Getting your fill of Security

 
 

Sent to you by l5g via Google Reader:

 
 

via Room362.com RSS Feed by Rob Fuller on 5/29/09

I recently posted a blog post to Exotic Liability's website with the same title, and I realized that it would make a great thing to post to here, and update regularly, or just put it on the wiki I keep saying that I get going here. Enough rambling, here is how you can get your fill of security:

Podcasting:
GetMon – http://www.getmon.com/ – This is a great site because you can download or listen to any of the security podcasts right from their site if you want to.
HackerMedia – http://www.hackermedia.org/ – They put together like podcasts into different categories, and they overlap. So if you want the "Linux" feed, you'll get podcast A, B, and C. But maybe podcast C does Linux security, so if you subscribe to the "Security" feed, you might get C, E, and G. You can also get the everything feed

Bloggers (RSS Feeds):
Security Bloggers Network – http://www.securitybloggers.net/ – A consolidated feed of a HUGE list of security blogs

Twitter:
Security Twits – http://www.security-twits.com/ – A long list of security related twitter accounts. From people to events, to companies.

Places to learn:
The Academy Pro – http://www.theacademypro.com/
Learn Security Online – http://www.learnsecurityonline.com/
Free IT Security Training – http://www.freeitsecuritytraining.com/
Virtual Training Environment by Carnegie Mellon – https://www.vte.cert.org/vteweb/

Challenge Sites and Sites that are OK to attack:
(Make sure you know which is which before you haul off and start attacking though)
(Most of these stolen from Chris Nickerson's reply to Show 17 Links blog post)

http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
http://testasp.acunetix.com/Default.asp
http://test.acunetix.com/
http://hackme.ntobjectives.com/
http://www.foundstone.com/us/resources/proddesc/hacmeshipping.htm
http://www.foundstone.com/us/resources/proddesc/hacmecasino.htm
http://www.foundstone.com/us/resources/proddesc/hacmebooks.htm
http://www.foundstone.com/us/resources/proddesc/hacmetravel.htm
http://lampsecurity.org/capture-the-flag-5
http://zero.webappsecurity.com/
http://www.hackertest.net/
http://www.hackthissite.org/
http://www.mavensecurity.com/WebMaven.php
http://ha.ckers.org/challenge/
http://ha.ckers.org/challenge2/
http://demo.testfire.net/
http://scanme.nmap.org/
http://www.hellboundhackers.org/
http://www.overthewire.org/wargames/
http://roothack.org/
http://heorot.net/
http://www.irongeek.com/i.php?page=security/mutillidae-deliberately…
http://wocares.com/xsstester.php
https://how2hack.net
http://hax.tor.hu/
http://www.bright-shadows.net/
http://www.dareyourmind.net/
http://hackergames.net/
http://www.hackquest.com/
http://www.darkmindz.com/
http://www.caesum.com/game/
http://www.net-force.nl/
http://www.osix.net/
http://www.mibs-challenges.de/
http://projecteuler.net/
http://uva.onlinejudge.org/
http://ace.delos.com/usacogate

So now you have absolutely ZERO reason to have one moment of time on your hands ;-)
Know of another good resource? Post a comment.

UPDATE: ethicalhack3r from http://www.ethicalhack3r.co.uk pointed me to his project called "Damn Vulnerable Web App". You can find it on Sourceforge here: http://sourceforge.net/projects/dvwa/

Related posts:

  1. Offensive Security Certified Professional I recently obtained the status Offensive Security Certified Professional. It...
  2. Getting your fill of Reverse Engineering and Malware Analysis Matt, from the Exotic Liability forums, posed a suggestion for...
  3. SBN move to Lijit Alan posted this about the SBN: Well there is not...


 
 

Things you can do from here:

 
 

Getting your fill of Reverse Engineering and Malware Analysis

 
 

Sent to you by l5g via Google Reader:

 
 

via Room362.com RSS Feed by Rob Fuller on 6/12/09

Matt, from the Exotic Liability forums, posed a suggestion for a episode: "Getting started [in] reverse engineering hardware drivers?". I thought this was an interesting topic to attack so, I dug a bit into my RSS feed pile of goo and compiled this list of links. Hope this helps Matt.

Individuals —

Skywing – http://www.nynaeve.net/
Egypt – http://0xegypt.blogspot.com/
Yoni – http://blogs.msdn.com/michael_howard/
Raymond Chen – http://blogs.msdn.com/oldnewthing/
Sia0 – http://blogs.msdn.com/michkap/
Rob P – http://geekswithblogs.net/robp/Default.aspx
Quantam – http://qstuff.blogspot.com/
Phn1x – http://hamsterswheel.com/techblog/
Halavar Flake – http://addxorrol.blogspot.com/
Pedram – http://pedram.redhive.com/blog
Tyler Shields – http://www.donkeyonawaffle.org/
Wesley Shields – http://www.atarininja.org/
Peter Wieland – http://blogs.msdn.com/peterwie/
Michael Howard – http://blogs.msdn.com/michael_howard/
Doron Holan – http://blogs.msdn.com/doronh/
Nico Waisman – http://eticanicomana.blogspot.com/
Dmitry Vostokov – http://www.dumpanalysis.org/blog/
Nicolas Sylvain – http://nsylvain.blogspot.com/
Alex Ionescu – http://www.alex-ionescu.com/
Mattheiu Suiche – http://www.msuiche.net/
Larry Osterman – http://blogs.msdn.com/larryosterman/
Koby Kahane – http://kobyk.wordpress.com/
Jason Geffner – http://malwareanalysis.com/communityserver/blogs/geffner/default.aspx
Ero Carrera – http://blog.dkbza.org/
Dino Dai Zovi – http://blog.trailofbits.com/
Ilja – http://blogs.23.nu/ilja/
Nate Lawson – http://rdist.root.org/
Mark Russinovich – http://blogs.technet.com/markrussinovich/
Jose Nazario – http://www.wormblog.com/
Jonathan Morrison – http://blogs.msdn.com/itgoestoeleven/
John Robbins – http://www.wintellect.com/cs/blogs/jrobbins/default.aspx
Ilias Tsigkogiannis – http://blogs.msdn.com/iliast/
Daniel Reynaud – http://indefinitestudies.org/
Joanna Rutkowska – http://theinvisiblethings.blogspot.com/
Matthieu Kaczmarek – http://www.loria.fr/~kaczmare/index.en.htm
Silvio Cesare – http://silviocesare.wordpress.com/
Philippe Beaucamps – http://www.loria.fr/~beaucphi/
Debugging Toolbox – http://blogs.msdn.com/debuggingtoolbox/

Fravia's saved works (RIP) – http://www.woodmann.com/fravia/index.htm

Groups —

Offensive Computing – http://www.offensivecomputing.net/
The Cover of Night – http://www.thecoverofnight.com/blog/
LHS – http://lhs.loria.fr/
NT Debugging – http://blogs.msdn.com/ntdebugging/
Hex Blog – http://www.hexblog.com/
Engineering for Fun – http://blog.engineeringforfun.com/

Company —

OpenRCE – http://www.openrce.org/articles/
DV Labs – http://dvlabs.tippingpoint.com/blog/
Matasano – http://www.matasano.com/log/
VeraCode – http://www.veracode.com/blog/
Trend Micro – http://blog.trendmicro.com/

Forums —

Reverse Engineering – http://community.reverse-engineering.net/index.php
OpenRCE – http://www.openrce.org/forums/
Assembly Forums – http://www.asmcommunity.net/board/

Sandboxing and Analysis —

Joe Box – http://www.joebox.org/
Virus Total – http://www.virustotal.com/
Wepawet – http://wepawet.cs.ucsb.edu/
F-Secure -http://www.f-secure.com/en_US/security/security-lab/
Anubis – http://anubis.iseclab.org/
Jotti – http://virusscan.jotti.org/en
Sunbelt CWSandbox – http://www.sunbeltsecurity.com/Submit.aspx?type=cwsandbox&cs=A41CD150B37359889A553671CBFD2360

Misc —

Code Breakers Journal – http://www.codebreakers-journal.com/
The Art of Assembly – http://webster.cs.ucr.edu/AoA/DOS/AoADosIndex.html
Intel Processor Instruction Set A-M/N-Z – http://www.intel.com/products/processor/manuals/
WASM.ru with translation – http://66.196.80.202/babelfish/translate_url_content?lp=ru_en&url=http://www.wasm.ru&.intl=us

Related posts:

  1. Getting your fill of Security I recently posted a blog post to Exotic Liability's website...
  2. Runtime Packers – hold the cheese So we are taking a short break from my...
  3. DEFCON 16: The Tools not the Toools Originally posted to the Zero Day blog on Ziff Davis:...


 
 

Things you can do from here:

 
 

白眉大侠 paimei 在python 2.6 下的安装使用

http://code.google.com/p/paimei/  更新的比较少了 issue中有人共享了一些patch 


有个依赖 pydasm http://dkbza.org/pydasm.html 
决定对python 2.6 编译一个pydasm.pyd 
metasploit的cygwin环境不全 

chrome 切换代理

chrome使用的是ie的代理设置,切换代理  用python写了段代码 

一般用两个代理 gapproxy 使用的是 http代理 
另一个 ssh tunnel

#!/usr/bin/env python
#-*- coding:utf-8 -*-

import sys
from _winreg import *

subkey = "Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings"

def usage():
    print " 0 exit"
    print " 1 no proxy"
    print " 2 1080"
    print " 3 8000"
    

if __name__ == '__main__':
    key = OpenKey(HKEY_CURRENT_USER, subkey, 0, KEY_ALL_ACCESS)
    print QueryValueEx(key, "ProxyServer")

    proxyEnable = 1#"00000001"
    proxyServer = "socks=127.0.0.1:1080"

    usage()
    c = int(input("input command 0/1/2/3: "))
    while(c != 0):
        if c == 1:
            proxyEnable = 0 # "00000000"            
        elif c == 2:
            proxyEnable = 1 #"00000001"
            proxyServer = "socks=127.0.0.1:1080"
        elif c == 3:
            proxyEnable = 1 #"00000001"
            proxyServer = "http=127.0.0.1:8000"

        SetValueEx(key, "ProxyEnable", 0, REG_DWORD, proxyEnable)
        SetValueEx(key, "ProxyServer", 0, REG_SZ, proxyServer)

        print "Current State:"
        print "   ", QueryValueEx(key, "ProxyEnable")
        print "   ", QueryValueEx(key, "ProxyServer")

        c = int(input("Input command 0/1/2/3: "))

    CloseKey(key)