CEH Certification Resources

CEH Tips
CEH: Certified Ethical Hacker - Taking the Exam
CEH: Practice Exams
CEH: TechExams -- Certified Ethical Hacker (CEH) exam
EC-Council - Certified Ethical Hacker (312-50) Practice Exam - This is the one I used

Chapter Links

Ch 1a: Google Hacking Database
Ch 1b: A search that finds password hashes
Ch 1c: Nessus Reports from Google
Ch 1d: More Passwords from Google
Ch 1e: Google Hacks Volume III by Halla - Interesting but highly irresponsible
Ch 1f: G-Zapper Blocks the Google Cookie to Search Anonymously
Ch 1g1: Get the .NET Framework 1.1
Ch 1g2: Download details: .NET Framework Version 1.1 Redistributable Package
Ch 1g: SiteDigger 2.0 searches Google�s cache to look for vulnerabilities
Ch 1h: BeTheBot - View Pages as the Googlebot Sees Them
Ch 1i: An experts-exhange page to demonstrate the Googlebot
CH 1j: HTTP Header Viewer
Ch 1k: Masquerading Your Browser
Ch 1l: User Agent Switcher :: Firefox Add-ons
Ch 1m: Modify Headers :: Firefox Add-ons
Ch 1n: User Agent Sniffer for Project 1
Ch 1o: GNU Wget - Tool to Mirror Websites
Ch 1p: Teleport Pro - Tool to Mirror Websites
Ch 1q: Google Earth
Ch 1r: Finding Subdomains (Zone Transfers)
Ch 1s: N. Dakota Judge rules that Zone Transfers are Hacking
Ch 1t: Internet Archive - Wayback Machine
Ch 1u: Wikto - Web Server Assessment Tool - With Google Hacking
Ch 1v: VeriSign Whois Search from VeriSign, Inc.
Ch 1w: uwhois.com
Ch 1x: ARIN: WHOIS Database Search
Ch 1y: Border Gateway Protocol (BGP) and AS Numbers
Ch 1z0: Internic | Whois - the only one that finds hackthissite.org
Ch 1z1: Teenager admits eBay domain hijack
Ch 1z2: NeoTrace
Ch 1z3: VisualRoute traceroute: connection test, trace IP address, IP trace, IP address locations
Ch 1z4: oxid.it - Cain and Abel
Ch 1z5: Snort - the de facto standard for intrusion detection/prevention
Ch 1z6: RotoRouter 1.0 - Traceroute log & fake
Ch 1z7: SiteDigger McAfee Free Tools
Ch 1z8: SensePost - Wikto
Ch 1z9: FOCA searches metadata
Ch 1z10: HolisticInfoSec: OSINT: large email address list imports with Maltego
Ch 1z11: InfoSec Resources -- DNS Hacking (Beginner to Advanced)
Ch 1z12: 1 Million Domain DNS Zone Transfer Test -- 14 percent vulnerable
Ch 1z13: DNS zone transfer tools
Ch 1z14: ZoneTransfer.me - teaching tool for DNS Zone Transfer Demos
Ch 1z15: ICANNIANAASO Explained
Ch 1z16: Whois server compromised? Try whois microsoft.com

Ch 2a: Man page of fping
Ch 2b: Fping download for Windows
Ch 2c: SuperScan - for Windows 2000 and XP Without SP 2
Ch 2d: Network Management Software Products - SolarWinds
Ch 2e: How to enable ICMP echo requests (Ping) in Windows XP (Service Pack 2)
Ch 2f: Can't Ping the Server 2003 SP 1
Ch 2g: What is port 113 used for?
Ch 2h: RPC Scan (- sR)
Ch 2h: THC-AMAP - fast and reliable application fingerprint mapper
Ch 2i: Insecure.Org - Nmap Free Security Scanner, Tools & Hacking resources
Ch 2j: Icmpenum information
Ch 2k: Download Icmpenum 1.0 for Linux - Icmpenum sends ICMP traffic for host enumeration. - Softpedia
Ch 2l: SANS Institute - Intrusion Detection FAQ: How can attacker use ICMP for reconnaissance?
Ch 2m: Phrack Magazine - Loki - ICMP Covert Channel
Ch 2n: ICMPQuery, remote host-type detection
Ch 2v: TCP Header Format
Ch 2w: Window Scan (- sW)
Ch 2x9: SourceForge.net: hping2
Ch 2x: The Window Scan explained very well
Ch 2y: How an RPC Scan Works
Ch 2z1: FTP Bounce Attack
Ch 2z2: IPEye - TCP port scanner (for Windows 2000 / XP Pre SP2)
Ch 2z3: ScanLine from Foundstone - Windows Command-Line Port Scanner
Ch 2z4: PortSentry and LogCheck from SourceForge.net: Sentry Tools
Ch 2z5: The Siphon Project: The Passive Network Mapping Tool
Ch 2z6: the new p0f
Ch 2z7: Cheops- ng - Screenshots
Ch 2z8: Tutorial: Hping2 Basics
Ch 2z9: ICMP Ping Sweep Detection on Windows

Ch 3a: dnsenum - DNSenum is a pentesting cool created to enumerate DNS info about domains
Ch 3b: Backtrack 5- DNSenum Information Gathering Tool
Ch 3c: How to use Fierce -- DNS Analysis perl script
Ch 3d: Restricting DNS Cache Snooping with Bind Configuration
Ch 3e: Grendel Scan Web Application Security Scanner -- in BackTrack
Ch 3f: Microsoft RPC Services
Ch 3f: Microsoft RPC Services
Ch 3g: winfingerprint
Ch 3h: Host Name Resolution in Windows
Ch 3i: nbtscan - NETBIOS nameserver scanner
Ch 3j: DumpSec download
Ch 3k: Project Camelot interviews Gary McKinnon
Ch 3l: Windows Enumeration: USER2SID & SID2USER
Ch 3m: NBTEnum 3.3 Download
Ch 3n: How to restrict access to the registry from a remote computer
Ch 3o: SNMP Tutorial
Ch 3p: DNS Version Scan Results

Ch 4a: 10 Most Common Passwords
Ch 4a1: Comprehensive List of password-guessing software
Ch 4b: IPsec filters in Windows
Ch 4c: IDS finds niche as analytical tools - Network World (2003)
Ch 4d: Setting Up an Intrusion Detection System - Networking Center - Network Computing (2004)
Ch 4e: Top 10 Password Crackers
Ch 4f: Elcomsoft Distributed Password Recovery
Ch 4f1: MITM Attack on Terminal Server (pdf)
Ch 4f2: Top 3 Vulnerability Exploitation Tools
Ch 4g: Microsoft Windows DCOM RPC Interface Buffer Overrun Vulnerability
Ch 4h: Microsoft Security Bulletin MS03-026
Ch 4i: eEye announcement of the LSASS Buffer Overflow
Ch 4j: Microsoft Security Bulletin MS04-011: Security Update for Microsoft Windows (835732)
Ch 4k: How to disable PCT 1.0, SSL 2.0, SSL 3.0, or TLS 1.0 in Internet Information Services
Ch 4l: Denmark builds XML-based Web services commerce network
Ch 4m: OASIS Security Services (SAML) TC - an XML-based framework
Ch 4n: Securing ASP Data Access Credentials Using the IIS Metabase
Ch 4o: ADOConn.Open - Google Code Search
Ch 4q: Security Guidance for IIS
Ch 4r: Gaining Administrator Access on NT with getadmin.exe
Ch 4s: MS03-013 - Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges
Ch 4t: Service Changes for Windows Vista -- Session 0 Isolation means SYSTEM tasks can't be interactive
Ch 4u: Cracking Windows Vista Beta 2 Local Passwords (SAM and SYSKEY)
Ch 4v: Cracking Syskey and the SAM on Windows XP, 2000 and NT 4 using Open Source Tools
Ch 4w: How to use the SysKey utility to secure the Windows Security Accounts Manager database
Ch 4x: Windows NT/2000/XP/2003/Vista password crackers - recovery, auditing, and PWDUMP tools
Ch 4y: Password Recovery Software, ElcomSoft
Ch 4z-4: CacheDump - Recovering Windows Password Cache Entries
Ch 4z01: Full Disclosure: Windows XP Home LSA secrets stores XP login passphrase in plain text
Ch 4z02: Administrators can display contents of service account passwords in Windows NT
Ch 4z03: Auditing Cached Credentials With Cachedump
Ch 4z04: CacheDump - Recovering Windows Password Cache Entries
Ch 4z05: More information about Cachedump and countermeasures from Arnauld Pilon
Ch 4z06: cachebf - Tool for cracking Cached Logon Hashes
Ch 4z07: PsExec - remote execution tool
Ch 4z08: VNC feature comparison and download selector
Ch 4z09: RatForge.NET R.A.T and Computer Security Community
Ch 4z10: GoToMyPC : Remote Access to Your PC from Anywhere -- Secure PC Remote Access Software
Ch 4z11: LogMeIn Hamachi - Instant VPN Software for your PC
Ch 4z12: Foundstone, Inc.� Fpipe - Port Redirection Tool
Ch 4z13: Tripwire - Configuration Audit & Control Solutions
Ch 4z14: Process Explorer
Ch 4z15: Fport - Shows processes and ports
Ch 4z16: LADS - List Alternate Data Streams
Ch 4z17: BITLOCKER HACKED - Hard disk encryption defeated by recovering the key from RAM
Ch 4z18: Exploiting 802.11 Wireless Driver Vulnerabilities on Windows
Ch 4z19: TeamViewer - Free Remote Access and Remote Desktop Sharing over the Internet
Ch 4z20: NTLM Hash is MD4
Ch 4z21: Different Types of Hashes and Salts -- EXCELLENT RESOURCE
Ch 4z22: Mac OS X 10.8 Mountain Lion password hash algorithm
Ch 4z23: EFS doesn't set a default Data Recovery Agent in Win XP
Ch 4z24: Pass the Hash on Windows 8.1 with Instructions
Ch 4z25: Password Cracking, Hashes Dumping, Brute-Forcing, Auditing and Privileges Escalation Daniela Elmi IT Space
Ch 4z26: KerbCrack --cracks Windows Kerberos password hashes
Ch 4z27: Cracking Kerberos Passwords with KerbCrack -- DEMO
Ch 4z28: Attacking Kerberos Deployments (from 2010) -- GOOD EXPLANATION OF PREAUTHENTICATION
Ch 4z29: Excellent explanation of Pass The Hash, NTLM, and Kerberos from 2012

Ch 5a: Unix Firewalls Forwarding Source-Routed Packets (from 1996)
Ch 500: CORE IMPACT demonstration video - professional penetration testing toolkit
Ch 500a: Unix Firewalls Forwarding Source-Routed Packets (from 1996)
Ch 501: CrackLib-2.8.12
Ch 501a: THC-HYDRA - fast and flexible network login hacker
Ch 502: Secure remote password protocol - Wikipedia
Ch 503: SRP JavaScript Demo
Ch 504: Linux IPCHAINS-HOWTO: Introduction
Ch 505: grsecurity
Ch 506: Solaris 10 Security Features (with historical context, and Trusted Solaris 8)
Ch 507: Heap Overflow Exploits
Ch 508: Saint Jude for Linux - Intrusion Prevention
Ch 509: WWW Security FAQ: CGI Scripts
Ch 510: Ubuntu: Enabling remote X-windows
Ch 511: Finjan uncovers database storing more than 8,700 stolen FTP credentials
Ch 512: nfsshell - NFS auditing tool
Ch 512a: XSECURE.TXT - Crash Course in X Windows Security
Ch 513: Sun Solaris Telnet Remote Authentication Bypass Vulnerability
Ch 514: Dan Kaminsky Reveals DNS Flaw At Black Hat
Ch 515: Caching bugs exposed in djbdns (2-27-09)
Ch 516: Detecting use after free() on windows. (dangling pointers)
Ch 517: Microsoft Security Bulletin MS12-063 - Critical : Cumulative Security Update for Internet Explorer (2744842)
Flaw in Oracle Logon Protocol Leads to Easy Password Cracking -- SECURITY TEST PROJECT
Ch 518: Sendmail--Anti-Spam Configuration Control
Ch 519: Apache Killer

Ch 6a: Robtex
Ch 6b: PhishTank Statistics about phishing activity and PhishTank usage
Ch 6c: MoonSols Windows Memory Toolkit
Ch 6d: CurrPorts: Monitoring TCPIP network connections on Windows
Ch 6e: Process Explorer
Ch 6f: Process Monitor
Ch 6g: VMMap
Ch 6h: Remote Desktop Connection Bitmap Cache Viewer
Ch 6i: New IE zero day exploit circulating, used to install Poison Ivy (From Sept. 2012)
Ch 6j: Poison Ivy - Remote Administration Tool
Ch 6k: How Malware hides and is installed as a Service

Ch 7a: WarVOX
Ch 7b: Phone hacking: timeline of the scandal
Ch 7c: sipvicious - Tools for auditing SIP based VoIP systems
Ch 7d: Uncovering spoken phrases in encrypted VoIP conversations
Ch 7e: Microsoft says don't use PPTP and MS-CHAP
Ch 7f: Microsoft Security Advisory (2743314): Unencapsulated MS-CHAP v2 Authentication Could Allow Information Disclosure

Ch 8a: Wireless chipsets and drivers
Ch 8b: How-To: Build a WiFi biquad dish antenna
Ch 8c: Fortinet manual, Rogue Access Point Suppression on page 53
Ch 8d: Reaver cracking WPS in 19 hours
Ch 8e: HotSpotter
Ch 8f: Divide and Conquer: Cracking MS-CHAPv2 with a 100 success rate
Ch 8g: Microsoft says don't use PPTP and MS-CHAP
Ch 8h: FreeRADIUS-WPE -- RADIUS server impersonation attack on 802.1x
Ch 8i: 'Validate server certificate' option in PEAP properties
Ch 8j: Vistumbler
Ch 8k: Lawsuits Mount Over Google Wi-Fi Sniffing

Ch 920: Lock bumping - Wikipedia
Ch 921: White House High-Security Locks Broken: Bumped and Picked at DefCon
Ch 922: Magnetic stripe card - Wikipedia
Ch 923: Magnetic Stripe Reader/Writer (encoder)
Ch 924: Portable Credit Card Hacking, Portable Credit Card Hacking Software
Ch 925: Passport RFIDs cloned wholesale by $250 eBay auction spree
Ch 926: MIFARE - Wikipedia
Ch 927: Mifare--Little Security, Despite Obscurity
Ch 928: DefCon: Boston Subway Officials Sue to Stop Talk on Fare Card Hacks -- Update: Restraining Order Issued; Talk Cancelled
Ch 929: Parallel ATA - Wikipedia
Ch 930: ATA_Security_Roadblock_to_Computer_Forensics.pdf
Ch 931: Laptop Password Removal : Vogon Password Cracker Pod
Ch 932: Password Cracker Pod: for laptop hard drive passwords
Ch 933: RISE Security - ASUS Eee PC Rooted Out of the Box
Ch 934: Default Password List
Ch 935: Eavesdropping on Bluetooth Headsets -- Video
Ch 936: Two Arrested in First Bust for ATM Reprogramming Scam | Threat Level from Wired.com
Ch 937: Microsoft Pushes Fix to Disable AutoRun (from 2011)
Ch 939: ATM security problem at LayerOne conference (from May 2012)
Ch 940: HowStuffWorks 'What's the difference between RFID and NFC?'
Ch 941: Google Wallet - Wikipedia

Ch_10a: Foundstone White Papers - Including Hacme Bank Solution Guide
Ch_10b: Hacme Travel User Guide (pdf)
Ch_10c: Foundstone Free Tools including Hacme Bank and Hacme Travel
Ch_10d2: Netcat for Windows - Alternate Link
Ch_10d: Netcat for Windows
Ch_10e: Strings v2.40 - reads strings from enecutable files
Ch_10f: Process Explorer
Ch_10g: Wireshark Protocol Analyzer
Ch_10h: Foundstone - Resources - Videos of Hacme Lessons
Ch_10i: xkcd - Little Bobby Tables
Ch_10k: IBM WebSphere - Wikipedia
Ch_10l: Fortune 1000 Research: Top 1000 Web Servers Survey
Ch_10m: Web Server Survey Archives - Netcraft
Ch_10n: Watchfire products including AppShield
Ch_10o: URLScan Security Tool
Ch_10p: Macromedia - Allaire Security Bulletin (ASB99-01) - ColdFusion Expression Evaluator patch
Ch_10q: Microsoft Security Bulletin (MS00-031): IIS HTR File Fragment Reading vulnerability
Ch_10r: IIS ASP::$DATA Vulnerability (Canonicalization attack)
Ch_10s: New in IIS 7 - App Pool Isolation
Ch_10t: Understanding IIS 7.0 URL Authorization: Configuring Security
Ch_10u: Microsoft IIS 5.0 Translate: f Source Disclosure Vulnerability
Ch_10v: Exploit code for the Translate: f bug
Ch_10z01: Nikto Web Server Vulnerability Scanner
Ch_10z02: TRACE vulnerability explained (pdf)
Ch_10z03: Wget - Wikipedia
Ch_10z04: Parosproxy.org - Web Application Security
Ch_10z05: Hijacking a Macbook in 60 Seconds or Less - Jon Elich and David Maynor
Ch_10z06: XSS (Cross Site Scripting) Cheat Sheet
Ch_10z07: URL Encoded Attacks - Double Decoding Attack Examples
Ch_10z08: Damn Vulnerable Linux 1.0 - download here - create an account
Ch_10z09: How main() is executed on Linux
Ch 10z15: Google Search to find Amazon Private Keys on Github
Ch 10z16: GitHub Forced to Disable Search After Exposing Private SSH Keys
Ch 10z17: Prolexic Report on Dr-DOS

Ch 11a: Android 4.1 'Jelly Bean' reaches 1.8 percent market share
Ch 11b: sqlite encryption for android
Link Ch 11c: Using DDMS Android Developers
Ch 11d: shortfuse.org Official Home of SuperOneClick!
Ch 11e: APP z4root - xda-developers
Ch 11f: GingerBreak APK (root for GingerBread) - xda-developers
Ch 11g: BurritoRoot for Kindle Fire
Ch 11h: What is the NDK? Android Developers
Ch 11i: android-apktool - A tool for reverse engineering Android apk files
Ch 11j: DefCon 18 - These Aren't the Permissions You're Looking For on Vimeo
Ch 11k: Eligible devices for use with Google Wallet - Wallet Help
Ch 11l: iBooks Not Working on Jailbroken iPhones: Here's the Fix
Ch 11m: iOS dictionary apps posting false piracy 'confessions' onto users' Twitter accounts
Ch 11n: Just How Much Of A Problem Is Android Malware? (Aug. 2012)
Ch 11o: About the security content of iOS 4.3.4 Software Update
Ch 11p: iKee--the first iPhone worm (2009)
Ch 11q: CVE-2009-1683: iPhone DoS via ICMP
Ch 11r: Android climbed to 79 percent of smartphone market share in 2013, but its growth has slowed
Ch 11s: Gartner ignores Apple's sales numbers, reports Android marketshare doubled iPad in 2013
Ch 11t: Debunking four myths about Android, Google, and open-source ZDNet
Ch 11u: Android Version Popularity
Ch 11v: Number of the week: list of malicious Android apps hits 10 million
Ch 11w: TOOL Rootx 2.2 (Rev 3 )- Root almost all android devices - xda-developers
Ch 11x: CarrierIQ Android Security Test
Ch 11y: Google Wallet Purchase Protection - Wallet Help
Ch 11z: iOS Encryption Is So Good, Not Even the NSA Can Hack It
Ch 11z2: How The NSA Hacks Your iPhone (Presenting DROPOUT JEEP) Zero Hedge
Ch 11z3: The iPhone Has Passed a Key Security Threshold (encryption, 2012)
Ch 11z4: iOS Keychain Weakness FAQ (from 2012)

Links from Previous Textbook Edition

Ch 3a: Droop's Box: Simple Pen-test Using Nmap, Nikto, Bugtraq, Nslookup, and Other Tools
Ch 3b: CAN numbers and CVE numbers
Ch 3c: Vista: Install or Enable the Telnet Client or Server
Ch 3d: Netcat for Windows
Ch 3d1: Local mirror of netcat for windows
Ch 3d2: Local mirror of netcat for windows- encrypted with 7-zip - password sam
Ch 3d3: Netcat in windows (another site)
Ch 3e: TCP Wrappers (Wikipedia)
Ch 3f: TCP Wrappers (more details)
Ch 3g: Microsoft Security: IIS Lockdown Tool
Ch 3h: URLScan Security Tool
Ch 3i: Port knocking - Wikipedia
Ch 3j: PORTKNOCKING - A system for stealthy authentication across closed ports. : IMPLEMENTATIONS : implementations
Ch 3k: PortKnocking - Community Ubuntu Documentation
Ch 3l: IPTables HowTo - Community Ubuntu Documentation
Ch 3m: How to change eth1 to eth0 in a VMware Linux Machine
Ch 3n: Download epdump scanner
Ch 3v: Host Name Resolution in Windows XP and Server 2003
CH 3w: nbtscan - NETBIOS nameserver scanner
Ch 3x: Null session attacks: Who's still vulnerable?
Ch 3y: Registry Keys to Control Null Sessions in XP and 2003
Ch 3z00: The effects of removing null sessions from the Microsoft Windows 2000 and Microsoft Windows NT environment
Ch 3z01: Null Sessions don't apply to Win 95, 98, or Me
Ch 3z02: SystemTools.com -DumpSec and Hyena
Ch 3z03: Project Camelot interviews Gary McKinnon
Ch 3z04: Windows Enumeration: USER2SID & SID2USER
Ch 3z05: Download Winfo - Null Session Enumeration Tool - Runs on Vista
Ch 3z06: SNMP Enumeration and Hacking
Ch 3z07: Understanding MIBs
Ch 3z08: Using SNMP for Reconnaissance
Ch 3z09: Get SNMPUTIL here and learn how to use it
Ch 3z10: Novell NetWare - Wikipedia
Ch 3z11: How to make characters visible in Windows Telnet
Ch 3z12: How Security Identifiers Work (SIDs)
Ch 3z13: RIDs and the RID Master role
Ch 3z14: Install and Enable SNMP Service in Windows XP, Vista and 2003
Ch 3z15: NBTEnum 3.3 -- New tool for NetBIOS Enumeration
Ch 3z16: How to restrict access to the registry from a remote computer

Ch 601: Sandstorm Enterprises - PhoneSweep
Ch 602: Symantec pcAnywhere 12.1: Remote Computer Access - PC Remote Control
Ch 603: pcAnywhere 12.0 - Reviews by PC Magazine
Ch 604: pcAnywhere Password Recovery Service
Ch 605: M4PHR1K.COM - WHITE HAT War Dialers, PBX, and Voicemail Box testing
Ch 606: Default Password List
Ch 607: RSA / RSA SecurID / SecurID Tokens / Two-Factor Authentication | RSAGuard.com
Ch 608: PBX (Private branch exchange) - Wikipedia
Ch 609: Procomm Plus Discontinued - Symantec Corp.
Ch 610: Aspect Scripting
Ch 611: Virtual private network - Wikipedia
Ch 612: B. Schneier and Mudge's paper breaking Microsoft PPTP
Ch 613: The Crumbling Tunnel - aleph1 reveals PPTP flaws
Ch 614: Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2)
Ch 615: A Cryptographic Evaluation of IPsec
Ch 616: H.323 - Wikipedia
Ch 617: Session Initiation Protocol - Wikipedia
Ch 618: Abstract Syntax Notation One - Wikipedia
Ch 619: Blind Teenage Hacker accused of Swatting - Spoofing Caller ID on VoIP calls to police
Ch 620: vomit - voice over misconfigured internet telephones
Ch 621: Scapy - powerful interactive packet manipulation program
Ch 622: Free VOIP phone software for Windows - free download
Ch 623: RTP Tools 1.18
Ch 624: Java SE Desktop Technologies - Java Media Framework API (JMF)
Ch 625: Anyone up for Cisco password cracking?
Ch 626: IKECrack - Bruteforce crack for IPSec
Ch 627: Online Cisco VPN GroupPwd Decryption
Ch 628: Cisco VOIP Commands Cheat Sheet from John C. Samuel
Ch 629: Advanced Routing Commands Cheat Sheet from John C. Samuel
Ch 630: Recovering phrases from encrypted Skype calls by examining the bitrate

Ch 701: Internet Routing Insecurity::Pakistan Nukes YouTube with DNS Record Change
Ch 702: Pakistan removed from the Internet
Ch 703: nslookup / host Dns Client Testing Command Not Found on Debian / Ubuntu Linux
Ch 704: Types of DNS records
Ch 705: DNS SRV records for SIP and XMPP
Ch 706: Port Forwarding in andlinux
Ch 707: OSI model - Wikipedia
Ch 708: What is an APDU?
Ch 709: AT&T Fiber Optic Splitter Used to Spy on Internet
Ch 710: Virtual LAN - Wikipedia
Ch 711: IEEE 802.1Q - Wikipedia
Ch 712: Ethernet - Wikipedia
Ch 713: VLAN Tagging
Ch 714: VLAN Jumping Attack
Ch 715: VoIP Hopper...Jumping from one VLAN to the next!
Ch 716: Making unidirectional VLAN and PVLAN jumping bidirectional
Ch 717: Bypassing and hacking switches using VLAN
Ch 718: IP Spoofing: An Introduction
Ch 719: Windows NT Patch Available to Improve TCP Initial Sequence Number Randomness
Ch 720: Slashdot | TCP/IP Sequence Number Analysis
Ch 721: IPsec - Wikipedia
Ch 722: Cisco Support Lists
Ch 723: Cisco IOS Password Encryption Facts - Cisco Systems
Ch 724: Looking Glass Overview - Web sites that show live routing information
Ch 725: ILAN Looking Glass--useful for trace demo with ASN values
Ch 726: CERN Looking Glass--also shows ASN values on a trace
Ch 727: Big list of looking glass pages sorted by ASN
Ch 727: Hacker writes rootkit for Cisco's routers
Ch 728: Manpage of TCPDUMP
Ch 729:\'arpwatch\' for security and administration
Ch 730: How to setup Arpwatch
Ch 731: arp-sk -- ARP traffic generators and arpwatch for Windows
Ch 732: arp-sk,WinARP Watch - arpwatch tools for Vista/XP/2003/2000
Ch 733: DecaffeinatID: Simple IDS / ARPWatch For Windows--works on Windows 7!

Ch 801: WildPackets - OmniPeek Product Family - Free Demo Version
Ch 802: WildPackets - Wireless Drivers
Ch 803: Orinoco Monitor Mode Patch Page
Ch 804: AbsoluteValue Systems, Inc. - linux-wlan Page - Prism2 Card Compatibility Information Here
Ch 805: Cisco/Aironet driver for Linux
Ch 806: Quad Stacked Omni 2.4 GHz Antenna
Ch 807: Non Line-Of-Sight (NLoS) Multi-Polarized Antennas
Ch 808: Global Positioning System - Wikipedia
Ch 809: Skyhook Wireless - Find Location from Wi-Fi Access Points
Ch 810: NetStumbler.com
Ch 811: Kismet
Ch 812: SMAC MAC Address Spoofer / Changer for Windows VISTA, XP, 2003, 2000
Ch 813: An introduction to LEAP authentication
Ch 814: IEEE 802.1X - Wikipedia
Ch 815: Mac MakeUp - MAC Address spoofing tool - do not use auto-cycle adapter option
Ch 816: Debunking the Myth of SSID Hiding
Ch 817: VistaStumbler--Wardriving software optimized for Windows Vista
Ch 818: Vistumbler--Better than Vista Stumbler
Ch 819: CACE Technologies - AirPcap Wireless Capture Adapter for Windows
Ch 820: Apple - iPhone - Features - Maps with GPS
Ch 821: Android WiFi Scan & War Driving
Ch 822: Google Maps Mashup Showing WiFi Scan Android Wardriving Results
Ch 823: Android Wifiscan available here
Ch 824: Hotspotter--Like SSLstrip, silently replaces a secure WiFi connection with an insecure one
Ch 825: WiGLE - Wireless Geographic Logging Engine - Plotting WiFi on Maps
Ch 826: Lawsuits Mount Over Google Wi-Fi Sniffing - PCWorld

Ch 901: ippl - IP Protocols Logger - detects port scans
Ch 902: Firewalk - Scan behind a firewall
Ch 903: Use Firewalk in Linux/UNIX to verify ACLs and check firewall rule sets
Ch 904: Fpipe v2.01 Port Redirector
Ch 905: Firewall/IDS Evasion and Spoofing with Nmap
Ch 906: What is application gateway? - Webopedia
Ch 907: WinGate Proxy Server / Firewall / Email server / Gateway Management Solution
Ch 908: WinGate - Wikipedia
Ch 909: Astaro Internet Security - Astaro Security Gateway Software Appliance

Ch_10a: Foundstone, Inc.� UDPFlood
Ch_10b: Application-layer DDoS Attacks: Detection and Resiliency (ppt file)
Ch_10c: Five percent of Web traffic caused by DDoS attacks
Ch_10d: Hacktics Presentation on Application-Layer DOS from OWASP (pdf)
Ch_10e: Cisco Guard DDoS Mitigation Appliances
Ch_10f: SYN Cookies - a mathematical way to resist SYN Floods
Ch_10g: Cisco - Strategies to Protect Against Distributed Denial of Service ( DDoS) Attacks
Ch_10h: Bogons - Invalid Source Addresses - Team Cymru
Ch_10i: Sinkhole_Tutorial_June03.pdf
Ch_10j: RadView - SoftwareTesting Tools. Performance Testing and Load Testing for Web Applications
Ch_10k: Web Test Tools Compared
Ch_10l: DDoS Attack Protection - Service Provider Network Visibility, Peakflow SP - Arbor Networks, Inc.
Ch_10m: Foundstone Network Security - DDOSPing - Free tool to detect DDoS Bots
Ch_10n: Creating a Computer Security Incident Response Team: A Process for Getting Started
Ch_10o: Akamai: The Leader in Web Application Acceleration and Performance Management, Streaming Media Services and Content Delivery
Ch_10p: SAVVIS, Inc - Built to Respond
Ch_10q: SYN flood - Wikipedia
Ch_11a: Mudge - Wikipedia
Ch_11b: How to write Buffer Overflows - Mudge, 1995
Ch_11c: Smashing the Stack for Fun and Profit by Aleph One
Ch_11d: Stack (data structure) - Wikipedia
Ch_11e: Damn Vulnerable Linux - The most vulnerable and exploitable operating system ever - Your First Damn Vulnerable Linux Lesson
Ch_11f: Video Tutorial for DVL Buffer Overflow Exploit
Ch_11g: GDB (Gnu Debugger) Tutorial
Ch_11h: Debugging with gdb - gdb Commands
Ch_11i: Debugging with GDB
Ch_11j: Titan Ftp Server Long Command Heap Overflow
Ch_11k: w00w00 on Heap Overflows
Ch_11l: Format String Attacks
Ch_11m: Hijacking a Macbook in 60 Seconds or Less
Ch_11n: Address space layout randomization - Wikipedia
Ch 11o: Cenzic Hailstorm Enterprise ARC Receives High Marks From Information Security Magazine
Ch 11p: Cenzic Hailstorm Professional

Ch_13_01: The Exploder Control Frequently Asked Questions (FAQ)
Ch_13_02: ActiveX 'Safe for Scripting' vulnerability - scriptlet.typelib and Eyedog Vulnerability (1999)
Ch_13_03: Sony Rootkit ActiveX control incorrectly marked "safe for scripting" (2005)
Ch_13_04: ActiveX - Active Exploitation | ASTALAVISTA
Ch_13_05: SiteLock 1.14 Template for ActiveX Controls
Ch_13_06: How to stop an ActiveX control from running in Internet Explorer with the Kill Bit
Ch_13_07: Brown Orifice - Java vulnerability from 2000
Ch_13_08: Java Virtual Machine remote compromise through a heap overflow
Ch_13_09: Internet Explorer Vulnerabilities
Ch_13_10: CERT Advisory CA-2000-05 Netscape Navigator Improperly Validates SSL Sessions
Ch_13_10: What's an IFrame attack and why should I care?
Ch_13_11: Microsoft Security Bulletin MS01-027 - Flaws in Web Server Certificate Validation Could Enable Spoofing
Ch_13_12: IE SSL Vulnerability (2002)
Ch_13_13: Homograph attacks
Ch_13_14: SANS Institute - SSL Man-in-the-Middle Attacks
Ch_13_15: Auto-Start Extensibility Points (ASEPs)
Ch_13_16: MyDoom
Ch_13_17: The Nimda Worm - automatic execution of MIME attachments
Ch_13_18: Instant Messaging Viruses - Avoid IM Viruses - Microsoft Security
Ch_13_19: Microsoft GDI Library JPEG Segment Length Integer Underflow Vulnerability
Ch_13_20: An Analysis of the 180 Solutions Trojan
Ch_13_21: How to strengthen the security settings for the Local Machine zone in Internet Explorer
Ch_13_22: Demonstration of an obscured URL trick
Ch_13_23: rootkit.com
Ch_13_24: bluepillproject.org
Ch_13_25: Jamie Butler's PPT file - DKOM (Direct Kernel Object Manipulation)
Ch_13_26: ActiveX - Active Exploitation -- Uninformed - vol 9 article 2
Ch_13-27: Firefox Security--Firefox Doesn\'t Properly Check for Revoked certificates!
2009-05-08: Ch 13_28: Imperva Web Application Firewall Demo
Ch 13_28: Imperva Web Application Firewall Demo
Ch_13_29: Jeremiah Grossman: Let\\\'s talk Web Application Firewalls (WAFs)

Miscellaneous Links

Securely Erasing Partitions | Novell User Communities
DEFCON Capture The Flag Solutions
Freeware Hex Editor XVI32 - Excellent Windows Hex Editor
Hacker Challenge Websites
Hacking IIS 4 Tutorial
Hacking Video: Exploiting MySpace with a SWF and WMF file attack
Hacking Video: TSGrinfer - RDP Brute Force
Hacking Video: Wirelessly hacking Gmail and more - tutorial
MD5 Collision Demo - How to create files with identical MD5 hashes
Root Hack Survival Guide
RootHack: How to Secure Linux Servers :: Basic Linux Server Security
RootHack: NMAP Scanning and PortSentry Evasion
SmbRelay captures NTLM hashes
Solaris - OpenPKG Project - Unix software packages
Solaris DHCP Client (Solaris DHCP Administration Guide)
Solaris: Basic Setup For Apache In Solaris 10
Solaris: Blastwave.org packages
Solaris: Change DNS Client Settings
Solaris: How do I find the name of the current shell
Solaris: How To Get Started with Blastwave.org - for Solaris 10 Users
Solaris: Install Date of Solaris Machine
Solaris: Installing apps/packages with pkg-get
Solaris: pkg-get man page
Solaris: Set the Date and Time on Solaris
Solaris: Sudoers Manual
Solaris: Update error - Cacao - Many workarounds, no real solution
Solaris: UTF-8 and Unicode FAQ
Solaris: VMware Tools for Solaris 10
VOIPSA : Resources : VoIP Security Tools
Web hacking: Turning firefox into a Web App assault kit
X001: Binary and other number systems
Wardriving software for Windows XP: inSSIDer: Copy and Paste Results Into Excel
Technical Analysis of the Recent Adobe Flash Zero-Day Vulnerability--Excellent explanation of mutated base fuzzing
Create a NC Backdoor with Metasploit Meterpreter Tutorial
edb - Linux debugger, easier to use than gdb--important for Advanced Hacking class
Creating Metasploit Exploit Modules Step By Step (Tutorial!)
Death of an ftp client / Birth of Metasploit modules; Excellent tutorial about fuzzing & metasploit
Evilgrade 2.0 - the update explotation framework is back--CNIT 124 Project!
Kittens and revenge on wi-fi freeloaders <-- good CNIT 124 Project
Online WPA cracker with stats - CNIT 124 Project
Instructions for the Pass-the-hash attack with Metasploit - CNIT 124 Project
Evilgrade -- fake Java updates and more - CNIT 124 Project
Evilgrade -- fake Java updates and more - CNIT 124 Project
Skypher - Heap Spray Generator
The Evil Access Point! - CNIT 124 Project
PyLoris--SlowLoris for Windows! <--CNIT 124 Project
Honeywall--bootable honeypot CD - CNIT 124 Project
2010-11-25: OWASP HTTP Post Tool makes your laptop a sniper rifle <--CNIT 124 Project
Excellent OWASP slides explaining the Slow HTTP POST Layer 7 DoS--IIS & Apache vulnerable, load-balancers don\'t save you
Armitage - Cyber Attack Management for Metasploit - CNIT 124 Project
Tarpit (networking) - another way to use a Layer 7 DoS sort of effect for good - CNIT 124 Project
New HTTP POST DDoS Attack Tools Released - CNIT 124 Project
2010-12-01: .: ArpON - Blocks ARP Poisoning - CNIT 124 Project
NetWitness Investigator Software Download - CNIT 124 Project
SourceForge.net: NetworkMiner - CNIT 124 Project
Metasploit: Capturing Windows Logons with Smartlocker - CNIT 124 Project
Jeremiah Grossman: Spoofing Google search history with CSRF <--Great simple POC
XSS proof of concepts using different character encodings; Chrome does not get fooled - CNIT 124 Project
Arbor Peakflow: DDoS Protection - CNIT 124 Project
2010-12-24: Twitter Password Decryptor - CNIT 124 Project
Firefox vulns--highlights the need for whitelisting to stop XSS -- CNIT 124 Project
Packetstan: Scapy, and Random Acts of Packety Violence - CNIT 124 Project
Pitbull--simple attack bot in Perl <==CNIT 124 Project
Pitbull--simple attack bot in Perl - CNIT 124 Project
Security Onion: Intrusion Detection LiveDVD <--CNIT 124 Project
ICSI Netalyzr <-- Excellent, detailed information about your network--try it out! <--CNIT 124 Project
Drive By Exploitation With Metasploit! <--CNIT 124 Project
Universal HTTP DoS - Are You Dead Yet? - CNIT 124 Project
r-u-dead-yet - Layer 7 DoS Tool - CNIT 124 Project
Wireless LAN Penetration Testing Course<--CNIT 124 Project
Mantra - Free and Open Source Browser based Security Framework<--CNIT 124 Project
ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks <--CNIT 124 Project
ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks <--CNIT 124 Project
How to set up HTTP Tunnels <--CNIT 124 Project
How to set up HTTP Tunnels <--CNIT 124 Project
ISR Trinity Bomb DDoS Tool on Vimeo <--Possible CNIT 124 Project
@jduck1337 Using Metasploit and another stuxnet/windows privilege escalation vuln (CVE-2010-2743) - CNIT 124 Project
Microsoft Attack Surface Analyzer - CNIT 124 Project
2011-01-19: Wi-Foo - The Secrets of Wireless Hacking <--CNIT 124 Project
Example nginx.conf gile
Linux Guru: How to install NGINX
Anonymous IRC Logs: A Moment in Time
Hiding Malicious PDFs from AVs - CNIT 124 Project
XSS--A Complete XSS reversing/scanner tool <--CNIT 124 Project
DDoS threat raised as Darkness bot is given away for free <--CNIT124 project
Web Form Password Brute Force with FireForce <--CNIT 124 project
WS-Attacker : framework for web services penetration testing - CNIT 124 Project
Reverse Engineering for Beginners - CNIT 124 Project
OpenDLP Pass-The-Hash <--CNIT 124 Project
Exploiting Dynamic Routing Protocols with Loki on Backtrack 4 R2 - CNIT 124 Project
[WEB SECURITY] CSRF: Flash 307 redirect = Game Over - CNIT 124 Project
Analyzing Suspicious PDF Files With PDF Stream Dumper--CNIT 124 Project
Having fun with BeEF, the browser exploitation framework - CNIT 124 Project
Instructions for Windows Buffer Overflows - CNIT 124 Project
Metasploit Mac OS X Post Exploitation : Enumeration and Hash Dump <--CNIT 124 Project
2011-02-25: Pentest lab vulnerable servers-applications list <--CNIT 124 Projects
Microsoft Attack Surface Analyzer <--CNIT 124 Project
2011-03-06: MacNikto <--CNIT 124 Project
2011-03-07: Mitigating Slow HTTP DoS Attacks with ModSecurity
hashkill -- open source password hash cracker <- CNIT 124 Project
DenyHosts: SSH Brute Force Protection <--CNIT 124 Project
A Web Application Hacker's Toolkit - timtux.net
Arch Linux Forums / Need to specify full path as root
Arch Linux Installation Guide
Arch Linux Installation Guide (official)
ArchWiki :: Daemons - ArchWiki
ArchWiki :: Disable root password and gain su sudo with no password
ArchWiki :: Installing archlinux in VMWare - ArchWiki
ArchWiki :: Pacman - ArchWiki
BackTrack - Setting up networking in Slackware
CCIE lessons in PDF files

New Unsorted Links

2011-03-18: Offensive-Security Ohio Chapter (OSOC) <--Excellent project ideas here
Errata Security: Verifying the Comodo Hacker\\\'s Key <--CNIT 124 Project
Free version of Retina vuln scanner - CNIT 124 Project
A great set of add-on scripts for Jasager <--CNIT 124 Projects
Detecting Vulnerable Software Using SCAP/OVAL - CNIT 124 Project
Secure Your Wireless Networks with Scapy Packet Manipulation
Credential Harvesting With Facebook and the Social Engineering Toolkit - CNIT 124 Project
Credential Harvesting With Facebook and the Social Engineering Toolkit - CNIT 124 Project
Reverse connection: ICMP shell - CNIT 124 Project
FREE On-Line CEH by Shon Harris
TOR hammer -- Slow POST and run through Tor
How to Turn Off Linux Security Mechanisms
Advanced Nmap Security Aegis. <-- Excellent description of Nmap tools, lots of good projects here
Freenet6 Routing Problem -- demonstration of IPv6 Routing Loops in Tunnels
2011-11-24: St0rm dump of uni melboune data, dammit I thought he was gonna go straight
0entropy: Powershell, metasploit meterpreter and dns -- PROJECT IDEA
How to bypass Anti-Virus Systems --PROJECT IDEA
SpiderLabs Vulnerable SQL & XSS Testbeds -- CNIT 124 PROJECT
Evilgrade -- MUST TRY THIS
HP Fortify -- FREE DEMO VERSION - Source Code Review
Metasploitable: Gaining Root on a Vulnerable Linux System
Routerpwn -- PROJECT
jasagerpwn - Jasager attack vector script for BackTrack 5 and Ubuntu
PolyPack: An Automated Online Packing Service for Optimal Antivirus Evasion
Decrypting SSL packet dumps with Chrome and Wireshark --PROJECT IDEA
Advanced Exploitation of Mozilla Firefox Use-after-free Vulnerabilities (MFSA 2012-22 CVE-2012-0469)
Crypto & Block Cipher Modes (OpenSSL, AES 128, ECB, CBC) --Video with Linux commands. PROJECT IDEA
Hydra tutorial
CMOS De-Animator -- Clear BIOS Passwords -- PROJECT IDEa
Web Application Pen-testing Tutorials With Mutillidae -- OVER 50 PROJECTS
Images can be used to hide PHP malicious code -- GOOD PROJECT IDEA
PHP Code into JPEG Metadata: From hide to unhide
XlogicXExplosive-Steganography -- Makes fake viruses & bombs -- EICAR plus Virus detects as EICAR only by AV -- PROJECT IDEAS
ReverseEngineeringMalware -- free class materials!
How to Encrypt Cloud Storage on Linux and Windows with EncFS -- PROJECT IDEA
OpenVAS (Open Vulnerability Assessment System) -- PROJECT RESOURCE
Antivirus evasion with syringe -- PROJECT IDEA
WhatWeb -- Identifies Versions and Finds SQL Errors -- PROJECT IDEA
Install NetworkMiner with apt-get - PROJECT IDEA
Malware Analysis as a Hobby slides --Cuckoo looks great! -- PROJECT IDEA
Joe McCray's Hacking Videos
Deliberately insecure Linux distributions as practice targets LWN.net
Scanning Vulnerable Linux Distributions With Nessus
2012-10-13: FedElite Cyber Challenge Application Form

Ch 938: IEEE 1667 pledges secure portable storage for all (from 2008)

Ch_10_z10: Apache on Windows Canonicalization Vulnerability from 2006

Ch_10z11: Abusing URL Encoding

Ch 10z12: Huge portions of the Web vulnerable to hashing denial-of-service attack

Ch 10z13: HTTrack Website Copier

Ch 10z14: The Microsoft Source Code Analyzer for SQL Injection tool is available to find SQL injection vulnerabilities in ASP code

SideJacking with Ferret and Hamster in BackTrack 5! --Works on Gmail Accts that allow HTTP :)

dSploit - Android Network Penetration Suite -- PROJECT IDEA

DoS vulnerability affects older iPhones, Droids, even a Ford car -- PROJECT IDEA

2012-11-03: PasteBay.com - Free uncensored text hosting
2012-11-03: AnonPaste

CSE6990 Reverse Engineering class from @McGrewSecurity -- GREAT RESOURCES

Port Scanning using Scapy - InfoSec Institute

Python Network Programming

17.2. socket -- Low-level networking interface -- Python v2.7.6 documentation

UdpCommunication - Python Wiki

CodingBat -- Java and Python exercises

Advanced Penetration Testing Software - Cobalt Strike -- 21-day trial available -- PROJECT IDEA

WhisperSystems -- Encrypted Calls for Android -- GOOD PROJECT

MaxKeepAliveRequests: keep it high

SS64 Command line reference

Sewing Patches in the Veil AV Evasion Framework

Creating Remote Shells that Bypass Anti-Virus with 'Veil'
The Ultimate Beginner's Guide To AppleScript

New Unsorted Links

Learn Python the Hard Way
Fuzzing for SQL injection with Burp Suite Intruder - USE FOR PROJECTS
Pythonista on the App Store on iTunes -- INTERESTING FOR PROJECTS
Pythonista: Using pipista to install modules
How to Build a DNS Packet Sniffer with Scapy and Python
Bypassing Antivirus with Shellter 4.0 on Kali Linux -- GOOD 124 PROJECT
2015-09-09: Metasploit Module Search Page
How to get started with writing an exploit for Metasploit
Msfconsole one-liner example
Scanner HTTP Auxiliary Modules - Metasploit Unleashed
Metasploit: The New Metasploit Browser Autopwn:...
Ch 5a: DNS Request Types
Ch 5b: 10 Linux DIG Command Examples for DNS Lookup
Ch 5c: Open Resolver Project
Ch 5d: Public DNS Server List
Ch 5e: DNS AXFR scan data
Ch 5f: DNS Hacking (Beginner to Advanced) - InfoSec Resources
Ch 5g Wildcard DNS record - Wikipedia
Ch 5h: Network tools for every sys admin
Ch 5i: The Strange History of Port 0