Redspin, Inc. | Technical Security Auditing Resources



	Redspin Research
	Redspin Presentations
	Redspin Videos
	Redspin Data Sheets
	Redspin White Papers
	Technical Resources
	Regulatory Resources
	Security Management Advisory


Redspin Research Technical Resources
This collection of links provides access to various resources that we find useful from time to time. Additional resources are available regarding: Resource Categories Current News Recon Tools System Administration Tools Mail VLAN Web Security AS/400 Lotus Domino Default Password Lists Virus Protection Telephony Research & Exploits Security Policy Security Audit Wireless Security Reverse Engineering Forensics Home Security Current News SANS - incidents.org Security Focus Packetstorm Bugtraq CSI SANS SANS - Top Ten (now 20) Security Threats CERT McAfee - Vulnerability List Whitehats Help Net Security 2600 Phrackt Top Recon ARIN Sam Spade Network Solutions - whois OCC - Comptroller of the Currency Hping2 Idle Host Scan Top Tools nmap Nessus Nessus Notes dsniff Ethereal hping - HOW TO tcpdum - Man Page Snort Tools from atstake Tools from Foundstone Tools from BindView RAZOR Microsoft MBSA Top System Administration Tools xinetd Serial Console - How To Linux Administrator's Security Guide Serial Console - Windows How To Top Mail Using stunnel to secure IMAP TWIG - web email HIPAA compliant mail Internet Mail Consortium Top VLAN Sans - VLAN security test Bugtraq - Post from VLAN thread Discussion of switch security Cisco - configuration notes Top Web Security OWASP - Open Web Application Security Project IBM - Web Application Server Security Top AS/400 Firewall DoS attack HTTP source code viewing Packetstorm posting Resrources from IBM (1) Resrources from IBM (2) Top Lotus Domino Tools from NGS notes.net - Technical resources from Lotus/IBM Lotus/IBM: A Guide to Developing Secure Domino Applications DomiLock and other resources (going off-line) Top Default Password Lists www.phenoelit.de Passwords from CIRT.net List posted to Packetstorm Top Virus Protection eicar - anti-virus test file The Wildlist Top Telephony War Dialers Top Research & Exploits Cisco Advisories Lance Spitzner Whitepapers w00w00 RainForsetPuppy Fred Cohen's all.net Team TESO GOBBLES Securiteam THC hammerofgod.com XACML - eXtensible Access Control Markup Language NMRC Web server header database - searchable Top Security Policy SANS - Security Policy Project IETF RFC 2196 - Site Security Handbook Security information from Georgia Tech NIST's security policy resources Top Security Audit IT Audit Forum Introduction to Security Risk Analysis RFC 2196 - Site Security Handbook Ideahamster - Assessment Methodologies Information Systems Audit and Control Association IT Governance Portal CERT: OCTAVE approach NIST: Federal Information Security Assessment Framework National Security Agency: http://www.nsa.gov/isso/iam/iam.htm NIST: CVE search engine Vulnerability Testing Glossary NIST - Guideline for The Analysis of LAN Security SANS - risk assessment resources (see references) SANS vulnerability rating approach Top Wireless Security Kismet (passive, no key cracking) Wellenreiter (passive, no key cracking) Airsnort (passive, key cracking) bsd-airtools (various BSD tools) WEPCrack (key cracking) NetStumbler (Windows, active probing only) Resources/howto's @ tipsybottle MAC address database Default settings (SSID, channel, WEP key) Thread from Securityfocus Top Reverse Engineering Assembly - linuxassebly.org Assembly - Kip Irvine's resources Tools from packetstorm Disassembler - biew Disassembler - the bastard Disassmbler - IDA Pro (windows) Zeltzer's reverse engineering analysis Top Forensics Wietse Venema's site Windows tools: tcpview, procexp, filemon, regmon Top Home Security CERT - Home Network Security www.sofaweb.com Top