Brain Candy - Texts, Research, Whitepapers |
||
Rainbow Books - Great for studying for the CISSP Exam |
||
| blue.txt | The BLUE Book (NCSC-TG-019) | |
| brtblue.txt | The BRIGHT BLUE Book (NCSC-TG-002<DJ0>) | |
| cc_p1-v21.pdf | Common Criteria version 2.1 - Part 1 - Intro & General Model (261k - PDF) | |
| cc_p2-v21.pdf | Common Criteria version 2.1 - Part 2 - Functional Requirements (1044k - PDF) | |
| cc_p3-v21.pdf | Common Criteria version 2.1 - Part 3 - Assurance Requirements (654k - PDF) | |
| darklav.txt | The DARK LAVENDER Book (NCSC-TG-008) | |
| brown.txt | The BROWN Book (NCSC-TG-O15) | |
| dodpwd.txt | The GREEN Book (CSC-STD-002-85) | |
| neonorg.txt | The NEON ORANGE Book (NCSC-TG-003) | |
| orange.txt | The ORANGE book "DoD Trusted Computer System Evaluation Criteria" (CSC-STD-001-83) | |
| redbook.txt | The RED book (NCSC-TG-005) extends the evaluation classes of the Trusted Systems Evaluation Criteria (orange book) to trusted network systems and components. | |
| smpurple.txt | The SMALL PURPLE Book (DoD NCSC-TG-014) (NCSC-TG-014-89) | |
| tan.txt | The TAN Book (NCSC-TG-001) | |
| tealgrn.txt
or tealgrn.zip |
The TEAL GREEN book (aka. DoD Computer Terms for Dummies) | |
| yellow.zip | The YELLOW Books (DoD CSC-STD-003 and 004) or std003.txt and yellow2.txt | |
|
Misc TCP/IP Security, Hacking, and Reference |
||
| alt.2600,#Hack FAQ | HTML Version of the #Hack FAQ, by Voyager | |
| admin.txt | "Improving the Security of Your Site by Breaking Into it" -- a.k.a Admin's Guide to Cracking |
|
| all-ip-numbers.txt | The BEST well known, seen-in the wild, trojan service, port list I've ever seen. Also includes IP protocol numbers. | |
| backdoors.txt | Christopher Klaus' informative text on finding backdoors left on systems | |
| cifs.txt | Hobbit's "Common Insecurities Fail Scrutiny" - Excellent | |
| des-how-to.txt | Matthew Fischer's Data Encryption Standard (DES) tutorial. Excellent. | |
| falling_dominos.pps | Trust Factory's DEFCON 8 presenation on Lotus Domino (in)Security (Power Point format) | |
| findhole.txt | Finding Security Holes | |
| firewall.txt | Intro. to UNIX Firewalls | |
|
hackingcitrix.txt
|
Wirepair's Hacking Citrix Whitepaper |
|
| hackfaq.zip | PC hacking guide | |
| hackbeg.zip | Novices Guide to Hacking | |
| howtocrk.zip | Beginner's Guide to Cracking | |
| htca1.zip | How to Crack, by +ORC, Lesson A1- Internet Cracking: Firewalls | |
| IIS-hacking.html | Mount Ararat Blossom 's "SECURING IIS by BREAKING" paper, detailing 14 major vulnerabilities in IIS 4.0/5.0. Mentioned in Information Security Magazine, Nov. 2000, p.18. Original USENET post is here . | |
| iphijack.ps | Excellent paper on IP Hijacking (postscript) | |
| IP Spoofing.ppt | Ian Vitek's DEFCON 8 Presenstation on IP Spoofing Made Easy with Linux. | |
| key_study.txt | The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption | |
| lod01.zip | LoD Tech. manual, Vol 1 | |
| lod02.zip | LoD Tech. manual, Vol 2 | |
| lod03.zip | LoD Tech. manual, Vol 3 | |
| lod04.zip | LoD Tech. manual, Vol 4 | |
| mac2ven.txt | MAC address mappings to the vendors assigned to them | |
| newbie.txt | Newbie's Handbook | |
| nfs_trace.txt | NFS Tracing By Passive Network Monitoring, by Matt Blaze | |
| Oracle Hacking | Vic Vandal's DEFCON 7.0 presentation on Hacking ORACLE databases -- Excellent! | |
| proxy.txt | Understanding Microsoft Proxy Server 2.0 | |
| safecrack.txt | Techniques used to break combination lock safes. | |
| security.zip | alt.security FAQ | |
| sendmail.txt | Known holes in sendmail | |
| sniffer.txt | Sniffer FAQ | |
| solhack.txt | Solaris system flaws and exploits ( C Progs incl.) | |
| sql-hacking.html | Mount Ararat Blossom 's "Hacking MS SQL Servers For Fun & Profit", 11/13/2000 | |
| starthak.txt | Ultimate Beginners Guide to Hacking and Phreaking | |
| tcphijack.txt | EXCELLENT paper on TCP internals, and TCP Hijacking | |
| tcpip.txt | Intro. to Internet Protocols | |
| Top-Domains | List of all of the top level (country) domains | |
| unews.txt | How users can access banned USENET groups | |
| unixfaq.zip | comp.unix.questions and comp.unix.shell FAQ | |
| unixhack.zip | UNIX: A Hacking Tutorial | |
| unixsec.zip | Excellent- unix security from the ground up | |
| vi.html | Downlink's Vi editor reference page | |
| xwin.txt | Discussion of flaws in Xwindows | |
|
Defcon and Black Hat Presentations |
||
| Blackhat-8.pdf | TUV Data Protect 's Black Hat 2000 slides on Check Point Firewall-1 Vulnerabilities | |
| Falling_Dominos.pps | Trust Factory's DEFCON 8 presenation on Lotus Domino (in)Security (Power Point format) | |
| Hacking Oracle | Vic Vandal's DEFCON 7 presentation on Hacking Oracle databases -- Excellent! (HTML Format) | |
| IP Spoofing.ppt | Ian Vitek's DEFCON 8 Presenstation on IP Spoofing Made Easy with Linux. (MS Power Point) | |
|
DDOS Tool Analysis and Information |
||
| stacheldraht | David Dittrich's Stacheldraht DDOS tool analysis | |
| tfn.analysis | David Dittrich's Tribe Flood Network DDOS tool analysis | |
| TFN2k_Analysis-1.3.txt | By Jason Barlow and Woody Thrower at AXENT's Security Team - "TFN2K - An Analysis" | |
| trinoo.analysis | David Dittrich's Trin00 DDOS tool analysis | |
|
Firewall Information and Tools |
||
| audit.html | Lance Spitzner's "Auditing Your Firewall Setup" | |
| Blackhat-8.pdf | TUV Data Protect's Black Hat 2000 slides on Check Point Firewall-1 Vulnerabilities | |
| blackhat-fw1.tar.gz | TUV Data Protect's Black Hat 2000 exploit code! Test your firewalls yourself!! Their advisory can be found here . | |
| fwguifix.reg | Mike Coogan 's NT Registry Patch which extends the timeout value for the FW-1 GUI (logger too) | |
| fwpentesting.html | Mount Ararat Blossom 's "Firewall Penetration Testing", 11/20/2000 | |
| fwtable.html | Lance Spitzner's "Understanding the FireWall-1 State Table" | |
| intrusion.html | Lance Spitzner's "Intrusion Detection for Check Point FireWall-1" | |
| rules.html | Lance Spitzner's "Building Your Firewall Rulebase" | |
| tips.html | Lance Spitzner's "FW-1 Troubleshooting Tips" | |
| VPN-1toPGP-VPN | Establishing a VPN Connection between Checkpoint's Firewall-1 4.1/2000 & PGP 7.0 using Entrust CA, by Junaid Syed at NAI. | |
|
Frequencies and Wireless |
||
| aviphone.txt | 450MHz Air to Ground Telephone freq's | |
| cordfone.htm | Cordless phone channel freq. allocations | |
| fcc-band.htm | FCC Freq. Allocations .535 to 300000.0 MHz | |
| wireless.html | Jason Witty's Wireless technology comparision table |
|
|
||