch
3z04: Windows Enumeration: USER2SID & SID2USER
Ch 3z05: Download
Winfo - Null Session Enumeration Tool - Runs on Vista
Ch
3z06: SNMP Enumeration and Hacking
Ch 3z07: Understanding
MIBs
Ch 3z08: Using SNMP for
Reconnaissance
Ch 3z09: Get SNMPUTIL here and
learn how to use it
Ch 3z10: Novell
NetWare - Wikipedia
Ch 3z11: How to make characters
visible in Windows Telnet
Ch
3z12: How Security Identifiers Work (SIDs)
Ch
3z13: RIDs and the RID Master role
Ch
3z14: Install and Enable SNMP Service in Windows XP, Vista and 2003
Ch 3z15: NBTEnum 3.3 -- New tool for NetBIOS Enumeration
Ch 3z16: How to restrict access to the registry from a remote computer
Ch
601: Sandstorm Enterprises - PhoneSweep
Ch
602: Symantec pcAnywhere 12.1: Remote Computer Access
- PC Remote Control
Ch 603:
pcAnywhere 12.0 - Reviews by PC Magazine
Ch 604: pcAnywhere
Password Recovery Service
Ch 605:
M4PHR1K.COM - WHITE HAT War Dialers, PBX, and Voicemail Box testing
Ch 606: Default Password List
Ch 607:
RSA / RSA SecurID / SecurID
Tokens / Two-Factor Authentication | RSAGuard.com
Ch 608: PBX
(Private branch exchange) - Wikipedia
Ch 609:
Procomm Plus Discontinued - Symantec Corp.
Ch 610: Aspect Scripting
Ch 611: Virtual
private network - Wikipedia
Ch 612: B. Schneier
and Mudge's paper breaking Microsoft PPTP
Ch 613:
The Crumbling Tunnel - aleph1 reveals PPTP flaws
Ch 614: Cryptanalysis of
Microsoft's PPTP Authentication Extensions (MS-CHAPv2)
Ch 615: A Cryptographic Evaluation
of IPsec
Ch 616: H.323 - Wikipedia
Ch 617:
Session Initiation Protocol - Wikipedia
Ch 618: Abstract Syntax Notation One
- Wikipedia
Ch 619:
Blind Teenage Hacker accused of Swatting - Spoofing Caller ID on VoIP calls to
police
Ch 620:
vomit - voice over misconfigured internet telephones
Ch 621: Scapy
- powerful interactive packet manipulation program
Ch 622: Free VOIP phone
software for Windows - free download
Ch 623: RTP Tools
1.18
Ch 624: Java
SE Desktop Technologies - Java Media Framework API (JMF)
Ch 625: Anyone up for Cisco password cracking?
Ch 626: IKECrack - Bruteforce crack for IPSec
Ch 627: Online Cisco VPN GroupPwd Decryption
Ch 628: Cisco VOIP Commands Cheat Sheet from John C. Samuel
Ch 629: Advanced Routing Commands Cheat Sheet from John C. Samuel
Ch 630: Recovering phrases from encrypted Skype calls by examining the bitrate
Ch
701: Internet Routing Insecurity::Pakistan Nukes YouTube with DNS Record Change
Ch 702: Pakistan removed from
the Internet
Ch
703: nslookup / host Dns
Client Testing Command Not Found on Debian /
Ubuntu Linux
Ch
704: Types of DNS records
Ch 705: DNS
SRV records for SIP and XMPP
Ch
706: Port Forwarding in andlinux
Ch 707: OSI model - Wikipedia
Ch 708: What is an APDU?
Ch 709: AT&T
Fiber Optic Splitter Used to Spy on Internet
Ch 710: Virtual LAN -
Wikipedia
Ch 711: IEEE 802.1Q -
Wikipedia
Ch 712: Ethernet - Wikipedia
Ch 713: VLAN Tagging
Ch 714: VLAN
Jumping Attack
Ch 715: VoIP Hopper...Jumping from
one VLAN to the next!
Ch 716: Making
unidirectional VLAN and PVLAN jumping bidirectional
Ch 717: Bypassing
and hacking switches using VLAN
Ch 718: IP Spoofing: An
Introduction
Ch
719: Windows NT Patch Available to Improve TCP Initial Sequence Number
Randomness
Ch 720:
Slashdot | TCP/IP Sequence Number Analysis
Ch 721: IPsec
- Wikipedia
Ch 722: Cisco Support Lists
Ch
723: Cisco IOS Password Encryption Facts - Cisco Systems
Ch 724: Looking Glass
Overview - Web sites that show live routing information
Ch
725: ILAN Looking Glass--useful for trace demo with ASN values
Ch 726: CERN Looking
Glass--also shows ASN values on a trace
Ch 727:
Big list of looking glass pages sorted by ASN
Ch
727: Hacker writes rootkit for Cisco's routers
Ch 728: Manpage
of TCPDUMP
Ch 729:\'arpwatch\' for security and administration
Ch 730: How to setup Arpwatch
Ch 731: arp-sk -- ARP traffic generators and arpwatch for Windows
Ch 732: arp-sk,WinARP Watch - arpwatch tools for Vista/XP/2003/2000
Ch 733: DecaffeinatID: Simple IDS / ARPWatch For Windows--works on Windows 7!
Ch 801:
WildPackets - OmniPeek Product
Family - Free Demo Version
Ch
802: WildPackets - Wireless Drivers
Ch 803: Orinoco Monitor Mode
Patch Page
Ch 804: AbsoluteValue
Systems, Inc. - linux-wlan Page - Prism2 Card
Compatibility Information Here
Ch 805: Cisco/Aironet
driver for Linux
Ch
806: Quad Stacked Omni 2.4 GHz Antenna
Ch
807: Non Line-Of-Sight (NLoS) Multi-Polarized
Antennas
Ch 808: Global Positioning System -
Wikipedia
Ch 809: Skyhook
Wireless - Find Location from Wi-Fi Access Points
Ch 810: NetStumbler.com
Ch 811: Kismet
Ch 812: SMAC MAC Address
Spoofer / Changer for Windows VISTA, XP, 2003, 2000
Ch 813: An
introduction to LEAP authentication
Ch 814: IEEE 802.1X - Wikipedia
Ch 815: Mac
MakeUp - MAC Address spoofing tool - do not use auto-cycle
adapter option
Ch
816: Debunking the Myth of SSID Hiding
Ch 817: VistaStumbler--Wardriving software optimized for Windows Vista
Ch 818: Vistumbler--Better than Vista Stumbler
Ch 819: CACE Technologies - AirPcap Wireless Capture Adapter for Windows
Ch 820: Apple - iPhone - Features - Maps with GPS
Ch 821: Android WiFi Scan & War Driving
Ch 822: Google Maps Mashup Showing WiFi Scan Android Wardriving Results
Ch 823: Android Wifiscan available here
Ch 824: Hotspotter--Like SSLstrip, silently replaces a secure WiFi connection with an insecure one
Ch 825: WiGLE - Wireless Geographic Logging Engine - Plotting WiFi on Maps
Ch 826: Lawsuits Mount Over Google Wi-Fi Sniffing - PCWorld
Ch 901:
ippl - IP Protocols Logger - detects port scans
Ch 902:
Firewalk - Scan behind a firewall
Ch 903:
Use Firewalk in Linux/UNIX to verify ACLs and check
firewall rule sets
Ch 904:
Fpipe v2.01 Port Redirector
Ch 905: Firewall/IDS
Evasion and Spoofing with Nmap
Ch 906: What
is application gateway? - Webopedia
Ch 907:
WinGate Proxy Server / Firewall / Email server / Gateway
Management Solution
Ch 908: WinGate
- Wikipedia
Ch
909: Astaro Internet Security - Astaro
Security Gateway Software Appliance
Ch_10a:
Foundstone, Inc.© UDPFlood
Ch_10b: Application-layer
DDoS Attacks: Detection and Resiliency (ppt
file)
Ch_10c:
Five percent of Web traffic caused by DDoS attacks
Ch_10d:
Hacktics Presentation on Application-Layer DOS from
OWASP (pdf)
Ch_10e: Cisco Guard
DDoS Mitigation Appliances
Ch_10f: SYN Cookies - a mathematical
way to resist SYN Floods
Ch_10g: Cisco -
Strategies to Protect Against Distributed Denial of Service (
DDoS) Attacks
Ch_10h: Bogons
- Invalid Source Addresses - Team Cymru
Ch_10i:
Sinkhole_Tutorial_June03.pdf
Ch_10j:
RadView - SoftwareTesting Tools.
Performance Testing and Load Testing for Web Applications
Ch_10k: Web Test Tools
Compared
Ch_10l: DDoS
Attack Protection - Service Provider Network Visibility, Peakflow
SP - Arbor Networks, Inc.
Ch_10m:
Foundstone Network Security - DDOSPing
- Free tool to detect DDoS Bots
Ch_10n: Creating a
Computer Security Incident Response Team: A Process for Getting Started
Ch_10o:
Akamai: The Leader in Web Application Acceleration and
Performance Management, Streaming Media Services and Content Delivery
Ch_10p:
SAVVIS, Inc - Built to Respond
Ch_10q: SYN flood - Wikipedia
Ch_11a: Mudge
- Wikipedia
Ch_11b: How
to write Buffer Overflows - Mudge, 1995
Ch_11c: Smashing the Stack for
Fun and Profit by Aleph One
Ch_11d:
Stack (data structure) - Wikipedia
Ch_11e:
Damn Vulnerable Linux - The most vulnerable and exploitable operating system
ever - Your First Damn Vulnerable Linux Lesson
Ch_11f:
Video Tutorial for DVL Buffer Overflow Exploit
Ch_11g: GDB (Gnu
Debugger) Tutorial
Ch_11h:
Debugging with gdb - gdb
Commands
Ch_11i: Debugging with
GDB
Ch_11j: Titan Ftp
Server Long Command Heap Overflow
Ch_11k: w00w00 on Heap
Overflows
Ch_11l: Format String
Attacks
Ch_11m:
Hijacking a Macbook in 60 Seconds or Less
Ch_11n:
Address space layout randomization - Wikipedia
Ch 11o: Cenzic Hailstorm Enterprise ARC Receives High Marks From Information Security Magazine
Ch 11p: Cenzic Hailstorm Professional
Ch_13_01: The
Exploder Control Frequently Asked Questions (FAQ)
Ch_13_02: ActiveX
'Safe for Scripting' vulnerability - scriptlet.typelib
and Eyedog Vulnerability (1999)
Ch_13_03: Sony
Rootkit ActiveX control incorrectly marked "safe for
scripting" (2005)
Ch_13_04:
ActiveX - Active Exploitation | ASTALAVISTA
Ch_13_05:
SiteLock 1.14 Template for ActiveX Controls
Ch_13_06: How to stop an
ActiveX control from running in Internet Explorer with the Kill Bit
Ch_13_07: Brown Orifice - Java
vulnerability from 2000
Ch_13_08: Java Virtual Machine
remote compromise through a heap overflow
Ch_13_09: Internet Explorer
Vulnerabilities
Ch_13_10: CERT Advisory
CA-2000-05 Netscape Navigator Improperly Validates SSL Sessions
Ch_13_10:
What's an IFrame attack and why should I care?
Ch_13_11:
Microsoft Security Bulletin MS01-027 - Flaws in Web Server Certificate
Validation Could Enable Spoofing
Ch_13_12:
IE SSL Vulnerability (2002)
Ch_13_13: Homograph attacks
Ch_13_14:
SANS Institute - SSL Man-in-the-Middle Attacks
Ch_13_15:
Auto-Start Extensibility Points (ASEPs)
Ch_13_16:
MyDoom
Ch_13_17: The
Nimda Worm - automatic execution of MIME attachments
Ch_13_18:
Instant Messaging Viruses - Avoid IM Viruses - Microsoft Security
Ch_13_19: Microsoft GDI
Library JPEG Segment Length Integer Underflow Vulnerability
Ch_13_20: An
Analysis of the 180 Solutions Trojan
Ch_13_21: How to
strengthen the security settings for the Local Machine zone in Internet
Explorer
Ch_13_22: Demonstration of
an obscured URL trick
Ch_13_23: rootkit.com
Ch_13_24: bluepillproject.org
Ch_13_25:
Jamie Butler's PPT file - DKOM (Direct Kernel Object Manipulation)
Ch_13_26: ActiveX - Active Exploitation -- Uninformed - vol 9 article 2
Ch_13-27: Firefox Security--Firefox Doesn\'t Properly Check for Revoked certificates!
2009-05-08: Ch 13_28: Imperva Web Application Firewall Demo
Ch 13_28: Imperva Web Application Firewall Demo
Ch_13_29: Jeremiah Grossman: Let\\\'s talk Web Application Firewalls (WAFs)
|
Miscellaneous Links
Securely Erasing Partitions | Novell User Communities
DEFCON Capture The Flag
Solutions
Freeware
Hex Editor XVI32 - Excellent Windows Hex Editor
Hacker Challenge
Websites
Hacking
IIS 4 Tutorial
Hacking
Video: Exploiting MySpace with a SWF and WMF file attack
Hacking Video:
TSGrinfer - RDP Brute Force
Hacking Video:
Wirelessly hacking Gmail and more - tutorial
MD5 Collision Demo - How
to create files with identical MD5 hashes
Root
Hack Survival Guide
RootHack: How to Secure Linux Servers :: Basic Linux Server
Security
RootHack:
NMAP Scanning and PortSentry Evasion
SmbRelay captures NTLM hashes
Solaris -
OpenPKG Project - Unix software packages
Solaris DHCP
Client (Solaris DHCP Administration Guide)
Solaris:
Basic Setup For Apache In Solaris 10
Solaris:
Blastwave.org packages
Solaris:
Change DNS Client Settings
Solaris: How do I find the name of
the current shell
Solaris: How To Get Started with
Blastwave.org - for Solaris 10 Users
Solaris: Install Date of
Solaris Machine
Solaris:
Installing apps/packages with pkg-get
Solaris: pkg-get
man page
Solaris:
Set the Date and Time on Solaris
Solaris:
Sudoers Manual
Solaris:
Update error - Cacao - Many workarounds, no real solution
Solaris: UTF-8 and Unicode
FAQ
Solaris: VMware Tools for Solaris
10
VOIPSA : Resources : VoIP
Security Tools
Web hacking:
Turning firefox into a Web App assault kit
X001: Binary and other number systems
Wardriving software for Windows XP: inSSIDer: Copy and Paste Results Into Excel
Technical Analysis of the Recent Adobe Flash Zero-Day Vulnerability--Excellent explanation of mutated base fuzzing
Create a NC Backdoor with Metasploit Meterpreter Tutorial
edb - Linux debugger, easier to use than gdb--important for Advanced Hacking class
Creating Metasploit Exploit Modules Step By Step (Tutorial!)
Death of an ftp client / Birth of Metasploit modules; Excellent tutorial about fuzzing & metasploit
Evilgrade 2.0 - the update explotation framework is back--CNIT 124 Project!
Kittens and revenge on wi-fi freeloaders <-- good CNIT 124 Project
Online WPA cracker with stats - CNIT 124 Project
Instructions for the Pass-the-hash attack with Metasploit - CNIT 124 Project
Evilgrade -- fake Java updates and more - CNIT 124 Project
Evilgrade -- fake Java updates and more - CNIT 124 Project
Skypher - Heap Spray Generator
The Evil Access Point! - CNIT 124 Project
PyLoris--SlowLoris for Windows! <--CNIT 124 Project
Honeywall--bootable honeypot CD - CNIT 124 Project
2010-11-25: OWASP HTTP Post Tool makes your laptop a sniper rifle <--CNIT 124 Project
Excellent OWASP slides explaining the Slow HTTP POST Layer 7 DoS--IIS & Apache vulnerable, load-balancers don\'t save you
Armitage - Cyber Attack Management for Metasploit - CNIT 124 Project
Tarpit (networking) - another way to use a Layer 7 DoS sort of effect for good - CNIT 124 Project
New HTTP POST DDoS Attack Tools Released - CNIT 124 Project
2010-12-01: .: ArpON - Blocks ARP Poisoning - CNIT 124 Project
NetWitness Investigator Software Download - CNIT 124 Project
SourceForge.net: NetworkMiner - CNIT 124 Project
Metasploit: Capturing Windows Logons with Smartlocker - CNIT 124 Project
Jeremiah Grossman: Spoofing Google search history with CSRF <--Great simple POC
XSS proof of concepts using different character encodings; Chrome does not get fooled - CNIT 124 Project
Arbor Peakflow: DDoS Protection - CNIT 124 Project
2010-12-24: Twitter Password Decryptor - CNIT 124 Project
Firefox vulns--highlights the need for whitelisting to stop XSS -- CNIT 124 Project
Packetstan: Scapy, and Random Acts of Packety Violence - CNIT 124 Project
Pitbull--simple attack bot in Perl <==CNIT 124 Project
Pitbull--simple attack bot in Perl - CNIT 124 Project
Security Onion: Intrusion Detection LiveDVD <--CNIT 124 Project
ICSI Netalyzr <-- Excellent, detailed information about your network--try it out! <--CNIT 124 Project
Drive By Exploitation With Metasploit! <--CNIT 124 Project
Universal HTTP DoS - Are You Dead Yet? - CNIT 124 Project
r-u-dead-yet - Layer 7 DoS Tool - CNIT 124 Project
Wireless LAN Penetration Testing Course<--CNIT 124 Project
Mantra - Free and Open Source Browser based Security Framework<--CNIT 124 Project
ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks <--CNIT 124 Project
ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks <--CNIT 124 Project
How to set up HTTP Tunnels <--CNIT 124 Project
How to set up HTTP Tunnels <--CNIT 124 Project
ISR Trinity Bomb DDoS Tool on Vimeo <--Possible CNIT 124 Project
@jduck1337 Using Metasploit and another stuxnet/windows privilege escalation vuln (CVE-2010-2743) - CNIT 124 Project
Microsoft Attack Surface Analyzer - CNIT 124 Project
2011-01-19: Wi-Foo - The Secrets of Wireless Hacking <--CNIT 124 Project
Example nginx.conf gile
Linux Guru: How to install NGINX
Anonymous IRC Logs: A Moment in Time
Hiding Malicious PDFs from AVs - CNIT 124 Project
XSS--A Complete XSS reversing/scanner tool <--CNIT 124 Project
DDoS threat raised as Darkness bot is given away for free <--CNIT124 project
Web Form Password Brute Force with FireForce <--CNIT 124 project
WS-Attacker : framework for web services penetration testing - CNIT 124 Project
Reverse Engineering for Beginners - CNIT 124 Project
OpenDLP Pass-The-Hash <--CNIT 124 Project
Exploiting Dynamic Routing Protocols with Loki on Backtrack 4 R2 - CNIT 124 Project
[WEB SECURITY] CSRF: Flash 307 redirect = Game Over - CNIT 124 Project
Analyzing Suspicious PDF Files With PDF Stream Dumper--CNIT 124 Project
Having fun with BeEF, the browser exploitation framework - CNIT 124 Project
Instructions for Windows Buffer Overflows - CNIT 124 Project
Metasploit Mac OS X Post Exploitation : Enumeration and Hash Dump <--CNIT 124 Project
2011-02-25: Pentest lab vulnerable servers-applications list <--CNIT 124 Projects
Microsoft Attack Surface Analyzer <--CNIT 124 Project
2011-03-06: MacNikto <--CNIT 124 Project
2011-03-07: Mitigating Slow HTTP DoS Attacks with ModSecurity
hashkill -- open source password hash cracker <- CNIT 124 Project
DenyHosts: SSH Brute Force Protection <--CNIT 124 Project
A Web
Application Hacker's Toolkit - timtux.net
Arch Linux Forums /
Need to specify full path as root
Arch Linux Installation
Guide
Arch Linux
Installation Guide (official)
ArchWiki
:: Daemons - ArchWiki
ArchWiki :: Disable root password and gain
su sudo with no password
ArchWiki :: Installing archlinux
in VMWare - ArchWiki
ArchWiki :: Pacman -
ArchWiki
BackTrack - Setting up networking in Slackware
CCIE
lessons in PDF files
New Unsorted Links
2011-03-18: Offensive-Security Ohio Chapter (OSOC) <--Excellent project ideas here
Errata Security: Verifying the Comodo Hacker\\\'s Key <--CNIT 124 Project
Free version of Retina vuln scanner - CNIT 124 Project
A great set of add-on scripts for Jasager <--CNIT 124 Projects
Detecting Vulnerable Software Using SCAP/OVAL - CNIT 124 Project
Secure Your Wireless Networks with Scapy Packet Manipulation
Credential Harvesting With Facebook and the Social Engineering Toolkit - CNIT 124 Project
Credential Harvesting With Facebook and the Social Engineering Toolkit - CNIT 124 Project
Reverse connection: ICMP shell - CNIT 124 Project
FREE On-Line CEH by Shon Harris
TOR hammer -- Slow POST and run through Tor
How to Turn Off Linux Security Mechanisms
Advanced Nmap Security Aegis. <-- Excellent description of Nmap tools, lots of good projects here
Freenet6 Routing Problem -- demonstration of IPv6 Routing Loops in Tunnels
2011-11-24: St0rm dump of uni melboune data, dammit I thought he was gonna go straight
0entropy: Powershell, metasploit meterpreter and dns -- PROJECT IDEA
How to bypass Anti-Virus Systems --PROJECT IDEA
SpiderLabs Vulnerable SQL & XSS Testbeds -- CNIT 124 PROJECT
Evilgrade -- MUST TRY THIS
HP Fortify -- FREE DEMO VERSION - Source Code Review
Metasploitable: Gaining Root on a Vulnerable Linux System
Routerpwn -- PROJECT
jasagerpwn - Jasager attack vector script for BackTrack 5 and Ubuntu
PolyPack: An Automated Online Packing Service for Optimal Antivirus Evasion
BotHunter
Decrypting SSL packet dumps with Chrome and Wireshark --PROJECT IDEA
Advanced Exploitation of Mozilla Firefox Use-after-free Vulnerabilities (MFSA 2012-22 CVE-2012-0469)
Crypto & Block Cipher Modes (OpenSSL, AES 128, ECB, CBC) --Video with Linux commands. PROJECT IDEA
Hydra tutorial
CMOS De-Animator -- Clear BIOS Passwords -- PROJECT IDEa
Web Application Pen-testing Tutorials With Mutillidae -- OVER 50 PROJECTS
Images can be used to hide PHP malicious code -- GOOD PROJECT IDEA
PHP Code into JPEG Metadata: From hide to unhide
XlogicXExplosive-Steganography -- Makes fake viruses & bombs -- EICAR plus Virus detects as EICAR only by AV -- PROJECT IDEAS
ReverseEngineeringMalware -- free class materials!
How to Encrypt Cloud Storage on Linux and Windows with EncFS -- PROJECT IDEA
OpenVAS (Open Vulnerability Assessment System) -- PROJECT RESOURCE
Antivirus evasion with syringe -- PROJECT IDEA
WhatWeb -- Identifies Versions and Finds SQL Errors -- PROJECT IDEA
Install NetworkMiner with apt-get - PROJECT IDEA
Malware Analysis as a Hobby slides --Cuckoo looks great! -- PROJECT IDEA
Joe McCray's Hacking Videos
Deliberately insecure Linux distributions as practice targets LWN.net
Scanning Vulnerable Linux Distributions With Nessus
2012-10-13: FedElite Cyber Challenge Application Form
2012-10-13: FedCTE: ASPIRE TO BECOME THE CYBER ELITE: JOIN THE CHALLENGE
Ch 938: IEEE 1667 pledges secure portable storage for all (from 2008)
Ch_10_z10: Apache on Windows Canonicalization Vulnerability from 2006
Ch_10z11: Abusing URL Encoding
Ch 10z12: Huge portions of the Web vulnerable to hashing denial-of-service attack
Ch 10z13: HTTrack Website Copier
Ch 10z14: The Microsoft Source Code Analyzer for SQL Injection tool is available to find SQL injection vulnerabilities in ASP code
SideJacking with Ferret and Hamster in BackTrack 5! --Works on Gmail Accts that allow HTTP :)
dSploit - Android Network Penetration Suite -- PROJECT IDEA
DoS vulnerability affects older iPhones, Droids, even a Ford car -- PROJECT IDEA
2012-11-03: PasteBay.com - Free uncensored text hosting
2012-11-03: AnonPaste
CSE6990 Reverse Engineering class from @McGrewSecurity -- GREAT RESOURCES
Port Scanning using Scapy - InfoSec Institute
Python Network Programming
17.2. socket -- Low-level networking interface -- Python v2.7.6 documentation
UdpCommunication - Python Wiki
CodingBat -- Java and Python exercises
Advanced Penetration Testing Software - Cobalt Strike -- 21-day trial available -- PROJECT IDEA
WhisperSystems -- Encrypted Calls for Android -- GOOD PROJECT
MaxKeepAliveRequests: keep it high
SS64 Command line reference
Sewing Patches in the Veil AV Evasion Framework
Creating Remote Shells that Bypass Anti-Virus with 'Veil'
The Ultimate Beginner's Guide To AppleScript
New Unsorted Links
Learn Python the Hard Way
Fuzzing for SQL injection with Burp Suite Intruder - USE FOR PROJECTS
Pythonista on the App Store on iTunes -- INTERESTING FOR PROJECTS
Pythonista: Using pipista to install modules
How to Build a DNS Packet Sniffer with Scapy and Python
Bypassing Antivirus with Shellter 4.0 on Kali Linux -- GOOD 124 PROJECT
2015-09-09: Metasploit Module Search Page
How to get started with writing an exploit for Metasploit
Msfconsole one-liner example
Scanner HTTP Auxiliary Modules - Metasploit Unleashed
Metasploit: The New Metasploit Browser Autopwn:...
Ch 5a: DNS Request Types
Ch 5b: 10 Linux DIG Command Examples for DNS Lookup
Ch 5c: Open Resolver Project
Ch 5d: Public DNS Server List
Ch 5e: DNS AXFR scan data
Ch 5f: DNS Hacking (Beginner to Advanced) - InfoSec Resources
Ch 5g Wildcard DNS record - Wikipedia
Ch 5h: Network tools for every sys admin
Ch 5i: The Strange History of Port 0