** Thanks for checking out this post! It’ll be revamped shortly to include a better forensics section and, perhaps, a little more order!!! If you think something should go here, just send me a message! In the meantime, feel free to check out some of the great links on the right side menu of the blog. **
Top Sources at Random
Schneier on Security
Honeynet Project Blog
SANS Institute’s Forensics Blog
LinuxSecurity.com
Exploits Database by Offensive Security
LeakDB (search by hash or text string for cracked content)
Ethical Hacking Projects @ Break The Security (contains a nice repository of tools)
16 Systems (awesome free cryptanalysis and penetration tools inc. TrueCrypt volume detection)
Security Tube (the best site for computer security and video instruction; complete with segments from security conferences!)
Nirsoft Tools (great freeware forensics tools and password utilities).
Cryptohaze (interesting encryption penetration tools that rely on your GPU)
Forensics
Cyberspeak’s Podcast (Ovie Carroll’s podcast!)
Forensic 4cast (great podcast and magazine by Lee Whitfield!)
Mandiant (Redline memory analyzer, Web Historian, Highlighter for logs, awesome industry blogs, etc.)
AccessData (FTK/FTKi for acquisitions, Registry Viewer, PRTK/DNA, etc.)
Guidance Software (makers of EnCase which I’ve come to admire greatly despite being a die hard FTK fan. The EnScript scripting element for customized analysis and artifact recovery is outstanding. They also own Tableau!)
DEFT Linux – Computer Forensics live cd (forensics linux distro, pretty good for IR)
Paladin4 (one of the easiest linux distros to use, excellent for imaging!)
F-Response (never used it but I see it used online all the time; this looks like one of the best networking acquisitions tools ever. The fact that I dc3dd and netcat is probably not healthy, but I’m new to forensics so I have an excuse!)
Malware Analysis
Deep End Research (Leading malware research, Yara, etc.)
VirusShare (Malware Samples)
VirusTotal.com (Identify malware by hash or upload a file to scan)
Some more good reading…
TaoSecurity
Dark Reading | Security | Protect The Business – Enable Access
Darknet – The Darkside | Ethical Hacking, Penetration Testing & Computer Security
Packet Storm ≈ Full Disclosure Information Security
CYBER ARMS – Computer Security
Zimperium – Protecting your empire
Offensive Security Blog
BackTrack Linux – Penetration Testing Distribution **
Insecure.Org (makers of the famous nmap and crackers you can trust)
Seclists Mailing Lists (Insecure.org brings you a quality mailing lists spanning a wide variety of topics!)
Seclists Vulnerability Mailing List (Insecure.org brings you a quality vulnerability/bug-related mailing list)
Lifehacker, tips and downloads for getting things done (occasionally some good security articles on setting up a VPN, Proxy server or safeguarding data, targeted at non-security professionals)
TrueCrypt – Free Open-Source On-The-Fly Disk Encryption Software for Windows 7/Vista/XP, Mac OS X and Linux (Beside from the “Evil Housemaid” exploit, this is – simply put – the very best open source encryption software out there)
Armitage – Cyber Attack Management for Metasploit (Armitage; that which makes a lot of Metasploit possible)
https://www.grc.com/default.htm (offers on-site quick vulnerability scans and other services)
BugTraq (Security Focus)
SecurityFocus (Symantec owned news)
** Some great Backtrack/Kali-related sites include the Official Wiki & Tutorials Section. SecurityTube has some great tutorial videos as well. Kali Linux is now my go-to distro for Linux forensics and pentesting, you can snag a copy here (or join a great unofficial fan forum here). Additional BT5 instructional videos can be found on the BackTrack Linux Fan Page.
Cracking
Ophcrack Project Homepage
This tool is good for LM and NT hash; quick and easy SAM hive cracking which is ideal if you don’t happen to have a license for PRTK but do for FTK and wish to crack EFS; uses rainbow tables for speed (pre-calculated hashes), for brute force see l0phtcrack below.
l0phtcrack Password Auditor
Offers excellent brute force, support for rainbow tables and dictionary attacks. Some that are coming from PRTK may note l0phtcrack seems to be missing PRTK’s biographical dictionary attack… one of my favorite tools. But that’s not necessarily true: you can accomplish this by loading biographical information in by creating your own dictionaries. Also one of the coolest features of l0phtcrack is the network sniffer which pulls password hashes transmitted across a network… but fair warning: it doesn’t always work, if in doubt, read the documentation).
** Note: thanks to my nameless friend for letting me try his l0phtcrack. Much appreciated.
AccessData’s PRTK
One of my all time favorite tools. Although brute forcing and standard dictionary attacks may take a long time and be resource intensive, PRTK also includes some pretty powerful dictionaries straight off the bat. Also nothing beats the simple and straight forward interface. I’m a huge fan of the biographical dictionary attack in which you can import string data from FTK and FTKi to accomplish a user-specific attack (that is to say, things like directory listings, FTK dtIndex’d results, etc. can all be imported to speed up attacks). I used PRTK extensively in my AccessData Certified Examiner studies and found it to be one of the best tools to date.
Interesting side note regarding EFS cracking if you have a license to FTK but not to PRTK:
If you are running FTK4+, you can first crack the Windows user password in Ophcrack (SAM & SYSTEM hives) and then, after selecting the EFS encrypted file, allow FTK to decrypt it with the password you’ve discovered. FTK also includes allows you to list multiple passwords if you’re unsure of which it may be. If PRTK is installed on the same system, it’ll use PRTK in the background and decrypt the file. Of course, as an ACE, I advocate getting a license to PRTK if you can, but thankfully PRTK can be used for this at the back-end with little trouble.
Safeguarding Data using Strong Passwords
https://www.grc.com/passwords.htm
Strong Password Generator
How To Create Strong Passwords That You Can Remember Easily
Computer Security Conferences of Note
http://www.defcon.org/
Black Hat | Home
Where The World Talks Security | RSA Conference
ASIS International: Home Page
Computer Forensic Show
Multiple SANS Conferences
NYC 2600
What Kind of Disjointed List is This?
Obviously it would be impossible list all the great computer security-related sites and tools out there. Hope you find the list somewhat useful.