Security isn't thin
  ITS LARGE

    LOUD AND

      FAT

<--------------On the job!!!!!!!

 


Tools and Methods


 

Software

  WIDZ - the Wireless 802.11b IDS

Its nearly ready - a beta version of the wireless IDS I have been working on

Go to my home pages to find some good articles on the risks plus attacks that can be launched against an 802.11 network - not just theory more like an faq

Honey pots and other IDS covered


  WIDZV1.5 - the Wireless IDS for 802.11b

This now works well !!!and
has loads of new funtcions. Detects Rogue APs and Monkey-jacks. Null probes , floods has a Mac Backlist and ESSID blacklist so we can catch the obvious badguys


  Cisco Router passwd decoder

Simple little perl script to decode router passwords.

  Oracle security tools

Why use a database scanner - Specially if you don't have one

I wrote this years ago - might help

  NIMROD - Application security aid

Theres a story here - a while back I was doing a pen test and needed a CGI scanner That wasnt Whisker. So I downloaded one called crazy.c. Like most things you download it didnt work - Why!!! because there was no recv() on the sockets file descriptor to return the results to the program nor was there a printf() to give the user an inclination of what was going on

So I changed it - then I converted it to be an all singing and dancing thing to suck a website dry using a webvac i.e. wget and produce an inventory of all comments directories, cgi and forms for ANALYSIS.

then it is supposed to scan all those directories for well known vulnerabilities. Good Idea - but it doesnt work

  SNMP bruteforcer

Yes I know Solar winds has got one but this came first - ok. Oh by the way this will dos the router if your not careful - SO be Careful and don't hurt anyones box

  sscan.txt

Simple shell script that uses IP spoofing in nmap to scan with IDS avoidance

 

Thinkware

  IDS deployment methodology

Use this and you IDS will work better

  Hardening Cisco Routers

At the time this was pretty unique -now there are a few books and sites that cover it

Its still very good

  Firewall rules methodology

found it - it was in my bedroom

  Vulnerability Lifecycle theory

A theory that explains the lifecycle of a vulnerability - Read, it 's useful

  Security Tool Typology

A model that explains the pupose of all this security software you all keep installing on your poor servers - I'm sure it is too simple to be of any use fnnarr

  Incident Checklist

Sorry lost it - its in my bedroom somewhere

 



[Back 2 LFB]