• DLL hijacking vulnerabilities – Many (most?) Windows apps attempt to load DLLs that they don’t need and are in fact not there. Just stick your malicious DLL in the DLL search path, give it the right name and the app will load it. All versions of Windows are vulnerable.
• SANS Investigative Forensic Toolkit (SIFT) – VMware Linux image with some common file forensics tools.
• RANCID – Configuration monitoring and alerting tool. Pulls configs from routers (or potentially any device), stores in CVS, removes routinely variable content then diffs. Can email changes detected.

Related posts:

• Helix forensics CD now payware

• OpenFISMA – Open, customizable application to reduce cost and complexity associated with FISMA compliance and risk management. Locally installed LAMP app.
• RSMangler – Keyword-based wordlist generator. Requires Ruby.
• jsunpack – Online only generic JavaScript unpacker. Provide URL, paste in JS or upload a PDF, pcap, HTML, or JavaScript file.
• Wepawet – Online only service for detecting and analyzing web-based malware. Currently handles Flash, JavaScript, and PDF files.

Related posts:

• Port scanning with Adobe Flash

• A Taxonomy of Social Networking Data – Bruce Schneier attempts to define possible types of social network data.
• Cyberattacks raise e-banking security fears – From March 2010. Discusses growing trend of looting small business bank accounts.
• U.S. Office of Justice Programs: Research, Statistics, & Evaluation – collects, analyzes, publishes, and disseminates information on crime, criminal offenders, victims of crime, and the operation of justice systems at all levels of government. Lots of downloadable data, including some on cybercrime stats.

No related posts.

• DoD policies – Links the major U.S Department of Defense policy documents on Information Assurance.
• Canada Revenue Agency grappling with more unauthorized access – Insider apparently accessed tax records to further her business on the side.
• Verison 2010 Data Breach Report – Verizon’s breach stats and trends report for 2010.
• Suricata IDS/IPS – Open Source Intrusion Detection and Prevention Engine. Intends to replace Snort. Can use Snort rulesets unchanged.
• THC-IPV6 – “A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library.”

No related posts.

• ZeuS Tracker – Tracks ZeuS Command&Control servers (hosts) around the world and provides you a domain- and a IP-blocklist.
• raw2vmdk | Download raw2vmdk software for free at SourceForge.net – Mount raw disk images (e.g. dd) on VMware, VirtualBox or other VM platform supporting the VMDK disk format. Cross-platform Java.
• Penetrating Intranets through Adobe Flex Applications – How to exploit Adobe Flex applications that use BlazeDS to access internal networks and other hosts behind the firewall.
• IDS/IPS Evasion – One way to fool most IPS into thinking a TCP session is closed (and thus no longer track it) when it’s actually still open on the host.

No related posts.

• LZH Compression vulnerability – “Most of anti-virus softwares can’t detect viruses embedded in LZH files with falsified header. And most archivers are capable to uncompress them, just as specified.”
• Google IPv6 Implementors Conference – Slides from the event held June 10 and 11 2010.

No related posts.