Recently in Security Tools Category

Reed Arvin # Security Tools

A listing of some cool looking security tools. In particular, I think that PWDumpX could be an interesting one.

I've not had a chance to play with it yet, but it seems to me that the implication of it is that in an enterprise environment, if you have access to a local admin set of credentials (which depending on how your company manages local admin accounts may be pretty easy) or if your domain account has local admin, you could use this tool to dump the domain credentials of any user by running this against the machine that they're logged in to. Of course, once you've got the credentials you need to decrypt them, but then, that's what rainbow tables are for!

If it works like that it's actually a pretty sneaky attack, definitely one to test.

Nmap 4.00 with Fyodor

Well NMAP 4's out and from the link it looks like there are a fair number of cool new features and enhancements to it...

One to try out over the next couple of days.

ScreamingCSS - Vulnerability Detector | SecGuru

Not tried this out yet but it could be quite interesting. Especially as it's written in perl, so I'll have some chance of understanding/tweaking it....

SecurityFocus HOME Infocus: Windows NTFS Alternate Data Streams

A good security article at securityfocus.com covering Alternate data streams in windows. There are 2 tools mentioned in the article which I think are well worth using, either on a periodic basis as a audit tool, or on a machine which you think may have been compromised.....

Slashdot | Port Knocking in Action

there's a story on slashdot.org covering a port knocking proof of concept. Ironically there's better links in one of the early comments than in the story itself! I've made a list of them below for reference.

portknocking.org
An article at Linux Journal
An article at Linuxsecurity.com
A tutorial at Librenix

For those of you wondering "what the stuff is port knocking anyway?" here's a definition I got from the UNIX FAQ at aplawrence.com

" Port knocking is a security technique to allow access to people who know the "secret knock". The basic idea is this: packets addressed to certain ports are silently ignored but are logged. If you contact the right series of ports in the right sequence, possibly with the additional condition of holding the ports open for a certain period of time, the firewall rules will be adjusted to allow you access.

The interesting things about this technique include the fact that you can obviously transmit information with the pattern or duration of the "knocks". That means that you could request that some other ip be allowed access, or just request that certain information be sent to you. Another interesting aspect is that because the packets are silently dropped, there's no way to scan a host and determine that it is using a port knocking technique. Even if you knew that it was using such a technique, but didn't know the algorithm, any brute force attempt would be effectively impossible"