Archive | Uncategorized RSS feed for this section

Daniel S. Abrahamian

2 Oct

DANIEL S. ABRAHAMIAN

Daniel S. Abrahamian

That’s me when I was younger,

writing as I always did.

Snapshot of my computer.

Call me slumdog millionaire.

This picture is dedicated to every fake and phony

person I ever came across.

You know who you are.

You have to see shit before it happens.

I was an opportunist before computers.

One of my favorite pics.

I am who I am because of computers.

You get used to it.

I’ve always wanted to be an actor.

Life’s a movie.

I really don’t know.

One of the thousands of pictures

stashed on my hard drive.

I coined the term “boats”, which is an

acronym for “Based On A True Story”;

it’s an allusion to the book which I

have written about the impact of

remote computer intrusion.

The story is semi-autobiographical and

is inspired by actual events.

This photo was taken in Montreal, Quebec.

Canada is typically the initial destination for those

arriving from Europe who plan on eventually

crossing the border and starting a life with somebody

else’s social security number.

I believe the clone is living somewhere in Minnesota.

Typical facebook default picture.

Anyways, about facebook fire…

I can provide you with links but to make

a long story short, I believe this is the

way it’s done:

I’ve come across javascript files which tell an

interesting story. A javascript “script” is embedded into

innocuous links such as “farmville” or “frontierville”, etc.

When a user accesses the link, they execute the script;

which ends up making their account private and thus

inaccessible. Somebody call Mark Zuckerberg.

Comments Leave a Comment
Categories Uncategorized

Daniel S. Abrahamian

2 Oct

DANIEL S. ABRAHAMIAN

Comments Leave a Comment
Categories Uncategorized

Daniel S. Abrahamian

1 Oct

DANIEL S. ABRAHAMIAN

Uid="33554432" Msg="[SETUPUGC.EXE]
ApplyDiskOperationUsingService:
Failed to correctly apply disk operation of type [0x8];
hr = 0x8004240e" PID="1084" TID="1256" Con=
"" Exe="C:\WINDOWS\SYSTEM32\SETUPUGC.EXE"
Mod="SETUPUGC.EXE" Err="0" MD="" DT="2011-02-11T04:17:40"/>
</rs:data>
</xml>

CSRC.NIST.GOV

CONTACT

Computer Security Division

CSRC.NIST.GOV

General Inquiries

The Computer Security Resource Center (CSRC)

is maintained and updated by the

Computer Security Division at

the National Institute of Standards and Technology (NIST).

The Computer Security Division’s main

telephone number is (301) 975-8443.

General NIST inquiries: E-mail: inquiries@nist.gov,

(301) 975-NIST (6478) or TTY (301) 975-8295

For any technical questions concerning the website:

please e-mail: webmaster-csrc@nist.gov.

ITL Division Information

National Institute of Standards and Technology (NIST)

Information Technology Laboratory (ITL) –

Mathematical and Computational Sciences Division –

Advanced Network Technologies Division (ANTD) –

Computer Security Division (CSD) –

Information Access Division (IAD) –

Distributed Computing and Information Services –

Software Diagnostics & Conformance Testing Division –

Statistical Engineering Division (SED) –

CSD Leadership

Computer Security Division

Donna Dodson,

Division Chief & Deputy Chief Cybersecurity Advisor

Matthew (Matt) Scholl, Deputy Division Chief

Diane Honeycutt, Division Secretary

Shirley Radack, Guest Researcher – division office

Cryptographic Technology

William (Tim) Polk, Group Manager

Vickie Mukes, Administrative Assistant

Sara Caswell, Administrative Assistant

Systems & Emerging Technologies

Security Research

David Ferraiolo, Group Manager

Katie MacFarland, Group Secretary

Security Management & Assurance

Matthew (Matt) Scholl, (Acting) Group Manager

Megan St. Clair, Group Secretary

Laura Gooding, Group Secretary
Back to Top

CSD Staff Directory

Select Staff by Last Name

A | B | C | D | E | F | G | H | I | J | K | L | M
N | O | P | Q | R | S | T | U | V | W | X | Y | Z

A

Vijay Atluri

Systems & Emerging Technologies Security Research

B

Mark Badger – Systems & Emerging Technologies

Security Research

John Banghart – Systems & Emerging Technologies

Security Research

Elaine Barker – ITL Office, Cryptographic Technology

Larry Bassham – Cryptographic Technology

Dan Benigni – Systems & Emerging Technologies

Security Research

Magdalena (Maggie) Benitez – Security Management

& Assurance

Harold Booth – Systems & Emerging Technologies

Security Research

Jon Boyens – Division Office

Tanya Brewer – Systems & Emerging Technologies

Security Research

C

Sara Caswell Administrative Assistant-

Cryptographic Technology

Ramaswamy (Mouli) Chandramouli –

Systems & Emerging Technologies Security Research

Shu-Jen Chang – Cryptographic Technology

Lily Chen – Cryptographic Technology

Paul Cichonski – Systems & Emerging Technologies

Security Research

David Cooper – Cryptographic Technology

Michael Cooper – Security Management & Assurance

D

Quynh Dang – Cryptographic Technology

Kelley Dempsey – Security Management & Assurance

Donna Dodson – Division Chief Cybersecurity Advisor

Morris Dworkin – Cryptographic Technology

E

Randall J. Easter – Security Management & Assurance

F

David Ferraiolo, Group Manager – Systems & Emerging

Technologies Security Research

Hilde Ferraiolo – Cryptographic Technology

Jim Fox – Security Management & Assurance

Sal Francomacaro – Systems & Emerging Technologies

Security Research

Sheila Frankel – Systems & Emerging Technologies

Security Research

G

Serban Gavrila, Systems & Emerging Technologies

Security Research

Laura Gooding, Group Secretary – Security Management

& Assurance

Timothy Grance, (on detail to ITL Program Office) –

Systems & Emerging Technologies Security Research

H

Nelson Hastings – Cryptographic Technology

Peggy Himes – Security Management & Assurance

Diane Honeycutt, Division Secretary

Vincent Hu – Systems & Emerging Technologies

Security Research

I

Michaela Iorga, Cryptographic Technology

J

Janet Jing – Security Management & Assurance

Arnold Johnson – Security Management & Assurance

K

Tom Karygiannis – Systems & Emerging Technologies

Security Research

Stu Katzke – Security Management & Assurance

Sharon Keller, Supervisor – Security Management

& Assurance

John Kelsey – Cryptographic Technology

Larry Keys – Division Office

Richard Kissel – Security Management & Assurance

Rick Kuhn – Systems & Emerging Technologies

Security Research

L

Suzanne Lightman – Division Office

M

Katie MacFarland, Group Secretary – Systems & Emerging

Technologies Security Research

Bill MacGregor, Systems & Emerging Technologies

Security Research

Erika McCallister, Systems & Emerging Technologies

Security Research

Ketan Mehta^GR – Systems & Emerging Technologies

Security Research

Peter Mell – Systems & Emerging Technologies

Security Research

Dr. Dustin Moody – Cryptographic Technology

Vickie Mukes – Administrator Office Assistant,

Cryptographic Technology

N

Mridul Nandi – Cryptographic Technology

Jim Nechvatal – Cryptographic Technology

William (Bill) Newhouse – Division Office

Elaine Newton – Cryptographic Technology

O

Patrick O’Reilly – Division Office

P

Souradyuti Paul – Cryptographic Technology

Rene Peralta – Cryptographic Technology

Ray Perlner – Cryptographic Technology

Fernando Podio – Systems & Emerging Technologies

Security Research

Tim Polk, Group Manager – Cryptographic Technology

Q

Stephen (Steve) Quinn – Systems & Emerging Technologies

Security Research

Stephen (Steve) Quirolgico – Systems & Emerging Technologies

Security Research

R

Shirley Radack – Division Office

Andrew Regenscheid – Cryptographic Technology

Allen Roginsky – Cryptographic Technology

Ron Ross, Supervisor – Security Management & Assurance

S

Hirofumi Sakane – Security Management & Assurance

Caroline Scace – Security Management & Assurance

Kim Schaffer – Security Management & Assurance

Matthew (Matt) Scholl, Deputy Chief Cybersecurity Advisor

Terry Schwarzhoff – Systems & Emerging Technologies

Security Research

Anoop Singhal – Systems & Emerging Technologies

Security Research

Annie Sokol, Systems & Emerging Technologies

Security Research

Murugiah Souppaya – Systems & Emerging Technologies

Security Research

Megan St. Clair Group Secretary – Security Management

& Assurance

Kevin Stine – Security Management & Assurance

Marianne Swanson – Security Management & Assurance

T

Kathy Ton-Nu – Division Office

Pat Toth – Security Management & Assurance

Beverly Trapnell – Security Management & Assurance

V

Jeffrey Voas – Systems & Emerging Technologies

Security Research

W

Dave Waltermire – Systems & Emerging Technologies

Security Research

Duminda Wijesekera – Systems & Emerging Technologies

Security Research

Y

Dylan Yaga – Systems & Emerging Technologies Security Research

 
WWW.ICE.GOV

Contact ICE 
(www.ice.gov)

U.S. Immigration and Customs Enforcement (ICE)

is headquartered in Washington, D.C.

Please see below for contact information

for local ICE offices around the nation.

Report Suspicious Activity

To report suspicious activity,

call ICE toll-free at 1-866-DHS-2ICE.

Media Inquiries

For media inquiries about ICE activities,

operations or policies,

contact the ICE Office of Public Affairs at 202-732-4242.

Contact Leadership Loading

To contact ICE leadership, please write to

Director John Morton
U.S. Immigration and Customs Enforcement
500 12th St., SW
Washington, D.C. 20536

To contact DHS leadership, please write to

Secretary Janet Napolitano
Department of Homeland Security
Washington, D.C. 20528

Loading:

dsabrahamian@gmail.com&hellip

<script>
var GLOBALS=[,,"21643652","gmail_fe_110531.00_p3",
"TzWrcfWOfMA.en.","8","!Vc_
JqYlUIXy7Qv3hQuM-IofTjzMwiyltfSDvkYNTfJUexAsUHcE7ad5HiD8",
"/mail",50,"b8216d9427","dsabrahamian@gmail.com",
"?ui=2&view=ss&mset=main&ver=-1gzulsbveotbl&am=
!Vc_JqYlUIXy7Qv3hQuM-
IofTjzMwiyltfSDvkYNTfJUexAsUHcE7ad5HiD8&fri",
"http://mail.google.com/support/?ctx=%67mail&hl=en"
,,0,"Gmail","Gmail",,"",["https://www.google.com",
[["https://www.google.com/accounts/OfflineWorkerJS",1],
["http://gmail.com/http_gmail.com_redirect_worker.jsg",

0],["https://gmail.com/https_gmail.com_redirect_worker.jsg",0],
["http://www.gmail.com/http_www.gmail.com_redirect_worker.jsg",0],

WWW.US-CERT.GOV
US-CERT Security Operations Center
WWW.US-CERT.GOV

WWW.US-CERT.GOV

 
 Email: soc@us-cert.gov

Phone: 1-888-282-0870
 Postal Address:
Department of Homeland Security
(Attn: NPPD/CS&C/NCSD/US-CERT)
245 Murray Lane SW Bldg 410
Washington, DC 20598

href="http://static.ak.fbcdn.net/rsrc.php/yJ/r/H2SSvhJMJA-.xml"
title="Facebook" /> <link rel="shortcut icon"

 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<link rel="alternate" type="application/atom+xml"
title="US-CERT Recently Published Vulnerability Notes" 
href="http://www.kb.cert.org:
80/vuls/atomfeed?OpenView&start=1&count=30"/>
<title>US-CERT Vulnerability Notes</title></head>
<body text="#000000" bgcolor="#FFFFFF" bgcolor="#ffffff"
link="#2222dd" vlink="#000066" alink="#0099aa"
leftmargin="0" topmargin="0" marginwidth="0"
marginheight="0" align="left" rightmargin="0">
<a href="#508_content"><img src="images/skip_nav_508.gif"
 alt="SkipNavigation" name="skipNav" border="0" /></a>
        <table border="0" cellspacing="0"
 cellpadding="0" width="717">
            <tr>
                <td valign="top">
                    <div><a
href="http://www.us-cert.gov" target="_self">Home</a>
| <a href="http://www.us-cert.gov/aboutus.html"
 target="_self">FAQ</a> |
 <a href="http://www.us-cert.gov/contact.html"
 target="_self">Contact</a> |
 <a href="http://www.us-cert.gov/privacy.html"
 target="_self">Privacy Policy</a></div>
                </td>
            </tr>
        </table>
        <table border="0" cellspacing="0" cellpadding="0"
 width="100%" style=
"background:url(http://www.us-cert.gov/images/logo_c.jpg)">

National Customer Service Center (NCSC): 1-800-375-5283

1-800-767-1833 (TDD for the hearing impaired)

Call this toll-free number to receive nationwide assistance

for immigration services and benefits offered by U.S. Citizenship

and Immigration Services (USCIS). If you are outside the

United States, contact your local embassy or consulate.

See link to the right for US Department of State.

Service is available in English and Spanish.
To view hours of operation, services offered and
emergency request information, see the
“National Customer Service Center” link to the right.
To view the National Customer Service Center
telephone menu or reference guides (scripts), see the links to the right.

InfoPass – Make an Appointment

To schedule an appointment at a Field Office to speak

with an Immigration Information Officer to have your

questions answered, see the “INFOPASS – Make an Appointment”

link in the Customer Tools box to the right.

My Case Status

To find out the status of your case or to sign up to receive

automatic case status updates, see the “My Case Status” link

in the Customer Tools section to the right.

Call the National Customer Service Center toll-free number if:

It has been more than 30 days and you have not received a receipt
You have noticed an error on any documentation
Your case is outside current processing times.
To check current processing times, see the
“Check Processing Times” link in the Customer Tools box to the right

USCIS Service Centers

If you contacted the National Customer Service Center

with a case-related inquiry and more than 30 days have passed

and you have not received a response, you may email

the appropriate USCIS Service Center with your inquiry:

California Service Center: csc-ncsc-followup@dhs.gov
Vermont Service Center: vsc.ncscfollowup@dhs.gov
Nebraska Service Center: ncscfollowup.nsc@dhs.gov
Texas Service Center: tsc.ncscfollowup@dhs.gov

If you do not receive a response within 21 days of contacting

the Service Center, you may contact the USCIS Headquarters

Office of Service Center Operations by

email at SCOPSSCATA@dhs.gov.

See the Customer Tools box to the left for additional

resources available online.

Forms

You may order individual forms by calling
our forms phone line at 1-800-870-3676.
Forms may be ordered directly from this website
and mailed to your home.
See the “Forms by Mail” link to the right.
Bulk form orders, such as large quantity orders
for attorneys or community organizations, etc. must
be processed through the Government Printing Office (GPO)
at 202-512-1800 or online (see the “GPO Access” link to the right).

Cybersecurity Technical Resources

Conficker/Downadup (US-CERT)
Federal Network Security
IT Security Essential Body of Knowledge (US-CERT)
Information Technology Sector
National Cybersecurity & Communications Integration Center (NCCIC)
National Response Framework Resource Center (FEMA)
Protecting Federal Networks Against Cyber Attack
Technical Cyber Security Alerts (US-CERT)
US-CERT Current Activity (US-CERT)

Comments Leave a Comment
Categories Uncategorized

Daniel S. Abrahamian

1 Oct

DANIEL S. ABRAHAMIAN

"Although computer protective tools are also evolving
and improving, they tend to evolve in a reactive manner
to each perceived threat as it appears"

Internet
- approx. 170 million + web hosts
- 2 billion users
- The total indexed size of the world wide web
 by search engines is nearly 10-12 billion pages,
 but the deep web could be as much as 400-500 times
 larger than the information indexed by
 the major search engines

- Computer Fraud and Abuse Act (1984) 

"A hacker is one who accesses a computer
 intentionally without authorization,
 or exceeds authorized access, and then uses
 the access provided for purposes to which
 authorization did not extend, such as altering,
 damaging, or destroying data
 or preventing normal access"

- Computer Misuse Act (1990)

"Hackers are guilty of a legal offense if
 they knowingly cause a computer to perform
 any function to secure unauthorized access or
 cause unauthorized modification of the contents
 of the computer with the intent of impairing the
 computer, a program on that computer,
 or access to that computer"

- Automated attack tools

"MetaSploit" - has advanced options to load
 Active-X controls, the possibility to upload
 tool-kits and rootkits to computers,
 DLL injection for Windows systems and evasion
 models to defeat intrusion detection systems
 such as "Snort" (www.snort.org)

- Other software tools which scan SQL systems
 for possible SQL-injection attacks (i.e. "WebScarab")
 tools for further exploitation of the SQL server
 (i.e. "SQLNinja"), and tools for probing for
 vulnerabilities in server side CGI scripts (i.e. "CGIScan")

" NIC" = Network Interface Card

- Packet Sniffers

- IRC discussion groups

- SANS institute

- IANA = Internet Assigned Numbers Authority
 - private LAN IP address allocation

- Virtualization Software -  "QEMU"

- TAP magazine evolved into 2600 (www.2600.com)

- The Chaos Computer Club (CCC)

- Phrack

- Hack-Tic (www.hacktic.nl)

- Legion of Doom (LoD)

- Cult of the Dead Cow (CdC)

- LOpht

- SLINT - a source code security analyzer
- AntiSniff = A network security tool
 designed to detect attackers 

- remote access software "RemoteAnywhere"

- Julian Assange "mendax"
- Wikileaks = Now have many mirror sites.
 Specialize in leaking highly classifed,
 confidential documents; capable of uploading to their website

- Richard Stallman founded "Free Software Foundation" FSF

- Linus Torvalds

- open-source projects " apache, php"

- Tim Berners-Lee invented the world wide web
 and WC3; invented HTML (hyptertext markup language),
 wrote the first ever WWW server or "http"
 (hypertext transfer protocol)

OFFENSIVE COMPUTING 

Not enough to identify an intrusion;
must respond to the attack
either by assuming control
of remote documents / drives, etc.
and/or taking an offensive stance and striking back.

1. identify attacking OS
2. Produce a retaliatory response which
inflicts damage to the intruder's OS
- Identify all documents involved
in intrusion (stacks, traces, lastonealive, etc.)

BLACK ICE
"Intrusion Countermeasures Electronics" 

"By using an IDS such as SNORT a programmer
 can react to alerts in anyway imaginable,
 up to and including making counter-attacks
 on attacking computers. You can imagine a scenario
 where the IDS has identified an ongoing attack from
 a remote computer - and now the system wants
 to do something about it, but the severity
 of the response can be varied."

- The Black ICE could block all traffic
 from the IP address involved in the attack
- The Black ICE could start a
 Denial of Service attack on the attacker
 using ICMP NET_UNREACH,
 TCP SYN floods or TCP ACK attacks.
- The Black ICE could run a vulnerability
 scanner such as "NESSUS" against the
 attacking computer - this process would
 identify all open ports and possible
 vulnerabilities in services -
 and would also identify the OS and
 patch level of the attacking computer
- The results of the vulnerability scan
 could then be fed into an automated program
 designed to exploit those vulnerabilities -
 MetaSploit using Autopwn would be a good example -
 with the express goal of breaking into the
 attacking machine using those vulnerabilities.

- Once the defender has taken control of the
 attacking computer, anything is possible limited
 only by the imagination and evil intention
 of the Black ICE programmers. 

- Installation of a Remote Access Trojan (RAT)
 allowing full hostile takeover of the attacking computer. 

- More aggressive countermeasures would be
 the deletion of the OS or
 dismantling of the BIOS of the attacker

- botnets

- DDoS - Denial of Service (downloadable)

- internet spiders and crawlers -
 programs designed to scour the web for specific information

- rootkits are desinged to hide/camouflage malware.

- Port Scanning
Some programs enable an OS to create logs
 of specific events relating to attempts at intrusion.
Scanning for ports enable a hacker to identify
access to a computer within a network.

{Packet Watch} 81.214.1.18

DameWare (buffer overflow)
68.186.190.15

Comments Leave a Comment
Categories Uncategorized

Daniel S. Abrahamian

1 Oct

DANIEL S. ABRAHAMIAN

NSA.gov / "Disk Splicing"
> The American Government has a special facility
 called "The Defense Computer Forensics Lab"
 which specializes in retrieving information
 from computers, no matter what condition
 of the hardware or disks.

www.DigitalIntelligence.com

>"DriveSpy"
Used for accessing physical drives using pure BIOS
 (lntl3 or lntl3x) calls, which bypass the
 operating system while ensuring that the
 OS won't modify or erase data.

Enables you to:
- Examine hard disk partitions
- Copy files to a designated area without
 altering file access / modification dates
- Undelete files
- Search drives, partitions, and files
 for text strings or data sequences
- Store the slack space from an entire
 partition in a single file for enumeration
- Save and restore one or more
 contiguous sectors to and from a file

"FREDs" / Forensic Recovery Evidence Devices
"FREDDIES" / (portable versions)
"Forensic Recovery Evidence Device
 Diminutive Interrogation Equipment"

GUIDANCE SOFTWARE
www.guidancesoftware.com

"EnCase" / Scans a hard disk for graphics files

Computer Forensics
U.S.-based "Electronic Crimes Task Force"
www.ectaskforce.org

Scotland-based "National Hi-Tech Crime Unit"
www.sdea.police.uk/nhtcus.htm

Forensic Tools
www.sleuthkit.org

Computer Secuirty, Cybercrime, and Steganography Resources
www.Forensics.NL

Talisker Secuirty Wizard Portal
www.networkintrusion.co.uk

Alexander Geschonneck Security
www.geschonneck.com/security/forensic.html

Tadayoshi Kohno
Utilize a way to identify individual computers
over the internet
"Remote physical device fingerprinting
www.caida.org/outreach/papers/2005/fingerprinting

HexEditors
Enable you to peek at the physical
contents stored on a disk

"UltraEdit"
www.IDMCOMP.com

"WinHex"
www.x-ways.net

"VEDIT"
www.vedit.com

"Hex Workshop
www.bpsoft.com

To help organize data, computers divide disks
 into multiple tracks.
Each track is divided into smaller parts
called sectors.
A group of sectors is called a cluster.
When you save data to your disk, your computer
stores your file in multiple sectors.
To keep track of which sectors contain which files,
every disk contains a special directory, either called:
"File Allocation Table" / "FAT"
"Master File Table" / "MFT"

The FAT or MFT lists all the files stored on the
disk along with pointers that identify the
exact tracks and sectors that contain each file.

Identity Theft Resource Center =
  www.IDTHEFTCENTER.org
Federal Trade Commission =
  www.Consumer.gov/idtheft
Privacy Rights Clearinghouse =
 www.privacyrights.org/identity.htm
Identity Theft Prevention & Survival =
 www.identitytheft.org
Fight Identity Theft =
 www.fightidentitytheft.com

Reverse DNS Lookup
www.zoneedit.com/lookup.html
Verifies that an IP address belongs to a certain domain name

IRS Complaints
NET-ABUSE@nocs.insp.irs.gov
hotline@nocs.insp.irs.gov

DNS Lookup Lists
"SpamCop" / www.spamcop.net
"ORDB" / "Open Relay DataBase" / www.ordb.org

SMTP Server Extractors
"101 Email Address Extractor V2.2.4"

"Petition your representative in congress"

http://e-thepeople.com

"Start a letter-writing campaign to petition
American Government Officials"
www.progressivesecretary.org

"Coalition for Networked Information
www.CNI.org

"The Global Internet Liberty Campaign"
www.GILC.org

"The Digital Freedom Network"
www.DFN.org

"The Internet Free Expression Alliance"
www.IFEA.net

"The People's Global Action"
www.nadir.org/nadir/initiativ/agp

"Action Without Borders"
www.idealist.org

"GuideStar"
www.guidestar.org

Activism
www.activism.net

"Cause Communications"
www.causecommunications.com

"Grassroots Enterprise"
www.grassroots.com

"Political Research Associates"
www.publiceye.org

"Post Information"

http://cryptome.org

http://wikileaks.org

"Crimethinc"
www.crimethinc.com

"Infoshop"

InfoShop


"The Independent Media Center"
www.indymedia.org

"The Hacktivist"
www.thehacktivist.com

"Hack This Site"
www.hackthissite.org

"Anarchist Resistance"

http://anarchistresistance.org

"Counter-Inaugural"

http://counter-inaugural.org

U.S. Department of Information Technology

To find a blog:

http://blogsearch.google.com

www.tumblr.com
"Technorati"
www.technorati.com
"Daypop"
www.daypop.com

Anti-Phishing Group
www.antiphishing.org

Phish-Guard
www.phishguard.com

NSLOOKUP : look-up IP Addresses in the DNS
"kloth.net"

To get a list of DNS Servers:
FTP://FTP.RS.INTERNIC.net/domain/named.root
FTP://FTP.ORSN.org/ORSN/ORSN.hint

"Dynamic Internet Technology"
www.dit-inc.us

"Open Net Initiative"
www.opennetinitiative.net

"Electronic Frontier Foundation"
www.eff.org

"Electronic Privacy Information Center"
www.epic.org

"Global Internet Library Campaign"
www.gilc.org

To find a proxy server
www.publicproxyservers.com

www.web.freerk.com/proxylist.htm

Connect to a network:
"Peekabooty Project"
www.peek-a-booty.org

Six/Four Program

http://sourceforge.net/projects/sixfour

JAP Anon Proxy

http://anon.inf.tu-dresden.de/index_en.html

Share info online
"http://freenet.sourceforge.net"

Rootkits can delete or modify log files

Log File Analysis Programs

"Analog" / www.analog.cx

"Sawmill" / www.sawmill.net

"Webalizer" / www.mrunix.net/webalizer

Honeypots can assist in tracking hackers

"GFI LAN guard" / www.gfi.com/lannetscan

"IETF RFCs" / www.rfc-editor.org/rfcxxoo.html

"IKECRACK" / http://ikecrack.sourceforge.net

"MAC address vendor lookup"  

http://standards.ieee.org/regauth/oui/index.shtml

"OmniPeek" / www.wildpackets.com/
products/distributed_network_analysis/
omnipeek_network_analyzer

"Port Knocking" 

http://www.portknocking.org

"Share Enumeration"  

http://technet.microsoft.com/en-us/sysinternals/bb897442.aspx

"SuperScan" / 
www.foundstone.com/us/resources/proddesc/superscan.html

"TCP View" / 

http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

"WINFO" / www.NTSECURITY.NU

"NMAP" / http://NMAP.org/download.html

"Proxy" / www.parosproxy.org

"Port80" / 
www.port80software.com/products/servermask

"SiteDigger" / 
www.foundstone.com/us/resources/proddesc/sitedigger.htm

"SWF Scan" / 

http://h30406.ww3.hp.com/campaigns/2009/

wwcampaign/1-5tuve/index.php?key=swf

"Snort" / www.snort.org

"WebInspect" / 
www.spidynamics.com/products/webinspect/index.html

"WebGoat" / 
www.OWASP.org/index.php/category:OWASP_Webgoat_Project

"WS Digger" / 
www.foundstone.com/us/resources/proddesc/wsdigger.htm

"Foundstones Hacme Tools" / 
www.foundstone.com/us/resources-free-tools.asp

"Google Hack Honeypot" / http://ghh.sourceforge.net

"NGSSQUIRREL" / www.ngssoftware.com/software.htm

"N-Stealth Web Application Security Scanner" / 
www.nstalker.com/eng/products/nstealth

"Snare" / www.intersectalliance.com/projects/snare

"PromisDetect" / http://ntsecurity.nu

"Port Sentry" / http://sourceforge.net/projects/sentrytools

"Port Number Lookup" / www.COTSE.com/cgi-bin/port.cgi

"Port Number Listing" / www.iana.org/assignments/port-numbers

www.packetstormsecurity.org

www.wtcs.org/snmp4tpc/getif.htm

Networks

"Arpwatch" / http://linux.maruhn.com/sec/arpwatch.html

"Blast" / www.foundstone.com/us/resources/proddesc/blast.htm

"Cain&Abel" / www.oxid.it/cain.html

"Commview" / www.tamos.com/products/commview

"Essential Net Tools" / www.tamos.com/products/nettools

"EtterCap" / http://ettercap.sourceforge.net

"Google Desktop" / http://desktop.google.com

"Identity Finder" / www.identityfinder.com

"NASANON" / 
www.isecpartners.com/securingstorage/nasanon.zip

"Center For Internet Security Benchmarks" /
  www.cisecurity.org

"FORTRES101" / www.fortresgrand.com

"Kevin Beaver"

http://securityonwheels.com

www.twitter.com/kevinbeaver

http://securityonwheels.com/blog

"Open Source Security Testing Methodology Manual"  /  
www.isecom.org/osstmm

"OWASP"  /  www.owasp.org

"SECURITREE" /  www.amenaza.com

"Software Engingeering Institute's OCTAVE methodology"  /  
www.cert.org/octave

"Source Code Analysis"
www.checkmarx.com
www.fortifysoftware.com
www.klocwork.com
www.ouncelabs.com

CHAP Password Tester
www.isecpartners.com

"Effective File Search"  /  
www.sowsoft.com/search.htm

"File Locator Pro" /  
www.mythicsoft.com/filelocatorpro

"Novell Patches & Security"  /  

http://support.novell.com/patches.html

"Microsoft Technet Security Center"  /  

http://technet.microsoft.com/en-us/security/default.aspx

"Windows Server Update Services from Microsoft"  /  
www.microsoft.com/windowsserversystem/
updateservices/default.mspx

Vulnerability DataBases

http://cve.mitre.org

"SANS"
www.SANS.org

"NVD"

http://NVD.NIST.gov

Privacy Rights Clearinghouse's 
"A Chronology of Data Breaches"
www.privacyrights.org/ar/chrondatabreaches.htm

"CERT"
www.kb.cert.org/vuls

"WVE"
www.wve.org

Web Applications
"Absinthe"  /  www.0x90.org/releases/absinthe

www.acunetix.com

www.acronis.com

"Defaced Websites"

http://zone-h.org/archive

"Network Calculators"
www.subnetmask.info

RPM files for Linux Distributions
rpmfind.net

"Savannah" / Central point for development,
distribution, and maintenance of free software
savannah.gnu.org

"STRACE"
sourceforge.net/projects/strace/

UPS / "graphical source-level debugger"
ups.sourceforge.net

YUM / Utility that installs, removes,
& updates system software packages
linux.duke.edu/projects/yum

DNS Glossary
www.menandmice.com/knowledgehub/dnsglossary/default.aspx

"AirSnort"

http://airsnort.shmoo.com

http://winairsnort.free.fr

"Elcomsoft Wireless Security Auditor"
www.elcomsoft.com/ewsa.html

www.cantenna.com

"WEP Crack" /  http://wepcrack.sourceforge.net

Database of wireless networks
www.wigle.net
www.wifimaps.com
www.wifinder.com

SpyWare
junkbusters.com
www.spywareinfo.com
www.spywareguide.com
microsoft.com/spyware

RootKit Hunter
rkhunter.sourceforge.net

"SAINT"  /  
"Security Administrator's Integrated Network Tool"
www.saintcorporation.com

"File Integrity Check" /  "SAMHAIN"
www.la-samhna.de

"SARA" / 
"The Security Auditor's Research
Assistant Security Analysis Tool"
www-arc.com/SARA

Bruce Schneier
www.schneier.com

secunia.com

www.securityfocus.com

SSH
openssh.org

http://WS.arin.net

http://winhackingexposed.com

Windows Dumpsec
www.systemtools.com/somarsoft/?somarsoft.com

Microsoft Baseline Security Analyzer
www.microsoft.com/technet/security/tools/mbsahome.mspx

Network Users
www.optimumx.com/download/netusers.zip

"How to disable SMTP relay on various e-mail servers"
www.mail-abuse.com/an_sec3rdparty.html

"IMPERVA"  /  
www.imperva.com/products/database-firewall.html

"Linux Administrator's Security Guide"
www.seifried.org/lasg

PYN Logic
www.pynlogic.com

Secure IIS
www.eeye.com/html/products/secureiis/index.html

Server Defender
www.port80software.com/products/serverdefender

www.truecrypt.org

"Awareity Moat"  /  www.awareity.com

Dogwood Management Partners
www.securitposters.net

Microsoft IIS forums

Interpact, Inc. Awareness Resources
www.thesecurityawarenesscompany.com

NIST Awareness, Training, & Education

http://CSRC.NIST.gov/ate

Security Awareness, Inc.  /  
www.securityawareness.com

CSRC.NIST.gov

http://sipsak.org

http://vomit.xtdnet.NL

"Advanced Access Password Recovery"  /  
www.elcomsoft.com/acpr.html

"App Detective Pro"   /  www.appsecinc.com

NGSSQUIRREL  /  
www.ngssoftware.com/products/database-security

"Pete Finnigan's Listing of Oracle Scanning Tools"     
www.petefinnigan.com/tools.htm

SQLPING
www.sqlsecurity.com/tools/freetools

www.treachery.net/tools

Tripwire IDS
www.tripwire.com

Wireshark (Network Protocol Analyzer)
www.wireshark.org

BitTorrent = distributes large amounts of static data
azureus.sourceforge.net

CVS /  "Concurrent Versions System"
www.nongnu.org/cvs
www.gnu.org/software/ddd

Free Software Dictionary
directory.fsf.org

GNOME project
www.gnome.org/projects

Linux Software Map
www.boutell.com/lsm

Port Scanning - Windows

http://joncraton.org/files/nc111nt.zip

www.foundstone.com

http://NTSECURITY.nu

Domain Lookup

http://whois.iana.org

www.samspade.org

www.nwpsw.com / netscan tools pro

The File Extension Source

http://filext.com

www.lacnic.net

military domains  /   www.nic.mil

Netcraft's "What's that Site Running?
www.netcraft.com

RIPE Network Coordination Centre
www.db.ripe.net/whois

"Gramm-Leach-Bliley Safeguards Rule"
www.ftc.gov/os/2002/05/67fre36585.pdf

"Health Information Technology for
 Economic and Clinical Health"  /  "HITECH"
www.oig.dot.gov/files/recovery_act.pdf

HIPAA Security Rule
www.cms.hhs.gov/securitystandard/downloads

Payment Card Industry Data Security Standard "PCI DSS"
www.pcisecuritystandards.org/security_standards

www.hammerofgod.com

"Craig Johnson's Border Manager Resources"

http://nscsysop.hypermart.net

JRB Software
www.jrbsoftware.com

NET SERVER MON
www.simonsware.com/nsmdesc.html

www.securityfocus.com
/data/vulnerabilities/exploits/remote.zip

Mailsnarf  /   www.monkey.org/~dugsong/dsniff

SMTP Relay Checker
www.abuse.net/relay.html

BRUTUS
www.hoobie.net/brutus

www.eicar.og

GFI Email Security Test
www.gfi.com/emailsecuritytest

Keyloggers
www.amecisco.com/iks.htm
www.keyghost.com
www.spectorsoft.com

hacking

www.2600.com

http://cu-digest.org

www.thinkgeek.com
www.jargon.8hz.com
www.phrack.org

Honeypots
www.tracking-hackers.com

U.S. Patent & Trademark Office
www.uspto.gov

Securities & Exchange Commission
www.sec.gov/edgar.shtml

WOTSIT's Format
www.wotsit.org

U.S. State Breach Notification Laws
www.NCSL.org

Linux Security Auditing Tool (LSAT)

http://lsat.sourcforge.net

Qualys Guard
www.qualys.com

Exploit Tools
"Metasploit" /   www.metasploit.com
"Milw0rm"  /  www.milw0rm.com

General Research Tools
www.AFRINIC.net
www.APNIC.net

DNSSTUFF
www.dnsstuff.com

Log Analysis
www.arcsight.com/products/products-logger

GFI Events Manager
www.gfi.com/eventsmanager

System Logging Resources
www.loganalysis.org

Comp TIA Security
www.comptia.org

SANS GIAC
www.giac.org

BugTraq
www.securityfocus.com/archive/1

CHKRootKit
www.chkrootkit.org

www.FWTK.org

www.HPING.org

www.ISC2.org

John the Ripper (Cracker)
www.openwall.com/john

Kerberos
web.mit.edu/kerberos/www

LIDS
www.lids.org

Nessus
www.nessus.org

NMAP
NMAP.org

RBAC "Role-Based Access Control"
CSRC.NIST.gov/groups/SNS/rbac

"BRO" = "Lawrence Berkeley National Laboratory (LBNL)"
www.bro-ids.org

http://blog.ICIR.org

http://mailman.ISI.berkeley.edu/mailman/listinfo/BRO

Live Toolkits

"KNOPPIX"  /  www.knoppix.net

www.frozentech.com  (listing of live bootable linux toolkits)

www.networksecuritytookit.org

Security Tools Distribution   /   

http://S-T-D.org

"Free On-Line Dictionary of Computing"  /  
foldoc.org

"The Jargon File: An On-Line Version of
 The New Hacker's Dictionary"    
www.catb.org/~esr/jargon

"ONELOOK"  -  
"Multiple-site word search with a single query"
www.onelook.com
www.keyboardr.com

Commercial Technical Dictionary  /   www.webopedia.com

Internet FAQ Archives
www.FAQS.org

Publishers

Prentice Hall - NJ
Pearson
Addison Wesley
O'Reilly
Peachpit Press
Adobe Press
Alpha
Cisco Press
Que
FT Press
Redbooks
SAMS
IBM Press
SAS Publishing
Sun Microsystems (?)
Wiley
New Riders
Microsoft Press
LYNDA.com

-RSFTPD Server

- SQUIRREL Mail

- Spam Assassin

- SAMBA Server

- Apache Server

- CACTI Server

"http://localhost/mail/src"

"http://localhost/cacti/host.php?action=edit&id=2"

"Record your computer's model number, make,
 and serial number"
www.stolencomputers.org

computer security products
www.computersecurity.com
www.kensington.com
www.secure-it.com

www.openbsd.org

symantec security response  /  

http://securityresponse.symantec.com

"The Security News Portal"  /  
www.securitynewsportal.com

To test your firewall's capabilities & see how
 many open ports it neglects to close, visit:

"LEAKTEST"

http://grc.com/lt/leaktest.htm

"HackerWatch"
www.hackerwatch.org/probe

"Audit My PC"
www.auditmypc.com/freescan/scanoptions.asp

"Outbound"
www.hackbusters.net/ob.html

Firewall Leak Tester
www.firewallleaktester.com

www.caminobrowser.org

www.openfieldsoftware.com

facebook.com/profile.php?id=1655747072

NSLookup = enables you to look-up IP
 addresses in the DNS (kloth.net)

To get a list of DNS Servers:
ftp://ftp.rs.internic.net/domain/named.root

To circumvent port blocking, people use tunneling.
this essentially lets one port perform the
functions of other ports.

dynamic internet technology:   www.dit-inc.us

electronic privacy information center:   www.epic.org

to find a proxy server: Public Proxy Servers
www.publicproxyservers.com
Information encryption: www.proxyway.com
Secure-Tunnel:   www.secure-tunnel.com

list of proxy servers:
"Proxylist"  www.web.freerk.com/proxylist.htm

JAP Anon Proxy

http://anon.inf.tu-dresden.de/index_en.html

Rootkits can delete or modify log files

Log File Analysis Programs

www.analog.cx
www.sawmill.net

Webalizer
www.mrunix.net/webalizer

www.doxpara.com

hooks = functions that enable another program
 to view the inner abilities of an operating system.

can be used by rootkits to subvert
 the operating system. known as "hooking"

programs that monitor and protect the operating system

anti hook  (www.infoprocess.com.au)
process guard (www.diamondcs.com.au/processguard)

Novell's App Armor (http://en.opensuse.org/apparmor)

Another component of a rootkit is a sniffer. 

www.wincap.org/windump
www.ethereal.com
www.networkgeneral.com
www.wildpackets.com

http://analyzer.polito.it

www.tcpdump.org
www.tengu.be

to see if a sniffer has been installed on a network

antisniff (http://packetstormsecurity.nl/sniffers/antisniff)
promiscdetect (http://ntsecurity.nu)

rootkit detectors

strider ghostbuster (http://research.microsoft.com/rootkit)
Joanna Rutkowska (www.invisiblethings.com)
www.rootkit.nl
www.chkrootkit.org
www.sysinternals.com
www.rootkit.com

port scanning

www.angryziber.com/ipscan (angry ip scanner)
www.nessus.org
www.wildpackets.com (inettools)
www.nstalker.com/eng/products/nstealth (n-stealth)

sniffer program
www.wardriving.com

http://iso.leakage.org/

rat = remote access trojan

anti-trojan horse programs:

"bo clean" www.nsclean.com
ewido security suite  (www.ewido.net)
tauscan (www.agnitum.com)
the cleaner (www.moosoft.com)

www.misec.net/trojanhunter

Comments Leave a Comment
Categories Uncategorized

Daniel S. Abrahamian

1 Oct

DANIEL S. ABRAHAMIAN

Cyber Security Tip 

Understanding Distributed-Denial-of-Service Attacks 

Overview 

One of the most significant cyber threats to
businesses, local and federal government
agencies is the Distributed-Denial-of-Service attack
(DDoS). A Distributed Denial of
Service attack (DDoS) occurs when an attacker
commands a number of computers to
send numerous requests to a target computer.
The overwhelming flood of requests to the
website or computer network can cause it to
shut down or fail to handle the requests of
legitimate users, much like a rush hour
traffic jam on the freeway. This type of attack
can completely disrupt an organization’s
operations until the network is able to be
restored. Understanding the basic concept
and methods of a DDoS attack can help 
operators of both large and small networks
mitigate the severity of the attack. 

The DDoS Threat 

DDoS attacks are easy to carry out and they
can often garner widespread media attention,
making them a popular tool for anyone wishing to
interfere with an organization’s 
web-based and even e-mail services.
Attackers often employ “botnets,” or networks of
compromised computers to use as soldiers in
a DDoS attack. Criminal software or
“crimeware” has become increasingly available on
cyber black markets that can enable a
potential adversary to rent a botnet to execute
a DDoS attack. Most recently the group
Anonymous encourages it’s followers to use DDoS
software that members can install on
their own computers to participate in a
DDoS attack, essentially voluntarily participating
in cause to disrupt an organizations internet operations. 

The goal of a DDoS attack is usually to limit,
disrupt, or prevent access to a particular
network resource or web service. While the
 worst case scenario of a DDoS is a failure of
the operating system and a crash of the computer
system, some common symptoms of a DDoS are: 

• A particular web or e-mail resource
 becoming unavailable 
• Slow network performance
• Inability to access some network resources 

Best Practices 

The best defense for any attack or
emergency is to have a plan and this also applies to
cyber attacks. A basic understanding of DDoS
attack concepts, a list of potential
responses and a few key phone numbers will
prepare the administrators of even the 
smallest networks to lessen the damage of a DDoS. 

• Assess your organization’s risk for a DDoS.
 If your organization relies heavily on
web-based services consider the potential
impact to your operations if hit by a DDoS. 

• Develop a checklist of actions to take the event
of a DDoS and have contact
information for your Internet Service Provider
ISP and your web hosting providers
readily available. If you use a web host for
your services, be familiar with their
DDoS mitigation polices and plans. 

• Be familiar with the services your ISP might
offer to mitigate a DDoS such as,
temporarily increasing your bandwidth,
switching your IP address, and blocking
attacking IP addresses. 

• Understand your normal amounts of daily
network traffic as well as the performance
of your system. Many types of DDoS attacks may
not actually bring the site down
but can significantly reduce service.
Properly configured performance monitoring
can be a major help in detecting an attack early. 

• Separate or compartmentalize critical services: 

o Separate public and private services
o Separate intranet, extranet, and internet services
o Create single purpose servers for each service
 such as HTTP, FTP, and DNS 

• Review US-CERT cyber Security Tip Understanding
 Denial of Service Attacks 

Please contact US-CERT at (888) 282-0870 or
soc@us-cert.gov if you have any questions.

Comments Leave a Comment
Categories Uncategorized

Hello world!

20 Sep

Welcome to WordPress.com. After you read this, you should delete and write your own post, with a new title above. Or hit Add New on the left (of the admin dashboard) to start a fresh post.

Here are some suggestions for your first post.

You can find new ideas for what to blog about by reading the Daily Post.
Add PressThis to your browser. It creates a new blog post for you about any interesting page you read on the web.
Make some changes to this page, and then hit preview on the right. You can always preview any post or edit it before you share it to the world.

Comments 1 Comment
Categories Uncategorized