1 / 35

Budget Crunch Free Tools for Securing and Improving Your Network

Partial List of Tools. CD/USB Security (UBCD4Win, BackTrack, Hacksaw, U3 Security tools)What is on your network (Dude, Cain, SuperScanner, Getif) Discover Bandwidth hogs (Wireshark, Dude, Qcheck)Find current security issues (Nessus, MBSA, Cain Metasploit, BackTrack)Password Recovery (Cain, UBCD

pauline
Download Presentation

Budget Crunch Free Tools for Securing and Improving Your Network

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Budget Crunch? Free Tools for Securing and Improving Your Network Ernest Staats erstaats@gcasda.org MS Information Assurance, CISSP, MCSE, CNA, CWNA, CCNA, Security+, I-Net+, Network+, Server+, A+ Resources available @ http://www.es-es.net

    2. Partial List of Tools CD/USB Security (UBCD4Win, BackTrack, Hacksaw, U3 Security tools) What is on your network (Dude, Cain, SuperScanner, Getif) Discover Bandwidth hogs (Wireshark, Dude, Qcheck) Find current security issues (Nessus, MBSA, Cain Metasploit, BackTrack) Password Recovery (Cain, UBCD4Win, BackTrack, John the Ripper) Application and Data Base Tools (SQL recon, Metasploit , HPing2, N-Stealth, N-Stealth, Absinthe) Encryption Software (True Crypt, Dekart, Windows) Tools that link to online resources so you can secure your network Tools that are fun (as time permits) Tools that link to online resources so you can secure your network Tools that are fun (as time permits)

    3. There is no one Swiss Army knife when it comes to security: Determine your needs Restoring Deleted files File Shredding Network analysis Encryption Filtering Find the right tools Use the correct tool for the job

    4. Open DNS-- Another layer to block proxies and adult sites; http://www.opendns.com/ Ccleaner Removes unused files and other software that slows down your PC; http://www.ccleaner.com/ PC Decrapifier The PC Decrapifier will uninstall many of the common trial ware and annoyances found on new PCs. Free for personal use and 20$ per tech who will use it; http://tinyurl.com/28r8ko File Shredder A fast, safe and reliable tool to shred company files; http://www.fileshredder.org/ The Dude Auto network discovery, link monitoring, and notifications supports SNMP, ICMP, DNS and TCP monitoring; http://tinyurl.com/mulky WinAudit Audits Windows® based computers. Just about every aspect of computer inventory is examined. Also can automate inventory administration at the network level; http://tinyurl.com/27pk6t Soft Perfect Network Scanner A multi-threaded IP, SNMP and NetBIOS scanner. Very easy to use; http://tinyurl.com/2kzpss SyncBack File Backup software; http://tinyurl.com/fmtel Open DNS Ccleaner It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. http://www.ccleaner.com/ PC Decrapifier The PC Decrapifier will uninstall many of the common trialware and annoyances found on many of the PCs from big name OEMs free for personal use 20$ per tech who will use it http://pcdecrapifier.com/features File Shredder File Shredder has been developed as fast, safe and reliable tool to shred company files. http://www.fileshredder.org/ The Dude The Dude is auto network discovery and layout discovers any type or brand of device, device, Link monitoring, and notifications supports SNMP, ICMP, DNS and TCP monitoring for devices that support it http://www.mikrotik.com/thedude.php WinAudit is a software program that audits Windows® based personal computers. Just about every aspect of computer inventory is examined. You can e-mail it to your technical support or even post the audit to a database for archiving. When used in conjunction with its command line functionality, you can automate inventory administration at the network level http://www.pxserver.com/WinAudit.htm SoftPerfect™ Network Scanner A multi-threaded IP, SNMP and NetBIOS scanner. The program pings computers, scans for listening TCP ports and displays which types of resources are shared on the network (including system and hidden). In addition, it allows you to mount shared resources as network drives, browse them using Windows Explorer, filter the results list and more Open DNS Ccleaner It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. http://www.ccleaner.com/ PC Decrapifier The PC Decrapifier will uninstall many of the common trialware and annoyances found on many of the PCs from big name OEMs free for personal use 20$ per tech who will use it http://pcdecrapifier.com/features File Shredder File Shredder has been developed as fast, safe and reliable tool to shred company files. http://www.fileshredder.org/ The Dude The Dude is auto network discovery and layout discovers any type or brand of device, device, Link monitoring, and notifications supports SNMP, ICMP, DNS and TCP monitoring for devices that support it http://www.mikrotik.com/thedude.php WinAudit is a software program that audits Windows® based personal computers. Just about every aspect of computer inventory is examined. You can e-mail it to your technical support or even post the audit to a database for archiving. When used in conjunction with its command line functionality, you can automate inventory administration at the network level http://www.pxserver.com/WinAudit.htm SoftPerfect™ Network Scanner A multi-threaded IP, SNMP and NetBIOS scanner. The program pings computers, scans for listening TCP ports and displays which types of resources are shared on the network (including system and hidden). In addition, it allows you to mount shared resources as network drives, browse them using Windows Explorer, filter the results list and more

    5. Dude Screen Shot

    6. Aidia 32 System information, diagnostics and benchmarking for Win32 platforms. Screen shots, remote control, AIDA32 will extract details of all components of the PC. You can display information print it or save it to a .. XML, HTML or CSV. http://tinyurl.com/2j9ro8 SuperScan 4 Network Scanner finds open ports (I prefer version 3) http://tinyurl.com/2z42uy Nmap Scanning and Foot printing http://tinyurl.com/3dfk7v Cain and Abel the “Swiss Army knife” Cracks passwords, VOIP, and so much more http://tinyurl.com/53vmz Wire Shark http://tinyurl.com/yclvno Autoruns shows the programs that run during system boot up or login http://tinyurl.com/3adktf Iron Geek Step by step security training http://tinyurl.com/bzvwx Three finger salute (CTR+ALT+DEL) Default Password List http://tinyurl.com/39teob Nessus Great system wide vulnerability scanner http://tinyurl.com/3ydrfu The Google Hacking Database (GHDB) http://tinyurl.com/2mxe2h

    7. Phishing Protection We operate PhishTank.com, the world's most trusted source of phishing data. We integrate that data into an intelligence feed on our DNS servers to keep everyone on your network safe from phony sites trying to steal personal information. Domain Blocking You want to secure your network and have control over what resolves. We give you that control by providing the tools to block any website or DNS zone on the Internet, all through an easy-to-use interface. Adult Site Blocking Safeguard your kids, protect your students, or limit your corporate liability by blocking adult websites. Our adult site blocking solution can be deployed in minutes and provides granular levels of blocking. Did we mention it's completely free? Web Proxy Blocking Prevent people on your network from bypassing the access restrictions you put in place. Blocking Web proxies helps ensure your network remains secure.

    8. Cain and Abel It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. Cain and Abel It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols.

    10. Wireshark Packet sniffer used to find passwords and other important network errors going across network SSL Passwords are often sent in clear text before logging on http://tinyurl.com/yclvno Metasploit Hacking/networking security made easy http://www.metasploit.com/ BackTrack or UBCD4WIN Boot CD Cleaning infected PC’s or ultimate hacking environment. Will run from USB http://tinyurl.com/2y2jdj http://tinyurl.com/38cgd5 Read notify “Registered” email http://www.readnotify.com/ Virtual Machine For pen testing http://tinyurl.com/2qhs2e http://www.virtualiron.com/

    11. Wireshark Screen Shot

    12. Bart PE or UBCD4WIN http://www.bartpe.com http://www.ubcd4win.com UBCD hardware testing including BIOS; HD cloning, recovery, destruction tools, ram testing, and so much more http://www.ultimatebootcd.com/download.html Back Track one of the more powerful cracking network auditing packages http://www.remoteexploit.org KNOPPIX recover/repair dead systems and several security tools http://www.knoppix.net/ What is AUSTRUMI? AUSTRUMI is a business card size (50MB) bootable Live CD Linux distribution. Imagine the ability to boot your favorite Linux distribution whether you are at home, at school or at work.. X-window enlightenment - windows manager Graphic gimageview - image browser gimp - Image Manipulation Program inkscape - SVG editor Office gcalctool - graphical calculator abiword - word processor gnumeric - spreadsheet editor stardict - dictionary bluefish - html editor gv - a PostScript and PDF previewer Network nmap - network scaner ettercap - sniffer/interceptor/logger for LAN vqcc-gtk - quickChat/Vypress Chat ant - sending tool of TCP/IP packets hydra - login cracker LinNeighborhood - samba client tsclient - frontend for rdesktop and vncviewer telnet - telnet client gputty - ssh client mtr - traceroute Internet firefox - WWW browser uebimiau - web mail linuxdcpp - P2P DC client xchat - IRC client linphone - IP telefonija gitmail - mail client apache - web server vsftpd - ftp server xmail - mail server Multimedia mplayer - movie player simplecdrx - CD creation and audio manipulation program sweep - audio editor and live playback toolsweep Games ltris - classic 'Tetris' clone atomix - logical game xboard:phalanx - chess gnomine - variation of minesweeper gtkballs - clone of well-known DOS game "Lines" icebreaker - clasic 'Xonix' clone Other emelfm2 - file manager rxvt - color VT102 terminal emulator htop - task manager mc - The Midnight Commander qemu - processor emulator xproc - system information partimage - partition imaging utility voarti - firewall/router gtkfind - graphical file finding program turma - search (and replace) text xfdiff4 - graphical diff frontend hexedit - shows/modify a file both in ASCII and in hexadecimal Trinity Rescue Kit, designed to recover/repair dead Windows systems (also Linux). http://trinityhome.org/Home/index.php?wpid=28&front_id=12 Trinity Rescue Kit 3.1 or TRK 3.1 is a 100% free CD bootable Linux distribution (live cd) aimed specifically at offline operations for Windows and Linux systems such as rescue, repair, password resets and cloning, with the ability to update itself . It has custom tools to easily recover data such as deleted files, clone Windows installations over the network, perform antivirus sweeps with 2 different antivirus products, reset windows passwords, read AND write on NTFS partitions, edit partition layout and much much more. Trinity Rescue Kit 3.1 is the evolved version of 3.0 and a complete rewrite of version 1.1 and the unfinished 2.0. It ‘s mostly based on Mandrake 10.2 (Mandriva 2005) binaries and heavily adapted startup scripts. Although it requires a bit more startup time than version 1.1, it still is a fast booter(39 seconds compared to 31 in TRK 1.1 on a Compaq Evo D51s, 2.4Ghz) , recognizing even more hardware than ever. It now also has a feature for automatic proxy detection and custom startup environment adaptations. An administrator can configure his LAN (using DHCP and a webserver) so TRK3 can taken advantage of that, making it even more powerful. Apart from that, you can have any computer run a specific script from a local folder (f.i. to run maintenance and backups in batch) Where Trinity Rescue Kit 1.1 is looking at around 120.000 downloads so far (and who knows how many CDRs got burned), TRK 3.1 claims to be the most complete, fast to use toolkit when it comes to performing offline rescueing on both Windows and Linux. KNOPPIX is a bootable Live system on CD or DVD, consisting of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk. Due to on-the-fly decompression, the CD can have up to 2 GB of executable software installed on it (over 8GB on the DVD "Maxi" edition). Linux-Kernel 2.4.x and 2.6.x KDE as the standard desktop with K Office and the Konqueror WWW-browser konqueror X Multimedia System (xmms) an MPEG-video, MP3, Ogg Vorbis Audio player and xine Internet connection software kppp,pppoeconf (DSL) and isdn-config Gnu Image Manipulation Program (GIMP) utilities for data recovery and system repairs, even for other operating systems network and security analysis tools for network administrators OpenOffice(TM), the GPL-developed version of the well-known StarOffice(TM) office suite many programming languages, development tools (including kdevelop) and libraries for developers in total more than 900 installed software packages with over 2000 executable user programs, utilities, and games What is AUSTRUMI? AUSTRUMI is a business card size (50MB) bootable Live CD Linux distribution. Imagine the ability to boot your favorite Linux distribution whether you are at home, at school or at work.. X-window enlightenment - windows manager Graphic gimageview - image browser gimp - Image Manipulation Program inkscape - SVG editor Office gcalctool - graphical calculator abiword - word processor gnumeric - spreadsheet editor stardict - dictionary bluefish - html editor gv - a PostScript and PDF previewer Network nmap - network scaner ettercap - sniffer/interceptor/logger for LAN vqcc-gtk - quickChat/Vypress Chat ant - sending tool of TCP/IP packets hydra - login cracker LinNeighborhood - samba client tsclient - frontend for rdesktop and vncviewer telnet - telnet client gputty - ssh client mtr - traceroute Internet firefox - WWW browser uebimiau - web mail linuxdcpp - P2P DC client xchat - IRC client linphone - IP telefonija gitmail - mail client apache - web server vsftpd - ftp server xmail - mail server Multimedia mplayer - movie player simplecdrx - CD creation and audio manipulation program sweep - audio editor and live playback toolsweep Games ltris - classic 'Tetris' clone atomix - logical game xboard:phalanx - chess gnomine - variation of minesweeper gtkballs - clone of well-known DOS game "Lines" icebreaker - clasic 'Xonix' clone Other emelfm2 - file manager rxvt - color VT102 terminal emulator htop - task manager mc - The Midnight Commander qemu - processor emulator xproc - system information partimage - partition imaging utility voarti - firewall/router gtkfind - graphical file finding program turma - search (and replace) text xfdiff4 - graphical diff frontend hexedit - shows/modify a file both in ASCII and in hexadecimal Trinity Rescue Kit, designed to recover/repair dead Windows systems (also Linux). http://trinityhome.org/Home/index.php?wpid=28&front_id=12 Trinity Rescue Kit 3.1 or TRK 3.1 is a 100% free CD bootable Linux distribution (live cd) aimed specifically at offline operations for Windows and Linux systems such as rescue, repair, password resets and cloning, with the ability to update itself . It has custom tools to easily recover data such as deleted files, clone Windows installations over the network, perform antivirus sweeps with 2 different antivirus products, reset windows passwords, read AND write on NTFS partitions, edit partition layout and much much more.Trinity Rescue Kit 3.1 is the evolved version of 3.0 and a complete rewrite of version 1.1 and the unfinished 2.0. It ‘s mostly based on Mandrake 10.2 (Mandriva 2005) binaries and heavily adapted startup scripts.Although it requires a bit more startup time than version 1.1, it still is a fast booter(39 seconds compared to 31 in TRK 1.1 on a Compaq Evo D51s, 2.4Ghz) , recognizing even more hardware than ever.It now also has a feature for automatic proxy detection and custom startup environment adaptations. An administrator can configure his LAN (using DHCP and a webserver) so TRK3 can taken advantage of that, making it even more powerful.Apart from that, you can have any computer run a specific script from a local folder (f.i. to run maintenance and backups in batch)Where Trinity Rescue Kit 1.1 is looking at around 120.000 downloads so far (and who knows how many CDRs got burned), TRK 3.1 claims to be the most complete, fast to use toolkit when it comes to performing offline rescueing on both Windows and Linux. KNOPPIX is a bootable Live system on CD or DVD, consisting of a representative collection of GNU/Linux software, automatic hardware detection, and support for many graphics cards, sound cards, SCSI and USB devices and other peripherals. KNOPPIX can be used as a productive Linux system for the desktop, educational CD, rescue system, or adapted and used as a platform for commercial software product demos. It is not necessary to install anything on a hard disk. Due to on-the-fly decompression, the CD can have up to 2 GB of executable software installed on it (over 8GB on the DVD "Maxi" edition). Linux-Kernel 2.4.x and 2.6.x KDE as the standard desktop with K Office and the Konqueror WWW-browser konqueror X Multimedia System (xmms) an MPEG-video, MP3, Ogg Vorbis Audio player and xine Internet connection software kppp,pppoeconf (DSL) and isdn-config Gnu Image Manipulation Program (GIMP) utilities for data recovery and system repairs, even for other operating systems network and security analysis tools for network administrators OpenOffice(TM), the GPL-developed version of the well-known StarOffice(TM) office suite many programming languages, development tools (including kdevelop) and libraries for developers in total more than 900 installed software packages with over 2000 executable user programs, utilities, and games

    15. DNS-stuff and DNS-reports http://www.dnsstuff.com http://www.dnsreports.com Are you blacklisted? Test your e-mail system Check your HTML code for errors WINHTTrack For offline testing http://tinyurl.com/2qukbx Open DNS http://www.opendns.com/ Firewall checkers www.firewallcheck.com Security Space http://tinyurl.com/cbsr

    16. Nessus Vulnerability scanners http://www.nessus.org Snort IDS - intrusion detection system http://www.snort.org Metasploit Framework Vulnerability exploitation tools Use with great caution and have permission http://tinyurl.com/3d57vu MBSA Microsoft Baseline Security Analyzer (MBSA) Used to determine their security state and specific remediation guidance http://tinyurl.com/39vfhe Metasploit www.metasploit.org A great tool to exploit those Windows-based vulnerabilities that other tools findMetasploit www.metasploit.org A great tool to exploit those Windows-based vulnerabilities that other tools find

    17. Fgdump Mass password auditing for Windows http://tinyurl.com/2c7hf4 Cain and Abel Password cracker and so much more…. http://tinyurl.com/dlvva John The Ripper Password crackers http://tinyurl.com/26kt7p RainbowCrack An Innovative Password Hash Cracker tool that makes use of a large-scale time-memory trade-off. http://tinyurl.com/ysfgtx Cain and Abel It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. RainbowCrack : An Innovative Password Hash Cracker The RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finishedCain and Abel It can recover passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, revealing password boxes, uncovering cached passwords and analyzing routing protocols. RainbowCrack : An Innovative Password Hash CrackerThe RainbowCrack tool is a hash cracker that makes use of a large-scale time-memory trade-off. A traditional brute force cracker tries all possible plaintexts one by one, which can be time consuming for complex passwords. RainbowCrack uses a time-memory trade-off to do all the cracking-time computation in advance and store the results in so-called "rainbow tables". It does take a long time to precompute the tables but RainbowCrack can be hundreds of times faster than a brute force cracker once the precomputation is finished

    18. Windows Password recovery - Can retrieve forgotten admin and users' passwords in minutes. Safest possible option, does not write anything to hard drive. Offline NT Password & Registry Editor - A great boot CD/Floppy that can reset the local administrator's password. John the Ripper - Good boot floppy with cracking capabilities. Emergency Boot CD - Bootable CD, intended for system recovery in the case of software or hardware faults. Austrumi - Bootable CD for recovering passwords and other cool tools. NetBIOS Auditing Tool (NAT) www.cotse.com/tools/netbios.htm Neat tool for cracking passwords on Windows network shares NetBIOS Auditing Tool (NAT) www.cotse.com/tools/netbios.htm Neat tool for cracking passwords on Windows network shares

    19. MS Baseline Analyzer http://tinyurl.com/27obrz The Dude Great for mapping and analyzing traffic http://tinyurl.com/2kzejg Getif Network SNMP discovery and exploit tool http://tinyurl.com/23uhdo ] SoftPerfect Network Scanner http://www.softperfect.com/ Enumerate Windows Shares Start – Run - \\IP\C$ Login is administrator Password Start – Run \\(server name or IP) Enumerate Windows Directory LDAP query – Dump Accounts and Groups on a 2000/2003 Server Tool is on the Windows 2000/2003 Server CD (LDP.EXE) Enumerate Windows Shares Start – Run - \\IP\C$ Login is administrator Password Start – Run \\(server name or IP) Enumerate Windows Directory LDAP query – Dump Accounts and Groups on a 2000/2003 Server Tool is on the Windows 2000/2003 Server CD (LDP.EXE) The Dude http://www.mikrotik.com/thedude.php The Dude is a visual and easy to use network monitoring and management system designed to represent network structure in one or more crosslinked graphical diagrams, allowing you to draw (includes automatic network discovery tool) and monitor your network however complicated it might be. The Dude is capable of monitoring particular services run on the network hosts, and alerting you about any changes in their status. It can read statistics from the device monitored and show you graphs of the monitored values, allows you to test and connect to the devices easily, and provides some very basic RouterOS configuration tools Getif is an excellent SNMP tool that allows you to collect and graph information from SNMP devices.  Enumerate Windows Shares Start – Run - \\IP\C$ Login is administrator Password Start – Run \\(server name or IP) Enumerate Windows Directory LDAP query – Dump Accounts and Groups on a 2000/2003 Server Tool is on the Windows 2000/2003 Server CD (LDP.EXE) The Dude http://www.mikrotik.com/thedude.php The Dude is a visual and easy to use network monitoring and management system designed to represent network structure in one or more crosslinked graphical diagrams, allowing you to draw (includes automatic network discovery tool) and monitor your network however complicated it might be. The Dude is capable of monitoring particular services run on the network hosts, and alerting you about any changes in their status. It can read statistics from the device monitored and show you graphs of the monitored values, allows you to test and connect to the devices easily, and provides some very basic RouterOS configuration tools Getif is an excellent SNMP tool that allows you to collect and graph information from SNMP devices. 

    20. HPing2 Packet assembler/analyzer http://www.hping.org Netcat TCP/IP Swiss Army Knife http://tinyurl.com/2r4fx9 TCPDump for Linux or Windump for Windows packet sniffers http://www.tcpdump.org and http://tinyurl.com/2gkvqq LanSpy local, Domain, NetBios, Global and local users, policy settings and much more http://www.lantricks.com/ Qcheck Checks network response time, throughput, and streaming performance http://tinyurl.com/3csl3l SoftPerfect Network Scanner is a free multi-threaded IP, NetBIOS and SNMP scanner with a modern interface and several advanced features. It is intended for both system administrators and users who are interested in computer security. The program pings computers, scans for listening TCP ports and shows what types of resources are shared on the network (including system and hidden). Hping2 : A network probing utility like ping on steroids This handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies LanSpy —Network security scanner, which gets: Domain and NetBios names, MAC address, Server information, Domain and Domain controller information, Remote control, Time, Discs, Transports, Users, Global and local users groups, Policy settings, Shared resources, Sessions, Open files, Services, Registry and Event log information. SoftPerfect Network Scanner is a free multi-threaded IP, NetBIOS and SNMP scanner with a modern interface and several advanced features. It is intended for both system administrators and users who are interested in computer security. The program pings computers, scans for listening TCP ports and shows what types of resources are shared on the network (including system and hidden). Hping2 : A network probing utility like ping on steroidsThis handy little utility assembles and sends custom ICMP, UDP, or TCP packets and then displays any replies LanSpy —Network security scanner, which gets: Domain and NetBios names, MAC address, Server information, Domain and Domain controller information, Remote control, Time, Discs, Transports, Users, Global and local users groups, Policy settings, Shared resources, Sessions, Open files, Services, Registry and Event log information.

    21. Zero Assumption Digital Image rescue http:// http://tinyurl.com/372643 Restoration File Recovery http://tinyurl.com/2ymm46 Free Undelete http://tinyurl.com/2tp2zd Effective File Search Find data inside of files or data bases http://tinyurl.com/ynojg6 Zero Assumption Digital Image Recovery ZA Digital Image Recovery recovers Canon .CR2 files as TIFF. To open recovered files, Jeff used Photoshop CS "Open With" feature, which allows to specify image format override. http://www.z-a-recovery.com/digital-image-recovery.htm http://www.z-a-recovery.com/digital-image-recovery.htm Restoration Restoration is an easy to use and straight forward tool to undelete files that were removed from the recycle bin or directly deleted from within Windows, and we were also able to recover photos from a Flash card that had been formatted. Upon start, you can scan for all files that may be recovered and also limit the results by entering a search term or extension. In addition http://www.snapfiles.com/get/restoration.html Free undelete http://www.pc-facile.com/download/recupero_eliminazione_dati/drive_rescue/ Effective File Search Effective File Search (EFS) is a powerful but easy to use search tool. Search any files on your computer or local network with this effective software. EFS is a real replacement for the Windows Search utility. You can save a lot of time with this excellent file search tool. Great text searching tool for finding files on local drives and server shares -- simply search for text such as "password", "SSN", etc. to find sensitive information that's not properly secured Zero Assumption Digital Image Recovery ZA Digital Image Recovery recovers Canon .CR2 files as TIFF. To open recovered files, Jeff used Photoshop CS "Open With" feature, which allows to specify image format override. http://www.z-a-recovery.com/digital-image-recovery.htm http://www.z-a-recovery.com/digital-image-recovery.htm Restoration Restoration is an easy to use and straight forward tool to undelete files that were removed from the recycle bin or directly deleted from within Windows, and we were also able to recover photos from a Flash card that had been formatted. Upon start, you can scan for all files that may be recovered and also limit the results by entering a search term or extension. In addition http://www.snapfiles.com/get/restoration.html Free undelete http://www.pc-facile.com/download/recupero_eliminazione_dati/drive_rescue/ Effective File SearchEffective File Search (EFS) is a powerful but easy to use search tool. Search any files on your computer or local network with this effective software. EFS is a real replacement for the Windows Search utility. You can save a lot of time with this excellent file search tool. Great text searching tool for finding files on local drives and server shares -- simply search for text such as "password", "SSN", etc. to find sensitive information that's not properly secured

    22. Windows and Office Key finder/Encrypting Win KeyFinder (also encrypts the keys) http://www.winkeyfinder.tk/ ProduKey (also finds SQL server key) http://www.nirsoft.net Secure Delete software Secure Delete http://tinyurl.com/27p8uh File Shredder has been developed as a fast, safe and reliable tool to shred company files http://www.fileshredder.org/ DUMPSEC Dump all of the registry and share permissions http://www.somarsoft.com/ Win Finger Print Scans for Windows shares, enumerates usernames, groups, sids and much more http://tinyurl.com/2jeyto Winfingerprin thttp://winfingerprint.sourceforge.net Windows enumeration tool that can ferret out patch levels, NetBIOS information, user information, and more Winfingerprin thttp://winfingerprint.sourceforge.net Windows enumeration tool that can ferret out patch levels, NetBIOS information, user information, and more

    23. N-Stealth An effective HTTP/Web application Security Scanner http://tinyurl.com/32owl7 WINHTTrack Website copier http://tinyurl.com/ypmdq2 SQLRecon Performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations http://tinyurl.com/3bgj44 More SQL Tools http://tinyurl.com/3bgj44 Absinthe Tool that automates the process of downloading the schema & contents of a database that is vulnerable to Blind SQL Injection http://tinyurl.com/34catv WebInspect- SpyDynamics 15 day trial against your web/application servers http://tinyurl.com/359dsv SQLRecon performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain. SQLRecon is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool which can be used to ferret-out servers you never knew existed on your network so you can properly secure them. FEATURES * Multi-threaded scanning engine * 6 Active scanning techniques * 2 Stealth scanning techniques * IP Range scanning * IP List scanning * Export results as XML or text file * Export IP list for use in future scans (i.e. Passive to Active) * ICMP check to increase scan speed * Debug mode to allow for greater scan visibility * Allows alternate credentials * Custom source port for UDP packets for firewall evasion SQLRecon performs both active and passive scans of your network in order to identify all of the SQL Server/MSDE installations in your enterprise. Due to the proliferation of personal firewalls, inconsistent network library configurations, and multiple-instance support, SQL Server installations are becoming increasingly difficult to discover, assess, and maintain. SQLRecon is designed to remedy this problem by combining all known means of SQL Server/MSDE discovery into a single tool which can be used to ferret-out servers you never knew existed on your network so you can properly secure them. FEATURES * Multi-threaded scanning engine * 6 Active scanning techniques * 2 Stealth scanning techniques * IP Range scanning * IP List scanning * Export results as XML or text file * Export IP list for use in future scans (i.e. Passive to Active) * ICMP check to increase scan speed * Debug mode to allow for greater scan visibility * Allows alternate credentials * Custom source port for UDP packets for firewall evasion

    24. Hard drive or Jump Drives True Crypt for cross platform encryption with lots of options http://tinyurl.com/2ovdtm Dekart its free version is very simple to use paid version has more options http://tinyurl.com/2z6uv2 http://www.dekart.com/ Email or messaging PGP for encrypting email http://tinyurl.com/2w4g9q

    25. Aircrack The fastest available WEP/WPA cracking tool A suite of tools for 802.11a/b/g WEP and WPA cracking Can recover a 40 through 512-bit WEP or WPA 1 or 2 The suite includes airodump (an 802.11 packet capture program) aireplay (an 802.11 packet injection program) aircrack (static WEP and WPA-PSK cracking) airdecap (decrypts WEP/WPA capture files) http://tinyurl.com/2xzyu6 Net Stumbler Finds wireless networks http://wwww.netstumbler.com Kismet Wireless tools or packet sniffers http://wwww.kismetwireless.net Qcheck Determine real application speeds in WIFI networks http://tinyurl.com/3csl3l The fastest available WEP/WPA cracking tool Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files). The fastest available WEP/WPA cracking tool Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files). The fastest available WEP/WPA cracking tool Aircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture filesThe fastest available WEP/WPA cracking toolAircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files). The fastest available WEP/WPA cracking toolAircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files). The fastest available WEP/WPA cracking toolAircrack is a suite of tools for 802.11a/b/g WEP and WPA cracking. It can recover a 40 through 512-bit WEP key once enough encrypted packets have been gathered. It can also attack WPA 1 or 2 networks using advanced cryptographic methods or by brute force. The suite includes airodump (an 802.11 packet capture program), aireplay (an 802.11 packet injection program), aircrack (static WEP and WPA-PSK cracking), and airdecap (decrypts WEP/WPA capture files

    26. Xen for Linux http://tinyurl.com/2pbmp4 VM server or VM workstation for booting Part Pe ISO’s or Remote Exploit http://tinyurl.com/7gqmw MS Virtual Server slower but very easy to use http://tinyurl.com/33mhln MS Virtual PC http://tinyurl.com/2jr7a7 Virtual Iron http://virtualiron.com VM’s can be used to run auditing applications that typically would require a dedicated server

    27. Analyzers Network monitors Traffic Generators Network Scanners IDS Network Utilities Network Clients Secure Clients SNMP Web Auditing Tools Password revealers System Tools Supplementary tools (Dos prompt, Unix shell, etc..) http://tinyurl.com/yttny6

    28. Access all stored passwords on a windows computer [System info] [Dump SAM] [Dump Product Keys] [Dump LSA secrets (IE PWs)] [Dump Network PW] [Dump messenger PW] [Dump URL History] Available at http://tinyurl.com/2kwqgp Plug U3 Drive in any windows XP/2000/2003 computer Wait about 1 minute Eject Drive Go to run on the start menu, then type x:\Documents\logfiles (x = flash drive letter) then press enter Look at username and passwords or start cracking hashed windows passwords

    29. The Sleuth Kit and Autopsy Browser Open source digital investigation tools (digital forensic tools) http://www.sleuthkit.org/ Boot CD UBCD4WIN http://www.ubcd4win.com BACKTRACK http://www.remote-exploit.org/ Disclaimer Be very careful when it comes to doing any forensic work as you can end up in Jail

    30. SyncBack http://tinyurl.com/29elte Secure Encrypt a zip file with a 256-bit AES encryption Copy Open Files (XP/2003) Compression You can compress an unlimited size, and an unlimited number of files. (Paid) Performance & Throttling limit bandwidth usage, (Paid) FTP and Email Backup or sync files with an FTP server. Auto email the results of your backup Overview PPT on my web site http://www.es-es.net/

    31. WinSCP wraps a friendly GUI interface around the command-line switches needed to copy files between Windows and Unix/Linux http://tinyurl.com/yvywqu Nagios Highly configurable, flexible network resource monitoring tool. http://www.nagios.org/ EventSentry Allows you to consolidate and monitor event logs in real-time, as well as monitor performance, disk space, services, processes and software/hardware installations on servers and workstations. Additional features include temperature & humidity monitoring, motion/smoke/water detection, process, logon and print tracking for audit purposes http://tinyurl.com/2g64sy WSUS Administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network. http://tinyurl.com/22anrz

    32. Network Tools Misc. SyncToy Used for copying, moving, and synchronizing different directories http://tinyurl.com/3b3wrd PsTools manage remote systems as well as the local one http://tinyurl.com/2xq8nu FoundStone Hack Pack: a collection of several hacking/security tools http://tinyurl.com/22bap7 22 Essential Mac utilities http://tinyurl.com/2er2je

    33. Resources are available at Files and suggestions http://www.es-es.net/9.html Security and Information Assurance Links http://www.es-es.net/6.html PPT for this and VM Security http://www.es-es.net/3.html Best Step by Step Security Videos Free http://www.irongeek.com Build a slipstream Windows install CD at http://tinyurl.com/4n7y5

    34. YouSendit Send large files for free up to 100mb www.yousendit.com Odeo Setup your own free podcast www.odeo.com Tiny URL Make long URL’s short and easy to remember http://tinyurl.com/

    35. Qcheck, the network troubleshooting utility from Ixia, slices, dices, and checks network response time, throughput, and streaming performance. It even runs anywhere-to-anywhere traceroute! Qcheck provides a more realistic assessment of network performance. While Ping tracks the response time of ICMP (Internet Control Message Protocol) messages, Qcheck sends real application flows across the network to test connectivity and performance. When Qcheck tests network response time, it determines how well real client/server applications will perform on the network. In addition, Qcheck tests network throughput, which is a more appropriate measurement than response time for determining how well an FTP or similar application will perform. Qcheck tests can determine whether a network can support multimedia traffic. Qcheck can test a network link using the application flows generated by streaming multimedia applications. Qcheck will determine at what rate streaming traffic is received and how much packet loss is occurring. Qcheck can test network performance between any two computers in your network once they have Performance Endpoints installed. With Ping, a user is limited to testing the network connectivity between his or her own computer and another computer. A Qcheck user can test network performance between any two workstations on his or her network, regardless of their location, once a Performance Endpoint is installed. Qcheck supports multiple protocols. Unlike Ping, Qcheck supports the variety of protocols that are present in most network environments. Qcheck can test the performance of TCP, UDP, SPX, and IPX networks. Qcheck provides diagnostic information about end systems. Qcheck gives you a glimpse into a computer that may identify whether that particular computer is causing a network performance problem. Reports from Qcheck indicate an endpoint computer's physical memory, operating system levels, and (for streaming tests) CPU utilization, useful indicators of network performance. Qcheck's traceroute tests collect information about network hops and hop latency between endpoints. Traceroute information helps locate network problems down to the level of a specific router.

More Related