Blog roll

I spend considerable time learning articles and tutorials in relation to hacking and vulnerabilities, so i thought posting those information will be helpful for reason one as my own repository and also for creating awareness among other users. Once again thank you for your time, feel free to share your comments and  ideas with me on brainfold at brainfoldsecurity.com

Security Links :

This section provides some useful information that prove a good starting point for any information security related issues across a number of different specializations.

Security News:

Following are pretty useful sites to keep updated on Security arena.

• Root Secure.net
• SC Magazine
• H Secure
• Search Security
• Threatpost
• PRAETORIAN PREFECT
• Xssed
• eSecurity Planet

Vulnerability Information The following sites are an excellent resource for Vulnerability Information:

• Security Focus
• Microsoft Security Bulletin
• Common Vulnerabilities and Exploits (CVE)
• National Vulnerability Database (NVD)
• The Open Source Vulnerability Database (OSVDB)
• United States Computer Emergency Response Team (US-CERT)
• Computer Emergency Response Team
• Mozilla Security Advisories
• SANS
• Securiteam
• PacketStorm Security
• Security Tracker
• Secunia

Exploits Information The following sites are an excellent resource for obtaining exploits or information about them:

• Securiteam :- Exploits are sorted by year and must be downloaded individually.
• SecurityForest :- Updated via CVS after initial install.
• GovernmentSecurity :- Need to create and account to obtain access.
• Red Base Security :- Oracle Exploit site only.
• WVE :- Wireless Exploit Site.
• PacketStorm Security :- Exploits downloadable by month and year but no indexing carried out.
• SecWatch :- Exploits sorted by year and month, download separately.
• SecurityFocus :- Exploits must be downloaded individually.
• Metasploit :- Install and regularly update via svn.
• OffensiveSecurity :- Exploit archived indexed and sorted by port download as a whole - The one to go for!

Security Info – General

• Talisker:- Large index of IT Sy resources, including a glossary of Intrusion Detection and Prevention systems.
• The Register:- Offers news, views, opinions and reviews on what’s latest in the IT industry.
• Security Database:- Excellent portal gathering information on Security Tools and advisories etc.
• Web Application Security Consortium:- Information about information security projects

Security Scanners

• Nessus:- Security scanner for Linux, BSD, Solaris, and other flavours of Unix.
• GFI:- LANguard Network Security Scanner is a security & port scanner tool to audit network security.
• Insecure:- Developers of NMAP, a network port scanner and service detector offering stealth SYN scan, ping sweep, FTP bounce, UDP scan etc.
• Sensepost: - Makers of quality web application and general security scanning software, both free and commercial.
• THC:- Website for various exploits and hacking (and Vulnerability Assessment) tools including Hydra and Amap.

Web Application Scanners

• Acunetix: – Acunetix provide a fully loaded and extensible web application scanner.
• Nikto:- A web server scanner which performs comprehensive tests against web servers for multiple items, including dangerous files/CGIs.
• NStalker:- NStalker provides a comprehensive Web Application Scanning suite.

Oracle – General

• Integrigy:- A leader in Application Security for Enterprise, Mission Critical Applications.
• Pete Finnigan:- Oracle and Oracle Security papers, Tools, Links and Information from an Oracle security expert.
• Redbase Security:- Red-Database-Security GmbH is specialised in Oracle security.

Wireless – General

• WirelessDefence:- Site provided for Wireless (802.11a/b/g/n…) LAN Security Auditors and Penetration Testers.
• NetStumbler:- Includes news, access point mapping, and software.
• Russwill:- Wireless distro – Russix. How-To’s on breaking WEP/ WPA and general wireless information.

Info Sec Blogs roll