Hi All

Have finally succummed to using rss due to time constraints. Are there any particular clients that you like for win/nix? It would be nice to have one that didn't completely abuse my privacy and isn't known as a very buggy one. Any suggestions?

These will be of interest

http://code.google.com/p/owaspbwa/wiki/ProjectSummary

http://blog.securitymonks.com/2009/08/23/learning-by-doing-hacker-challenges-and-practice-sites/

http://ha.ckers.org/blog/20090406/hacking-without-all-the-jailtime/

You may or may not have these which could be of use.

http://blog.securitymonks.com/2009/08/15/whats-in-your-folder-security-cheat-sheets/

Hoping this isn't for your neighbour/s....

This shop as served me well. Based in the UK

http://stores.shop.ebay.co.uk/Crucial-WiFi__W0QQ_armrsZ1

and more

http://www.networkintrusion.co.uk/index.php/miscellaneous/analysis-crib-sheets/rawpackets.html
http://www.networkintrusion.co.uk/index.php/miscellaneous/analysis-crib-sheets/other-charts.html

again may need to view from non referrer

I just had the same issue, thought was very strange after i was just on that page! I think it must be looking at the referrer. If you just copy and paste that link into a browser it should work.

One of the first hits for hexidecimal in google. Very handy conversion chart. Could have done with this a while ago.

www.networkintrusion.co.uk/protocols/pdf/Conversion_Table.pdf

passwordsafe + yubikey provides that extra layer of security

Another dump of bookmarks this time relating to passwords that maybe of interest to some of you guys. These are mainly online resources. Feel free to add more

http://www.wpacracker.com/
http://www.freerainbowtables.com/
http://securityxploded.com/download.php
http://www.phenoelit-us.org/dpl/dpl.html
http://www.plain-text.info/search/
http://www.elcomsoft.com/download.html
http://www.nirsoft.net/
http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time
http://www.virustotal.com/buscaHash.html
http://www.xmd5.org/index_en.htm
http://www.milw0rm.com/md5/info.php
http://www.cmd5.org/
http://www.tmto.org/
http://gdataonline.com/seekhash.php
http://cracker.offensive-security.com/
http://www.defaultpassword.com/
http://www.nickkusters.com/SpeedTouch.aspx
http://www.cm9.net/skypass/

maybe of interest in no particular order. Links to vid tut sites

http://www.milw0rm.com/video/
http://whitehatworld.com/archives.html
http://www.hak5.org/category/episodes
http://www.theacademypro.com/index.php
http://www.irongeek.com/i.php?page=security/hackingillustrated
http://www.securitytube.net/
http://www.rmccurdy.com/scripts/videos/
http://www.veryangrytoad.com/categories/8/
http://m3gabyt3.blip.tv/posts?view=archive&nsfw=dc
http://hopetracker.donthax.me/
http://adventuresinsecurity.com/resources
http://www.security-freak.net/videos.html
http://www.youtube.com/helpnetsecurity?gl=GB&hl=en-GB
http://vimeo.com/user595761/videos/sort:date
http://blip.tv/search?q=backtrack&x=0&y=0
http://www.knowledgecave.com/modules.php?name=Video_Stream
http://www.youtube.com/theacademypro
http://infinityexists.com/
http://www.youtube.com/user/ImpervaChannel
http://vimeo.com/pauldotcom/videos
http://vimeo.com/user1781217/videos/sort:date
http://www.hackerscenter.com/index.php?/Video/General/
http://securityoverride.com/about/
http://www.social-engineer.org/blog/resources/
http://pentest.cryptocity.net/
http://yehg.net/lab/pr0js/training/webgoat.php

Some of you may have seen this pop up . Looks like a pretty cool resource.

"SHODAN lets you find servers/ routers/ etc. by using the simple search bar up above. Most of the data in the index covers web servers at the moment, but there is some data on FTP, Telnet and SSH services as well. Let me know which services interest you the most and I'll prioritize them in my scanning. "

http://shodan.surtri.com/

Hi All

Besides this site and the remote exploit forums site, are there any other decent forums out there that aren't full of l33t speak, have decent communities and a reasonable amount of new threads? Any recommendations would be appreciated.

One situation in which a pentester may use proxies is to

perform testing that may trip ids/ips alerts that may otherwise cause their network range to become blocked on the target network, this inturn may hinder testing.

As far as log files go i would of thought if one was performing a pentest over a number of days, deleting the specific log entries may allow you to have a foothold on the target network for a longer period of time, allowing you penetrate the target systems further, than if the incident response team see the logs, figure out what you have done and then kill your access, at which point you have to try and penetrate the network another way.

just my 2pence

a few more along the same lines which might be of interest

http://wink.com/
http://www.spock.com/
http://socialmention.com/
http://www.whostalkin.com/
http://twoogel.com/
http://knowem.com/
http://www.pipl.com/

Hi All

The below sites might be of interest. It is my collection of online tools which relate to IP/DNS May be of use to some.

In no particular order

http://www.intodns.com/
http://www.dnsstuff.com/tools/tools/
http://www.subnet-calculator.com/cidr.php
http://www.dirk-loss.de/onlinetools.htm
http://www.dnsbl.info/
http://www.menandmice.com/knowledgehub/dnsglossary/
http://www.iptools.com/
http://www.robtex.com/
http://www.domaintools.com/
http://network-tools.com/
http://tools-on.net/
http://downforeveryoneorjustme.com/
http://www.netsystools.com/
http://www.diggip.com/
http://www.yougetsignal.com/tools/web-sites-on-web-server/
http://just-ping.com/
http://centralops.net/co/
http://www.psychicwhois.com/
http://www.fixedorbit.com/search.htm
http://news.netcraft.com/
http://technicalinfo.net/tools/index.html
http://www.guerrilladns.com/
http://en.utrace.de/
http://serversniff.net/index.php