TCT is a collection of tools which are geared towards gathering and analyzing forensic data UNIX system after a break-in. TCT features the grave-robber tool which captures information, the ils and mactime tools that display access patterns of files dead or alive, the unrm and lazarus tools that recover deleted files, and the keyfind tool that recovers cryptographic keys from a running process or from files. TCT is tested on Linux, BSD, and Solaris. For more information see the handouts from Dan Farmer and Wietse Venema's computer forensics analysis class.
fce955a06d118664ebcbb0d9360ef897a8c0150f57b63742153a2faa4d4d662b
Weekly Newsletter from Help Net Security Issue 24 - 01.08.2000 - Covers weekly roundups of security related events. In this issue: Vulnerability in Netscape Browsers, IBM Websphere vulnerability, AnalogX Proxy dos, Netbios Name Server Protocol Spoofing, BEA's Weblogic show code vulnerability. Also includes articles on Macro Viruses, Digital Certificates and Encryption, Building a secure gateway system, Why people need Outlook, Defacements by Webserver - IIS had the biggest number of defacements, British version of carnivore is now law, How the FBI investigates Computer Crime, and ICMP Traceback Messages will be used to determine source of dos attacks.
9543fa0d3720af592ef5771826c07e1a91c0b7c08635a6a7e7c90eb4e087ea4a
Trinux transparently converts ordinary x86 PCs into a powerful network security workstations by combining Linux Slackware 7.1 with all of the most powerful precompiled Open Source security/monitoring tools. Trinux boots from a single floppy disk and runs entirely in RAM. Trinux is useful for Port scanning, packet sniffing, vulnerability scanning, sniffer detection, packet construction, active/passive OS fingerprinting, network monitoring, session hijacking, intrusion detection, and more. Trinux 0.70 is the most stable and compact Trinux release to date and is based on Busybox/glibc2.1.3 and kernel 2.2.16. Among the included packages are nmap2.54beta1, adm-smb, nbtstat, tcp_scan, cgichk, ddos-scan, dsniff, despoof, hunt, zodiac, netcat, openssh, hping2, sing, isic, p0f, fragrouter, tcpreplay, sentinel, ethereal 0.8.10, ngrep, nstreams, tcpdump, ntop, netwatch, and more.
abf720b088d97a716c3a460f3cbc9309017e66fd5df498c0b0884026f067f04e
Trinux related links.
8392bbb0e9f485ac4aa7e8beb7e7db6fd312eb0809f79962a79c8123f6ae7a72
A short FAQ on Trinux
6c8847332c7a955c9df193dd74580339aeb9b5612d3570f54763a477230583a1
Simple Rawrite Documentation.
d54cb4809e173899c5f50cb91b1ca62cef0ae8a29cef3f5081fbd893852db40d
Rawrite v1.3 is the de-facto standard for writing kernel images to floppy disks.
3b455434e13b3d1418fc53cc8651fe805e365068a5ac69df5032635d4f666309
The Trinux Logo
d1609f93cb03dd689fd073dd58e4af537050cfa5d4ea8b794e910fc8c64d2ffa
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings. Screenshot available here.
c16553be988fac76e668eac772d9fe460b708e13cb56697dbd5cbbe38933c553
Security Auditor's Research Assistant (SARA) is a security analysis tool based on the SATAN model. It is updated frequently to address the latest threats. Checks for common old holes, backdoors, trust relationships, default cgi, common logins.
9935c0b05ab9ca9794e6b0b381ca1843471819a20a52597e8dfb56bb33350ce6
The goal of FireStarter is to provide an easy to use, yet powerful, GUI tool for setting up, administrating and monitoring firewalls for Linux machines. FireStarter is made for the GNOME desktop. It can actively monitor your firewall and list any unauthorized connection attempts made to your machine in a readable table format.
691cae0188592bed1b25562c6f8b9b4f93ee20dd8f6a7f63c8e72e2a97691278