... a small collection of useful links from the net

Domain, Site & IP Information

SANS Internet Storm Center: Summarizes the overall security health of the Internet. Shows security trends including the top 10 rising ports. Also has a quick and easy to use port/ip lookup search feature at the top right.

ARIN WHOIS Database Search: Provides a mechanism for finding contact and registration information for resources registered with ARIN. Often used in penetration testing for discovering all the IP address space registered by an organization.

Robtex: A collection of various online tools such as DNS, whois, blacklist checking, reverse IP, etc., for examining domain names and IP addresses.

DNS History: Historical archive for DNS records.

DNS Stuff: a bunch of useful tools on internet for your mail and web server.

MultiRBL.valli.org: A DNS blacklist and Forward Confirmed reverse DNS tool for checking multiple blacklists simultaneously. Used to see if a given IP is in any of the hundreds of separate blacklists, likely for spam or abuse reasons.

SHODAN: Search engine that looks for public service banners.

Namedroppers: Lists registered domain names that match your search query. Useful for showing possible phishing sites.

Team Cymru: Provides charts and graphs on malicious Internet activity, as well as an always up-to-date bogon list (series of IP blocks that should never be routed globally on the Internet. These IP addresses, which change periodically as IANA sees fit, are commonly found as the source address of DDoS attacks, which is why they should be included in your ingress/egress filters). They also manage the Darknet Project.

URLVoid: Allows visitors to submit a domain name and have it scanned by multiple web site reputation engines in order to flag malicious web sites.

Google Safe Browsing: Enter an address at the end of the URL (example.com used as an example) to see whether the site engages in malicious behavior such as drive by downloads.

urlQuery.net: Allows you to process the response to a URL request to see if there is anything malicious. Very detailed.

Unmask Parasites: Submit a web site name and have the page scanned for external references and suspicious scripts.

LongURL: Expand the shortened URLs that were compacted by any one of hundreds of different URL shortening services. Will also reveal any redirects and information about the final destination page.

Web Sniffer: Allows you to view the HTTP requests and responses of a site without visiting it. A similar site is Rex Swain’s HTTP Viewer.

HTBridge : SSL Test for free and it allow you to test not only mail and web Certificate will allow you to select the port to test.

SSL Labs & SSL Tools : SSL test for websites, allowing you to verify SSL metrics for a web site.

UltraTools others various tools.

SSL Pulse: A survey of the SSL implementation of the most popular web sites.

 

Malware, Crime, & Exploits

Note: Some of the following may contain links to actual exploits, hacking tools, and/or possible “underground” sites. Do not click carelessly.

VirusTotal: An online service that allows you to upload a file and have it scanned by over 40 different virus scanners in order to detect any possible malware. Another site that provides similar services is Jotti’s malware scan.

Comodo Instant Malware Analysis: Allows you to submit a suspicious executable for behavioral analysis. See the changes that the executable makes to registry keys, files, directories, drivers, processes, threads, as well as network behavior such as DNS queries, HTTP traffic generated, etc. Other good sites for this are malwr.com, Anubis, and hybrid-analysis.com.

Wepawet: Another online malware analysis tool, but this one specializes in Flash, JavaScript, and PDF files.

Cyber-Threat Analytics: The Cyber-TA Project Page provides Internet attack reconnaissance information. Their goal is to allow for rapid distribution of this content to the general network community in order to help mitigate emerging attacks. Their malware analysis page is where the goodies are. This will show you their daily infection log summaries that were harvested live from the SRI high-interaction honeynet. Drilling down through these reports will reveal a lot of technical details about malware infections that are currently circling the globe (including IP addresses of attackers, botnet command and control servers, and failed DNS lookups attempted by malware). Essentially, this page tells you where the bad guys are, and what they are doing.

Shadowserver Foundation: The Shadowserver Foundation is a volunteer watchdog group of security professionals that gather, track, and report on malware, botnet activity, and electronic fraud. The purpose of the site is to raise awareness of the presence of compromised servers, malicious attackers, and the spread of malware.

PhishTank: A collaborative clearing house where anyone can submit, verify, track and share phishing data.

Exploit-DB: A repository of exploits that is frequently updated with the latest attacks. A somewhat similar site would bePacket Storm.

Offensive Computing: A well stocked-database of malware used for analysis purposes.

Malware Domain List: A frequently updated list of malicious domains and URLs.

Hackmageddon.com: A listing and timeline of cyber attacks.

 

News & Publications

Security Wizardry Computer Network Defence Situational Awareness: A site that is probably familiar to most people who have worked in a SOC. If you plan on displaying it 24×7 in an enterprise, as a safety measure we would recommend doing so on a dedicated hardened system (a hardened system with a browser that has no plugins enabled, with security extensions installed, and that isn’t logged into the dashboards of your security appliances).

Threatpost: Up to date security news delivered by Kaspersky Labs.

Computer Crime Research Center: Divulges the latest cybercrime news.

Global Incident Map: Combines security news and events with Google maps. Very interesting to see.

DataLossDB: Documents, tracks, and analyzes incidents involving data loss worldwide.

(IN)SECURE Magazine: Free downloadable magazine that discusses the latest security topics on a technical and operational level.

Cryptology ePrint Archive: Archive of cryptology research papers.

Infosec Writers: A collection of various Information Security articles, white papers, and projects, contributed by people willing to share their knowledge and experiences on various aspects such as cryptography, email security, exploitation, firewalls, forensics, general security concepts, honeypots, IDS, malware, wireless security, etc.

IAnewsletter: The Information Assurance Technology Analysis Center’s newsletter for information assurance technology professionals. IATAC is a U.S. Department of Defense sponsored organization.

CSIS Technology Publications: The Washington DC based Center for Strategic & International Studies’ publications on technology topics, many of which relate to cybersecurity issues.

Symantec Internet Security Threat Report: Lengthy, well-presented report offered in multiple formats (PDF, Flash, Podcast) that provides analysis and discussion of threat activity over a six-month period, covering Internet attacks, vulnerabilities, malicious code, Phishing, spam, security risks, and future trends.

Microsoft Security Intelligence Report: A semi-annual report from Microsoft that analyzes threats, vulnerabilities, exploits and attacks based on data from hundreds of millions of systems worldwide.

NSA Security Configuration Guides: The National Security Agency has written a series of security configuration guides for securing specific network devices, services, and operating systems.

NIST Computer Security Special Publications (800 Series): A collection of documents published by NIST’s Information Technology Laboratory that are of general interest to the computer security community.

 

Mac Admin Conventions

ACES Conference: ACES is a conference for Apple Consultants. Held May 20th and 21st in New Orleans, LA, ACES was a really good introduction for many on running a Mac consultancy, represented by many of the larger and more well established Apple consultancies in the US and Canada.

AirWatch Connect: Similar to JAMF’s Roadshow, the AirWatch Connect conference is actually held in Atlanta, Barcelona, London and Sydney at different times. This is a great conference for people managing heterogenous mobile deployments, including iOS.

Filewave Conference: Held in Zurich (March 4th and 5th) and Indianapolis (March 18th and 19th), the Filewave Conference in 2015 had a focus on the FileWave 9 release and provided systems administrators of FileWave environments with access to developers, deployment information, etc.

JAMF Software’s JNUC (JAMF Nation User Conference) is a  conference primarily geared at the Apple Administrator who use the Casper Suite for their administrative efforts. There are some sessions on general administrative topics, such as what a plist is and general shell scripting. If you spend a lot of your day in the Casper Suite, then this is a great, free conference held in Minneapolis, Minnesota in the fall. October 13th through 15th, 2015.

JAMF’s Roadshow: The JAMF Roadshows are a resurrection of an excellent event from a few years ago, where JAMF went around the country hosting day long mini-conferences for customers and systems administrators. Held throughout summer 2015, in New York, Dallas, Orange County, San Francisco, London, Sydney and Melbourne – you can also hear more aboutBushel here (shameless plug on that part).

LOPSA East: A good conference held by LOPSA’s New Jersey chapter. Lots of speakers, discussing how IT professional from a variety of disciplines can make the jump from a junior or mid-level engineer, into the upper echelons of IT madness. Held May 6th and 7th in New Brunswick, New Jersey.

Mac Admin and Developer Conference UK, from AmsysMacADUK is a conference for Apple administrators and developers, with a lot of sessions and good content, held in London.

MacDevOps YVR: MacDevOps is a conference, with the first show held on June 19th, 2015. With sessions ranging from collaboration to Puppet-as-a-Service (the other PaaS) to Docker, Munk, Python, Casper, git, VMware, Chef, etc, this one is definitely for the scripty amongst the Mac community who are heavy into systems automation and, well, DevOps…

MacIT: Like I said earlier, MacIT is the grandaddy of them all. It’s going a little bit back to the roots of the Mac Networkers Retreat days (circa 2002ish or something like that), but definitely bigger than those were. With leading industry speakers in areas like management, leadership, servers, specific implementation types, etc, MacIT is a good, general conference, bringing together a lot of Apple administrators in one place. I especially like the panels…  July 14th to the 16th in Santa Clara, CA.

MacSysAdmin: All things Apple, in Sweden. Definitely the best conference in Northern Europe. Lots of really good content, with a very global perspective. Really great people to network with as well, in a relaxed atmosphere. Held September 29th to October 2nd.

MacTech: Ed Marczak does a great job curating this conference, which really has a focus on systems administration at scale. It’s a good look at how environments grow (if you’re growing) or to get some really good tips and tricks for your grown up environment. November 4th through 6th, so it’s also a good time as it’s nearing the end of the traditional conference season.

Mobile World Congress: I usually find the people at a show like this to be less technical, more business analysts, more interested in the why and results than the how. It’s a good group, but different from those who spend all of their time integrating systems. Held in early May, with global shows in Shangai, later in the year.

Penn State MacAdmins Conference: Held June 27th to June 30th, Penn State Mac Admins emerged during a time of uncertainty with WWDC and systems administration topics. If you’re part of the infamous MacEnterprise list that Penn State runs, and you find the conversations there relevant to your job then this is likely a conference you’ll want to attend. It’s priced well, too!

University of Calgary MacDeployment: This is marketed as more of a workshop, but it’s worth note as it had a lot of really good content and provided a good centralized place for Canadian Mac Admins to pick up new tips and tricks!

Usenix: I think this is a great show for the Unixy amongst us. Many of the topics covered are highly relevant to the Mac admin.

WWDC: Everyone knows about Apple’s Worldwide Developer Conference. But more and more, if you use Munki or a third party tool to manage your systems and aren’t writing code, you can watch the sessions online and save your continuing development/training funds to check out one of the other conferences.

X World: Part of the AUC in Australia, X World had topics ranging from Munki to Casper. Initially a very education-centric conference, there were Apple administrators from around Australia gathered to share their knowledge and green information from others on managing large numbers of Apple systems. And the organizers and delegates are pretty awesome people to hang out with. Great networking. I highly recommend that if you are a Mac admin in Australia that you support the AUC by becoming a member!

 

Media Archives of Security Conventions

DEFCON Media Archive: A listing of all the content (audio, video, PDF, PowerPoint, executables, etc.) that was presented at DEFCON.

Black Hat Archives: Essentially the same as above but for the Black Hat briefings.

BlueHat Archive: An invitation-only Microsoft security conference held twice a year.

USENIX Multimedia Archives: Various conferences, workshops, and symposiums sponsored by the Advanced Computing Systems Association.

CanSecWest Material Archives: Three-day digital security conference held in Vancouver, Canada.

SecTor Presentation Archive: Security conference held in Toronto, Canada.

RECON Archive: Security conference with a focus on reverse engineering and exploitation, held annually in Montreal, Canada.

DFRWS Archives: Papers and slides presented at the annual Digital Forensic Research Workshop conferences.

Hack.lu Archive: Conference held in Luxembourg that discusses computer security, privacy, and the implication of IT on society.

Chaos Communication Congress Archive: The Chaos Computer Club’s Chaos Communication Congress, held in Germany.

VB Conference: Virus Bulletin conference held in various locations with a focus on anti-malware.

 

Security Blogs

Metasploit: Blog related to the Metasploit Project.

Schneier on Security: Known by almost everybody in the security community.

F-Secure Weblog: Frequently updated with detailed analysis of recent malware and online scams.

Sophos Naked Security Blog: Lists the latest online scams and malware threats.

Mandiant M-unition: Insightful technical blog by Mandiant.

Krebs on Security: Brian Krebs has written many excellent reports for The Washington Post, some that resulted in action being taken against the criminal organizations. He now continues on his own with his blog.

Google Online Security Blog: Security news and insight from Google.

Websense Security Labs Blog: A frequent source of insight on new web-based security threats.

 

Twitter Security Feeds

Mikko Hypponen: Always tweeting interesting things.

Malware Domain List: Updates from Malware Domain List.

Microsoft Security Response: Important security-related information from Microsoft.

 

Vulnerability Information

Secunia Security Advisories: Excellent up-to-date source for the latest vulnerabilities. Another good source for similar content is SecurityFocus.

CVE Details: Billed as the ultimate security vulnerability datasource.

CIRT.net default password list: A list of default hardware and software passwords, searchable by vendor, product, and model number. If you are currently using a product with the default password still set, or with a variant of the default password, change it now!

PatchManagement.org: A mailing list dedicated to discussing patches.

 

Network

Packet Clearing House: Provides the worldwide list of Internet Exchange Points which form the core of the global Internet.

The Cooperative Association for Internet Data Analysis: Offers research, analysis, and visualization efforts into the behavior, usage, evolution, and infrastructure of the Internet.

CiscoNet.com: Provides a list of public route servers that anybody can telnet to. Use them to run traceroutes and to help troubleshoot network issues.

IP to CIDR: One of the few CIDR calculators that converts IP ranges into CIDR notation.

IPcalc: Linux micro application and webpage.

Internet Traffic Report: Reveals the overall performance of the Internet’s bandwidth.

GRC’s Shields UP! test: Runs an online scan against your ports. Helpful for knowing which one of your ports are visible on the Internet. Given that many people’s home Internet connections are behind a router or DSL modem with a built-in firewall, this type of scan is very helpful in revealing which ports are open on the Internet versus which ports are open on your local network.

 

Operating Systems & Applications

CentOS: CentOS is essentially a binary copy of Red Hat Enterprise Linux (RHEL), except that contrary to RHEL, CentOS is 100% free. Probably this author’s favorite Linux distribution for running a server (yes, more so than Debian). CentOS is stable, secure, easy to use, and is supported for a good length of time, unlike certain Linux distributions which cease supporting their distributions 1 year after the newest version is released. For example, CentOS 4, released in 2005, will have maintenance updates until 2012. It is also arguably the best known and most popular of the Red Hat Enterprise Linux clones. For those who are comfortable with your “*nix” skills and don’t mind spending time configuring, you may also want to look into FreeBSD, which (for the uninitiated) is a Unix-like OS outside of the Linux family.

Qubes OS: An open source operating system designed to provide strong security through isolation.

Alpine Linux: A security-oriented, lightweight minimalist Linux distribution that can be used for various purposes.

Windows Sysinternals: A collection of several useful Windows tools, including network connection monitors, rootkit scanners, event log dumps, etc.

Microsoft Technet security tools list: Another collection of various Microsoft information security related tools.

OldVersion.com: An archive of older versions of software programs. Can be a useful educational tool in order to experiment with certain software vulnerabilities that become patched in newer versions. A similar site is OldApps.com.

PRISM Break: Provides software suggestions to help opt out of global surveillance programs.

 

Others

rationallyPARANOID:  rationallyPARANOID.com’s goal is to provide readers with a selection of the latest information security developments.

Krypted : Charles Edge’s Blog.

null-byte on wonderhowto: Null Byte

You Mac / Linux guy: Peter Bukowinski’s Blog.

{bjørn:johansen}: Bjorn Johansen’s Blog.

ss64.com: Command line reference – Web, Database and OS scripting.

openmaniak: In this website, you will find tutorials on very good network open source and gratis tools under Linux that will let you gather statistics about your network.

taniwha.org.uk: Ross Barkman’s Blog, GPRS/UMTS Scripts for OS X and Linux page.

SSL Ciphers config example: Strong Ciphers for Apache, nginx and others…

Firewall.cx: Firewall CX team Blog.

FAQforge: Windows, MAC and Linux FAQ website

Open Reverse Code Engineering: A user community for reverse engineering focused heavily on malware and security tools.

Open HUB: Provides information regarding code for open source projects.

The Center for Internet Security: A not-for-profit organization that develops best practice guidance such as security hardening recommendations for the Internet community. Their benchmarks are well worth submitting your e-mail address to download.

FILExt: Online database of file extensions. Also provides the unique identifying characters for certain file types. Can be helpful for computer forensics. See also TrID for a downloadable utility that provides similar functionality.

Keylength: Use Keylength to easily compare encryption key requirements as recommended by various organizations.

Free Rainbow Tables: One of the better places to download rainbow tables and to understand the security implications of relying on hashes for password authentication.

Yellowpipe Encrypter / Decoder: Online tool that allows you to encode and decode documents in various formats. For example by using the URL Decode function, you can decode a obscure URL such as “http://192.0.2.1/%65%78%70%6c%6f%69%74%2d%63%6f%64%65” into its human-readable text equivalent which would be “http://192.0.2.1/exploit-code”, or to decode a string that was encoded in base64 as an attempt of IDS evasion.

RegExr: Site to learn, build, and test Regular Expressions. Useful for people who wish to understand Snort rules.

User Agent String.Com: Analyzes user agent strings to reveal browser and operating system information.

AccountKiller: Provides specific instructions for deleting your account or profile from popular web sites such as Facebook, MSN, Gmail, Yahoo, etc. A similar site is justdelete.me.

DuckDuckGo: A search engine with a focus on privacy, that unlike many other search engines doesn’t track you.

Market Share: Displays charts, statistics, and trends of the market share for web browsers, operating systems and search engines.

Two Factor Auth List: List of popular web sites and online services and whether they support two factor authentication.