Computer Security



SubTen – *nix / windows remote administration tool.

https://github.com/tecan/subten

 

other tools

Radare2 – “Radare project started as a forensics tool, a scriptable
commandline hexadecimal editor able to open disk files,
but later support for analyzing binaries, disassembling
code, debugging programs, attaching to remote gdb servers,”

binwalk – “Binwalk is a fast, easy to use tool for analyzing, reverse engineering, and extracting firmware images.”

pyew – PYEW! A Python tool for malware analysis Version

wxHexEditor

 

debuggers

  • edb – debugger
  • DDD – debugger
  • gdb

https://en.wikipedia.org/wiki/OllyDbg for windows

 

 

 

Web Security


its nice online to use an alias last name for some signup services and it still works at the post office if it looks close to the orig.

 

Common Password

  • memorize a few passwords 3 or 4 minimal number for most signup, basic sites using the same password can be reused. use different levels of caution for each password incase its compromised and where you use it.
  • for sites that require longer passwords one easy way to make web password is the site name plus a mod number like awebsite.com would be awebsite234. If thats the password modifier so you then only need to remember 234 as your common password (not very secure but easier to remember).

 

Patator multi bruteforcer

  • Available modules:
    + ftp_login : Brute-force FTP
    + ssh_login : Brute-force SSH
    + telnet_login : Brute-force Telnet
    + smtp_login : Brute-force SMTP
    + smtp_vrfy : Enumerate valid users using SMTP VRFY
    + smtp_rcpt : Enumerate valid users using SMTP RCPT TO
    + finger_lookup : Enumerate valid users using Finger
    + http_fuzz : Brute-force HTTP
    + pop_login : Brute-force POP3
    + pop_passd : Brute-force poppassd (http://netwinsite.com/poppassd/)
    + imap_login : Brute-force IMAP4
    + ldap_login : Brute-force LDAP
    + smb_login : Brute-force SMB
    + smb_lookupsid : Brute-force SMB SID-lookup
    + rlogin_login : Brute-force rlogin
    + vmauthd_login : Brute-force VMware Authentication Daemon
    + mssql_login : Brute-force MSSQL
    + oracle_login : Brute-force Oracle
    + mysql_login : Brute-force MySQL
    + mysql_query : Brute-force MySQL queries
    + pgsql_login : Brute-force PostgreSQL
    + vnc_login : Brute-force VNC
    + dns_forward : Forward lookup names
    + dns_reverse : Reverse lookup subnets
    + snmp_login : Brute-force SNMP v1/2/3
    + unzip_pass : Brute-force the password of encrypted ZIP files
    + keystore_pass : Brute-force the password of Java keystore files
    + umbraco_crack : Crack Umbraco HMAC-SHA1 password hashes
    + tcp_fuzz : Fuzz TCP services
    + dummy_test : Testing module

 

 


Hardening


GUFW firewall rules

http://netpipe.ca/paste/paste.php?id=1 outdated- maybe update it soon.