Penetration Testing
Some definitions of penetration testing:
1)
The portion of security testing in which the evaluators attempt
to circumvent the security features of a system. The evaluators
may be assumed to use all system design and implementation
documentation, that may include listings of system source
code, manuals, and circuit diagrams. The evaluators work under
the same constraints applied to ordinary users.
2)
A security evaluation performance wherein practitioners attempt
to gain access to a system despite security features.
3)The testing of an operational system for security weaknesses
while attempting to override system privileges.
Selected penetration testing links
Certification view
-
-
Penetration Testing
- Quality
Security Tools
- The
NT Toolbox
- Web-Based
Whois + NSlookup + Trademark Search + B to B Search
- Hacker
tools
- Firewalk
- Network
Tools
- thc
- the hacker's choice
- Manual
v. 1.5
- Traceroute
- web
based nmap
- Whisker
v1.3 has arrived
- Firewall
penetration testing
- Thomas
Rude - Knockin' At Your Backdoor - Penetration Testing
- Fate
Research Labs
- The
Packetfactory
- Shatter-
Next-Generation Win32 exploits fundamental API flaws
- Windows
2000 Command Line Resources
- .[packet
storm]. - http--packetstormsecurity.org-
- ICAT
Metabase A CVE Based Vulnerability Database
- Cracking
Windows 2000 Passwords
- SANS
- top Twenty Most Critical Internet Security Vulnerabilities
- Index
of -CMPB465-tools-NTreskit
- Locking
down Windows - banners etc
- NThacks.html
- rhino9
tools
- COTSE
- Penetration Testing Tools
- NTFS
Alternate Data Streams
- Hiding
Information using Alternate Data Streams (ADS)
-
-
Security products
- Eraser
- TightVNC
Download Area
-
-
trojans
- BO2K
- Back Orifice 2000
-
-
Surveillance
- VisualRoute
Server Richmond, Surrey, UK
- Traceroute
Overview
- Allwhois.com
- whois domain name search & lookup
-
-
Apache
- Allaire
Security White Paper Series
- Apache
Week. Apache security
-
-
BIND
- DNS
Spoofing (Malicious Cache Poisoning)
-
-
bo2k
- Back
Orifice 2000 (BO2K) security advisory - Privacy
Software Corporation
- bo2k
- Table Of Contents
- bo2k
howto - eezee - tutorial
- http--homepage.ntlworld.com-chawmp-elitewrap-
-
DoS
- http--packetstormsecurity.org-0002-exploits-twinge.c
-
Integrity
- SourceForge.net
Project Info - Tripwire
- Tripwire,
Inc. - The Data Integrity Assurance Company
-
KeyStoke Loggers Win32
- http--skl0g.cjb.net-
-
-
Linux Log wipers
- .[packet
storm]. - http--packetstormsecurity.org-
-
-
Linux Stack
- Getting
around non-executable stack (and fix)
-
-
Penetration Testing & Computer Forensics Training
- CSTA Ethical Hacking: Hands-On training course
- CSTP Ethical Hacking: Hands-On 2 training course
CFIA Forensic
Artefacts: Hands-On computer forensics course
Penetration Testing & Computer Forensics Certifications
- CSTA & CSTA +
ethical hacking certification
CSTP & CSTP +
ethical hacking certification
CFIA & CFIA +
computer forensics certification
-
-
-
-
Penetration Testing
Tools
- COTSE
- Penetration Testing Tools
- www.hack.co.za
-
-
-
Root Kits
- http--staff.washington.edu-dittrich-misc-faqs-rootkits.faq
-
Sniffers
- Sniffit
Page
-
TCPDump
- Index
of -release
-
VNC
- Phenoelit
- SecuriTeam.com
™ (Brute forcing VNC passwords)
-
War Driving, Cards
& compatibility
-
Orinoco and Kismet
- AW
[Atmel-WLAN-USB] Orinoco USB Client Gold
- Forrestina's
Homepage gee, how original
- RE
kcwireless-talk Kismet - Orinoco - RH - How
To
- RedHat
8 + Orinoco + Kismet - How To
- SourceForge.net
Project Filelist
-
- 802.11
Wireless Networking Deployment Survey for Dublin,
Ireland
- AirSnort
Homepage
- Kismet
- Microsoft
TechNet
- ncurses-5.2-8.i386
RPM
- NetStumbler
readme
- SourceForge.net
Project Info - AirSnort
- SourceForge.net
Project Info - Network Stumbling - Wardriving Utility
- SourceForge.net
Project Info - wepcrack
- Wireless
Encryption Help
-
-
Windows Null
- 120929
- How the System Account Is Used in Windows
- 246261
- How to Use the RestrictAnonymous Registry Value
in Windows 2000
- COTSE-NetBIOS
Tools
- Hammer
of God Utilities
-
WiFi
- Arwain
- Pringle Antenna
- How
to build a tin can waveguide antenna
- http--www.btinternet.com-~duncan.jauncey-experiences.html
- Massachusetts
Network Stumbling
- net
stumbler dot com
- Proxim
Wireless LAN and WAN Networking
- Proxim
Wireless Networks Proxim Sales in Europe
- Radiocommunications
Agency Home Page
-
-
wu-ftp
- http--www.baylisa.org-library-slides-2002-10-BayLISAApacheWUFTP.pdf
More penetration testing links
- Apache
Week. Vulnerabilities in PHP and mod_ssl
- Hacking
Exposed
- Hoover's
Online - Home Page
- ICAT
Metabase A CVE Based Vulnerability Database
- Internet
Software Consortium BIND Vulnerabilities
- mod_ssl
Source, Distribution Tarballs
- NBTScan.
NetBIOS Name Network Scanner.
- Pocket
ISP based on RedHat Linux Step by step guide
- PWDump3e
- Quick
Guide to Red Hat's Package Manager
- redhat.com
Mirror Sites
- redhat.com
Red Hat Support
- Rootsecure.net
Links Hacking
- SamSpade.org
Tools
- SANS
Security Digests - The SANS Institute ~ Computer Security
Education and Information Securi
- SecuriTeam.com
™ (VNC Password Brute Force utility released)
- Security
Alert Consensus - Archive & Sign-up
- Security,
Penetration Testing and Hacking Tips for network Administrators
- SecurityFocus
HOME Mailing Lists Subscription
- SecurityFocus
home vulns exploit Sendmail Debugger Arbitrary Code
Execution Vulnera
- TESO
Security Group
- thc
- the hacker's choice
- WebHackingExposed
- Tools
-
-
-
- --SpybotSD
- Welcome to security.kolla.de
- Backdoor
Trojans
- BHODemon
1.0
- Commodon
Communications - Threats to your Security on the Internet
- Cygnus
Hex Editor
- Firewall
Related Topics
- Firewall,
network security, remote control and monitoring solutions
for Windows NT-2000-XP and Windows Server 2003
- GNU
httptunnel
- http--www.cymru.com-Tools-
- NTFS
Alternate Data Streams
- NTFS
Streams - Everything you need to know (demos and tests
included)
- Official
website for DiamondCS TDS-3 - Trojan Defence Suite (TDS),
leading anti-trojan system for Windows
- Places
that viruses and trojans hide on start up
- Regbin
- Windows Registry Comparison Tool
- Registry
Watch easydfesksoftware.com
- Windows
Secret Explorer
-
- Paranoid
PC Anywhere
-
-
-
- Security
guidelines to protect against computer hackers introduced
-
- Internet
Security and Network Security
- Test
Page for the Apache Web Server on Red Hat Linux
-
-
- Hoover's
Online
-
-
Agencies
- SecurIT
-
Apache Specific
- http--docs.bsdaemon.be-docs-system-php3.txt
- Index
of -src-5.0
- Installing
OpenSSL - OIT Help Desk
-
-
-
Issues
- HTTP--Msgs.SecurePoint.COM-nessus
- OpenSSL
The Open Source toolkit for SSL-TLS
-
-
-
Nessus Research
- Speeding
up scans with Nessus
-
research
- SecurePoint
- Nessus Archive
-
-
Service Identification
- http--www.iana.org-assignments-port-numbers
- HTTP-1.1
Status Code Definitions
-
Vulnerability Database
- SecurityFocus
HOME Vulns Archive Vendor
-
Windows Penetration
Testing Tools
- .[packet
storm]. - http--packetstormsecurity.org-
- Cheops-ng
- Common
Vulnerabilities and Exposures
- Domtools
- dsniff
- Egressor
A Tool for Checking Router Configuration
- Firewalk
- http--www.isi.edu-in-notes-rfc1918.txt
- IISFAQ
- Article
- Index
of -software-strobe-classb
- Internet
Software Consortium - BIND
- ITS4
Software Security Tool [Cigital]
- JANET
Network Time Service, UKERNA
- John
the Ripper password cracker
- Nessus
- NessusWX
Home Page
- Nmap
-- Free Stealth Port Scanner For Network Exploration
& Security Audits. Runs on Linux-Wind
- Pavel
Krauz's Home Page
- Phenoelit
- R
a i n F o r e s t P u p p y
- Razor
Tools
- SamSpade.org
- SARA
- Security Auditor's Research Assistant
- Security
stuff
- SourceForge.net
Project Info - whisker
- stunnel
- multiplatform SSL tunneling proxy
- SuperScan
download page at WebAttack.com, network scanner
- TCPDUMP
public repository
- The
Million Packet March
-
-
-
-
IDS
- Snort.org
-
-
-
Log Analysis & Mis Use
- e-Security,
Inc. - Contact Us Request Information
- LCZ
Services
- SilentRunner
- Information Rules. Protect Yours.
-
-
-
-
-
Security Resources for
Penetration Testing
- OpenSSH
on Windows
- SecurityFocus
home vulns credit Microsoft Internet Explorer Form Denial
of Service
- Linux...
opening doors and smashing Windows
- SecurityFocus
home tools THC-SCAN
- Packet
Sniffing (wiretaps, protocol decoding) - SuraSoft.com
- SMTP
Spam Checker
-
Computer Hacking Groups
- .[packet
storm]. - http--packetstormsecurity.org-
- Cookie
Central - The Cookie Concept
- Security
Penetration Testers mailing list web archive By Thread
- Insecure.org
Security Mailing List Archive -- Nmap-Hackers, Nmap-Dev,
Bugtraq, Vuln-Dev, Linux-
- Quality
Security Tools
- u
n d e r g r o u n d s e c u r i t y s y s t e m s r
e s e a r c h
- The
Secure Sockets Layer Protocol (SSL)
- Web
Hack FAQ v3
- Internet
Explorer cookies are world-readable
- World
timezones map with current time
- Pavel
Krauz's Home Page
- idontpay.com
- Free internet access around the world!
- Mixter
Security
- Blocking
Buffer Overflow Attacks
- The
Open Web Application Security Project
- Web
Application security testing Checklist
- Don't
be a Victim! Make Sure You're Protected Against Commonly-Exploited
Vulnerabilities!
- TechTV
Kevin Mitnick Interview Transcript, Part 1
Certified Ethical
Hacker Certification
-
-
Security Surveys
- CII
- Services to Industry - Homepage
- DTI
Information Security Breaches Survey 2002
- IT
Best Practice . ORG . UK
-
-
-
|
