Programming from the Ground Up

RT @windexh8er: Was looking for a good assembly book. Ran across free! Friday FTW. http://tr.im/uV73
(Long Version: http://savannah.inetbridge.net/pgubook/)

I have only had a chance to jump through it quickly but the examples look easy to read and has a bunch of explination surrounding it. Definitely in my 'to read' pile.

Then @craigbalding countered with: @mubix @windex8er cool...but don't forget the original ASM freebie: http://webster.cs.ucr.edu/AoA/index.html (The Art of Assembly)

This should be enough assembly to fill quiet a few weekends.

eEye’s Tools List

Some more fun tools to mess around with:

http://research.eeye.com/html/tools/index.html

Wifi Predator from I-Hacked

http://www.i-hacked.com/content/view/261/42/

AutoAP on the FON

http://www.fonerahacks.com/index.php/Latest/AutoAP-breakthrough.html

Ncrack – Think Hyrda integrated into Nmap

and made better ;-)

http://sock-raw.org/nmap-ncrack/ncrack_draft.html

Salted Password Cracker / MetaScanner

Kalgecin has two great tools over at his Google code page.

Crack.pl - md5/sha1cracker, works with dictionaries as well as rainbowtables. Or so it says. I haven’t tested yet.

MetaScanner – Kinda like db_autopwn but a lot more customizable.

http://code.google.com/p/kalgecin/downloads/list

Internet by all means

Sébastien Raveau posted a great article back in June about all the different ways of getting internet access when that access is restricted. I tweeted about it and talked about it but never put it here, and I always have a hard time re-finding his site (this is my only bookmarking)

http://blog.sebastien.raveau.name/2009/06/internet-by-all-means.html

Definitely check it out if you haven’t already.

Usenet Resource Downloader

Yes.. people still use Usenet. And this is a great way of accessing those pirated movies in-depth technical discussions.

http://urdland.com/

Source: http://www.ghacks.net/2009/07/23/a-web-interface-for-newsgroups-downloads/

InGuardians Tools List

Some of my favorites: SSH_Decoder, Middler, and ServifyThis

http://www.inguardians.com/tools/

WardriveSQL

A database driven wardriving / wep cracking machine.

Original post: http://www.phonelosers.com/index.php?topic=4209.0

“New Site”: http://wardrivesql.info/

Bindshell’s Tools List

Makers of BeEF (Browser Exploitation Framework) have a bunch of other great tools:

http://www.bindshell.net/tools

Echo Mirage is one I have a lot of fun with. And Dnetj is a REALLY useful setup if you can get it going on some beefy boxes.

Metacab

http://www.phx2600.org/archive/2008/08/29/metacab/

Metacab is a cabinet file that contains Netcat, Nmap, VNC and other remote administration utilities that need only a Windows command shell, cmd.exe, to install and use. Install and uninstall scripts are included, and work is being completed on antivirus evasion.

CeWL – Custom Wordlist Generator

By @diginina

http://www.digininja.org/cewl.php

By default, CeWL sticks to just the site you have specified and will go to a depth of 2 links, this behavior can be changed by passing arguments. Be careful if setting a large depth and allowing it to go offsite, you could end up drifting on to a lot of other domains. All words of three characters and over are output to stdout. This length can be increased and the words can be written to a file rather than screen so the app can be automated.

Version 2 of CeWL can also create two new lists, a list of email addresses found in mailto links and a list of author/creator names collected from meta data found in documents on the site. It can currently process documents in Office pre 2007, Office 2007 and PDF formats. This user data can then be used to create the list of usernames to be used in association with the password list.

Backdooring OpenSSH by Ithilgore

http://sock-raw.org/netsec/sshbackdoor

Reverse Code Engineering Tool Library

The “Collaborative RCE Tool Library” is an awesome list of tools used for RE, but as with all tools, they can be used in a ton of different ways

http://www.woodmann.com/collaborative/tools/index.php/Category:RCE_Tools

Core Security Free Tools

http://www.coresecurity.com/content/open-source-projects

Structure of Microsoft PE Files

This is almost as bad as reading the IA32 Assembly manuals, but it’s a must read and it’s really not that long.

Everything you ever wanted to know about PE files:

http://msdn.microsoft.com/en-us/magazine/ms809762.aspx

Thanks cpwp from the Offensive Security forums for the link

Computer Hardware Cheat-Sheet Poster

It costs ($49) to get printed, but you can print it yourself. A great reference for anyone that has ever built a computer.

http://sonic840.deviantart.com/art/Computer-hardware-poster-1-7-111402099

Polypack – What packer is your friend?

This site checks your binaries against AV, packed and unpacked, then tells you what the best packer, if any would help you avoid AV. But remember, this means you are uploading your binary to a host that you don’t know.

http://polypack.eecs.umich.edu/w00tpc/

Ncat – Nmap’s new Netcat

Ncat adds many capabilities not found in Hobbit's original nc, including SSL support, proxy connections, IPv6, and connection brokering. The original nc contained a simple port scanner, but we omitted that from Ncat because we have a preferred tool for that function

http://nmap.org/ncat/guide/index.html

In-depth Windows Registry

Tim from the PenTest mailing list posted the following references that really delve deep into the Windows hive:

The Windows registry hive format is described here:
http://sentinelchicken.com/research/registry_format/
Also, some of Brendan Dolan-Gavitt's tools and blog
(http://moyix.blogspot.com/) posts may be helpful in figuring out
what's what in SAM hives.

Bypassing Software Restriction Policies

http://hype-free.blogspot.com/2009/07/bypassing-srp-from-powershell.html

Beating Linux ASLR

http://jbrownsec.blogspot.com/2009/07/beating-linux-aslr.html

Buffer Overflow examples

“Insecure Programming by Example” http://community.corest.com/~gera/InsecureProgramming/

These are great tutorials that you can compile and find your zerodays in them. (oh , then send them to a friend, use ServifyThis to make it a service and have you very own vuln)

Offsec LM Cracker

http://cracker.offensive-security.com/index.php

Trojan Key logging Screensaver

Ctrl-Alt-Del will save you ;-)

http://blog.rlr-uk.com/2009/06/trojan-keylogger-screensaver.html

Defcon CTF PreQuals Binary 300 Cartoon

This is an amazing cartoon done by the “Sapheads”

http://hackerschool.org/DefconCTF/17/B300.html

SpiderPig – Dynamic Data Flow Analysis

http://piotrbania.com/all/spiderpig/

BRAWNDO

They currently have a “Summer Special” for 22.00 a case.

http://www.reduxdirect.com

Paimei – Reverse Engineering Framework

http://code.google.com/p/paimei/

Script Your Documentation Instantly

A great project that allows documentation of network assets locally and over the network ;-) (SYDI). It does a lot that the Meterpreter script ‘winenum’ does, and a whole lot more. Most of it really doesn’t help you as an attacker, but it did spark a lot of good ideas, and sometimes you might not have the power of meterpreter at your beck & call.

http://sydiproject.com/

sslstrip

Can’t believe I never posted this, it’s Moxie’s sslstrip tool from BH DC 2009. Does some amazing things to help MITM ssl sessions.

http://thoughtcrime.org/software/sslstrip/index.html

WMI interfacing Python Script (nix)

http://dev.zenoss.org/svn/trunk/wmi/

Thanks to Joe McCray of http://www.learnsecurityonline.com/ for the link!

Validation

If you haven’t seen this video yet, it’s well worth the 16 minutes of your life (yes it is a bit corny):

Handwritten fronts – Presenters this is for you!

One of Garr Reynolds from Presentation Zen’s staples when creating a presentation is to use a unique font. Here is an amazing resource for handwritten fonts, which look GREAT on presentations:

http://www.hongkiat.com/blog/40-free-high-quality-hand-drawn-fonts/