Heres mine:

Firecookie
Firebug
FirePHP
FireGPG
Hackbar
Key Manager (create your own SSL Certs)
Modify Headers
SQL Injection
Ref Control
Random User Agent
Print PDF
Tamper Data
X-Forwarded for Spoofer
&& Last but not least NoScript!

Default theme is MacOSX 0.7.1 on firefox

Enigmail on thunderbird with AnonRemail, Display user agent, thundersomething, default theme iLeopard Mail 3.1.3

I try to keep the addons down as they chew resources and for things like XSS I use w3af or XSSploit.

If you have Ubuntu invest time in getting your hands on Ubuntuzilla.py to upgrade to the latest and greatest and once its setup you can cron job any future upgrades to install on demand. Never been a big fan of Ad-Block type about:config in the URL address part of your browser, see all those bits that have been inserted by ad-block to block adverts, that is bloatware! Avoid it and use NoScript as it is superior in every-way unless you want a bloated and slow browser.. By the time you click on block this advert for the hundredth time watch your about:config settings grow exponentially into wasted advert blocks..


Other addons worth playing with are chickenfoot and greasemonkey.. but its all down to personal preferences

P.S: The two developers that maintain Ad-Block and NoScript hate each others guts.. LMFAO!

P.P.S: If you want to have some serious h4x0r fun lay your hands on a copy of Browser Rider or BeEF by bindshell.net and watch how to turn idiots into zombies... Did they upgrade to the latest and greatest, erm, nooo! but with BeEF running you can tell them as much with a pop-up message!

Hiya Don, thx for the welcome, I will endeavor to not encourage that, but heh, the local authority has just screwed me and made me homeless for the second time running, all because I blew my lid at them after the death of my Cat.. Came home to find a rent demand for $281.00 when I am on the social and dont owe them 281.00 so they got the hump because I exploded at them and now there making me homeless and have served me with an eviction notice. Notifying myself that I have 24 days to move out. When I went down to there head-office and requested a review of there decision the guy running the show, the same guy who screwed me out of heating costs for a period when I nearly died in the winter time was the same guy holding this supposedly impartial review.. There was nothing impartial about it, I walked into a witch-hunt and I was the poor unlucky victim.. "He should be punished" said one woman with a face like an ugly rat.

It wasn't punishment enough apparently to have me staying in a property throughout the winter time freezing to death.

No love lost between me and the local authority I can assure you..

But I got my own back I reported them to Microsoft for piracy last year and in some respects I am looking forwards to moving out, they're trying to claim back all the court costs, I wish them the best of luck, how do you secure in excess of 281.00 in court fees from a homeless guy I wonder.. Oh the bailiff must be seeking to get his hands on my computer kit.. Best of luck three button presses and the entire setup dissolves and when I finally move out all they are going to find is one very chopped up rent payment card and all three sets of keys and bugger all else!

Whats even better is the heating system is on its last legs it had its last annual safety check in 2004 according to the Safety Sticker attached to the boiler, so after I move out they will no doubt be attempting to assess why the heating system has chosen to explode. That'll be because it violates health and safety and is condemned and the bit thats the real rub is it needs a new combustion seal. They dont know that and I am not in the mood to share it with them!

I see you guys hire people to write sterling reviews well heres mine:

Automated Image & Restore by Steve Gibson of Shields Up and Spin Rite, awesome little forensics tool, with it installed you can hot-link it to a few keyboard shortcuts, then once you press a few buttons change a few values from 0 to 1 and tell it to zero your own HD, you can lock the screen, walk away and make a cup of coffee and by the time the kettle has boiled your HD and all of the data on it will be worthless.

http://air-imager.sourceforge.net/

Where it says seek out-put change the value to 1, computer class still rings in my ears, 0 is off and 1 is on..

Its a sad state of affairs when governments kill there own citizens from there own negligence and below is one such story, then they have the audacity to sit there and say "How regreatable, we wonder what happened!":

http://www.timesonline.co.uk/tol/news/uk/crime/article6637111.ece

I wash my hands of the UK Parliament, it used to be my responsibility to report crime.. Well I am not responsible for the lack of there own action in doing the right thing.. Crucifying me over rent that I dont owe in the first place has not endeared my point of view towards a government that spends the price of a brand new porsche rocket every-time a bullet is fired in anger to kill insurgents in the middle east. One mans terrorist is always another mans freedom fighter!

I've always tried to steer away from politics and hacking, the two just don't mingle all that well and I have deep opinions on right and wrong... Wrong is being moved into a a derelict property and two weeks after you move in your social security is cut off, why because you failed to notify the DWP of the fact you'd been rehoused, when in point of fact you did and the sad happy twat photocopied your tenancy agreement assured you it would be dealt with, wrong is then applying for a Care grant and being told your not eligible as they only give that to people that have just been re-housed.. "eh hello, ding, ding, ding!" Wrong is being forced to pay for everything yourself to recover some semblance of normality only to then loose it explode and be told, screw you we're making you homeless... Oh did you nearly freeze to death, tough beans we dont care...!!

The kicker has to be the guy thats done this to me is orthodox Jewish.. Now I am not a professional religious nut, but is it not a tenant of Jewish Law that if you see someone in need of help you go out of your way to help that individual and not behave like the merchant of venice and screw them into the ground??? Sat there in a pierre cardin suit and told me, "oh well your heatings working now isnt it!!!" He was a very Nasty man who decided he would destroy me to make his day better.. But life is a two way street, what you put out will return to you two fold.. It's  thing called Karma! Got the assurance of two staff that I would be re-reimbursed over heating only to find no such re-reimbursement instead I got crucified like poor old Joshua and got to meet Judas in the flesh, I must remember to send him 30 pieces of silver so he can pay the boatman on the river of styx on his way to hell!

There are two types of people in this world, those who look up to you and want to emulate you in every-way and those that are driven by jealousy and hate and see you doing well and only exist to tear you down, I wonder which of those two I met at my review?

Good examples.. Ketchup fancy a cheese toasty? I is hungry and fancy a'la'munch! time me thinks for a grease packed take out with Chinese noodles and some hot chilli sauce... (stomach rumble!)

Emulate the N64, those games on Windows rule! No one beats me at golden-eye!!

Ethics, you know right from wrong.. its that simple, dont hack into critical systems like Hospitals like that epic bit of fail "Jesse William McGraw", who called himself "GhostExodus," aged 25, he was leader of the hacker group "Electronik Tribulation Army," and worked the night shift at the Carrell Clinic hospital in Dallas. He had bragged online that he “infiltrated” the facility. Epic Fail when the FBI arrived on his door... Ethics some of us have them other's do not... Dont waste your time with courses instead buy a good book.. Books save you time and money.. Welcome to EH..

One of the greatest books of all time; well tis in my humble opinion..

http://www.mit.edu/hacker/hacker.html

LOL - Now thats funny, but what can people expect from a government that refuses to use encryption or protection of any kind, its really not that surprising. They loose people's personal details in the postal system on unencrypted CD's and then say "How can this happen!" because they have the brain-cells of a Gnat!

Seriously if you went and examined half the local authority websites most of them are back boned by Windows 2003 and ISS 4 or 5, they haven't even made the upgrades to the latest and greatest and down at the local Jobcentre plus offices they use McAfee anti-virus on Windows XP with SP2.

A bit of firewalking and the odd USB key pen left laying around with a self executing melting server and seriously you would be so deeply inside there system before they even realized anything was amiss. There ideas of security and its application are jokingly laughable.

They turn the screen to face the Jobseeker and let you have a great view of the entire desktop and because they always logout and log back in, you get to see there password as they key it in!

I love the RFID cards they use to login to the system, that is only to show who was logged in when and where it would not prevent a systems intruder from chewing the entire set-up to bits and passwords... Dont even go there, they choose lame passwords that are easy to remember.

Why no encryption, well I asked an employee and they said and I quote "There scared we'd forget the passwords and find the data inaccessible!"

Seriously how the hell can you loose a PGP Key if you've taken the time to back it up on an external source like a USB pen which has been placed into a fire-proof safe. It's where they stick the paper tape back-ups! How can you forget a password like; JobCentrePlus2009SecurityKey001

Surfing the INTERNET and sites like Daily Motion, YouTube and Google are verboten! - They sure as hell do not use Firefox with NoScript, they use the patented Internet Explorer that came bundled with the OS as its propriety software, they not allowed to customize anything regardless of weather it would improve the security.

If I was going to hack there set-up which I am not as I value my freedom and liberty although I admire veracity, I would suggest a self executing CD-Rom labeled with the words Annual Statistics printed out on a lazer printer with there own department logo, the minute it got inserted into a PC to see what was on it and voila, the whole set-up would fail gloriously.

By the time they realized anything was amiss, you'd have all the details of everybody in the entire system or you could in theory take the whole system down. You want your data back, pay me for the decryption keys. But that wouldn't be ethical and it would border on terrorism and blackmail!

Firesale FTW!

What will they do when the day comes? What will they do for that matter when there hit? Are they and their security and risk analysts ready for such activity? Is our critical infrastructure prepared for such a hit that is not only multi-vector but multi-faceted in its approach? Will we be prepared? Nope...

My suggestion would be to remove the CD-Rom drives, remove the floppy diskette drives, insert locked removable HD's that can be hot-swapped and use encryption at a level that can not be defeated easily, but suggestions like that usually fall on deaf ears.

They would no doubt say it boils down to money and defense budget etc, but if they embraced open source and stopped living in Microsoft's pocket they would save fortunes exponentially across the board.

The entire system and all of the staff using it need better professional training!

I learned a long time ago, always think outside the box...

Cudos to Unu, you rock dude, you should mail me, I have a list of government sites that have such weak security they deserve to be h4x0r'd!! If only to make an example of them and there weak security!

You can find most of them they are all inurl:".gov.uk"

w3af - the Web Application Attack and Audit Framework, it takes a bit of fiddling to set-up refer to the user manual for the install instructions, once you have it up and running you can just target the site and tell it to grep and mangle etc. Any holes it'll find them and cough them up in a report, I tried it out and found it finds disclosed as well as undisclosed vulnerabilities on one site I was asked to test I found that even though they where using VERISIGN certificates the site still coughed out credit card details. That made them go back to the drawing board.

It also comes with a Fuzzer which seems to be handy...

http://w3af.sourceforge.net/

w3af provides plugin writers with these features:

urllib2 wrapper
    In order to send requests to te remote server w3af uses urllib2. The xUrllib module of w3af is a wrapper of urllib2 to make the plugin writer life easier, using this wrapper a plugin writer can forget about proxy's, proxy auth, basic/digest auth, etc. This is the complete list of features provided by xUrllib:

         - Proxy
         - Proxy auth ( basic and digest )
         - Site auth ( basic and digest )
         - Gracefully handle timeouts
         - UserAgent faking
         - Add custom headers to requests
         - Cookie handling
         - Local cache for GET and HEAD requests
         - Local dns cache, this will speed up scannings. Only one request is made to the DNS server
         - Keep-alive support fot http and https connections
         - File upload using multipart POST requests
         - SSL certificate support

Output Management
    w3af provides plugin writers with an abstraction layer for data output using the Output Manager. The output manager can also be extended using plugins and can be used for writing results to a txt/html file or sending them over the network using scp, the options are endless. Available ouput plugins are:
         - Console
         - Text file

Web Service support
    w3af knows how to parse WSDL files, and audit webservices. Plugin developers can write a simple plugin that will be able to find bugs in web services and also in common HTTP applications.

HTTP headers fuzzing
    w3af supports finding bugs in HTTP headers with great ease!

IPC
    IPC ( inter plugin communication ) can easily be done using the knowledge base, another w3af feature thats really usefull for plugin developers.

Session saving
    Framework parameters can be saved to a file using the sessionManager. After that, you can load the settings and start the same scan again without configuring all parameters.

Fuzzer
    Right now w3af has a really simple fuzzer, but we have plans to extend it. Fuzzers are great, we know it.

HTML / WML parsing
    w3af provides HTML / WML parsing features that are really easy to use.

Ophcrack but you'll need to download the rainbow tables, the smallest load is approx 622mb works well.

I have never had that happen to me, what are you using Linux or Windows..

One is made by a huge global conglomerate that has your best interests at heart "no really, thats the BS they sell!" the other is a work sponsored by D.A.R.P.A the defense advanced research projects agency and they call it Free BSD.. or Unix based OS for short, I think some russian hacker called Linus Torvalds invented something very similar called Linux but dont qoute me on that... I could be so wrong.

   

Long story short, Windows sucks balls, Linux rocks walls!

Love the glider sticker, heh, you have a friend in me..

There are ways to defeat the polymer test! What was that advert ah yes now I remember spray right guard or was it sure deodorant on your finger-tips.. all joking aside anyone can defeat a lie detector test just ask someone who works for the CIA.. I think the best way would be think of a Mc Donalds McCheese double and when asked where you at this place at this point in time, you just focus all your mental activity on that big fluffy Mc Heart Attack and forget the interviewer no matter how stressed out they get.. Sodium Pentothal aka: Sodium thiopental may change your mood but that is where those years of focusing on getting to the front of that huge shopping que will aid you in your favor, "Look dude, all I want is a McFlurry!" you mumble, by that point they will be saying "this is pointless!!"

I found it very informative but bearing in mind I bought the first edition when it came into print, I loved reading about XOR and all the other tid'bits proved very useful, it explains networking, it explains RATS, although at the time of reading it I was already familiar with Diablo Keyspy and the work of the likes of the cDc, fearless and evil eye software, although I think nowadays the newer versions of such bits of script kiddie heaven go by the labels of Poison Ivy, Nuclear Winter and Lost-Door. But I remember a time when God Message and Back-Orafice & Sub-Seven where the bad boys on the block...

For remote administration so to speak

At the time I wasan avid subseven fan, heck I used to use UPX to repack my own very edited AXE Hex Edited server and I still remember one of my school buddies saying check this out, this is smoothwall and this is my redhat box, I am untouchable... When I sent him a freeware copy of Pac-Man he couldnt resist going 'click, click, clickety, click!' the result was his awsome firewall did not even fart, he only knew when I called him up and said is this your online bank account number and is that really your password... Dude you need to add more chars into your security and from that moment forwards we spent every waking day saying to each other have you seen this in correspondence and sharing bits of things that we both found, our activities earned us both a very deserving ban from America Online (AOL) shame to admit that yes I was a lame AOL user and my monthly bill on dial-up once exceeded $875 for one months worth of use.

We're still in touch to this day and he is still a windows whore but I went totally the other way and embraced GNU and Open Source, sadly my best friends only experiance is with RedHat and that is why he tells me Linux is rubbish, he spent maybe all of a month trying to figure out how apache worked with me sitting on high saying, read the bloody manual.

When people say networking, I just think of Snort and Squil..

Dont know if you've seen this, its not really book category, I found an MMORPG called Cyber War..
www.cyberwars.com
The year is 2020. All civilization has gone under. There is now a raging war between the Net Guards and Hackers, good and evil. It's up to you to take a side, and fight for what you think is right. Riches, fame, and power await you... Can you handle it?

Looks kind interesting, I think I'll take a closer look, it says on there forum page under hacking, Discussion of DDOS attacks, SQL injection, XSS, and other site vulnerabilities. NOT an open discussion for "how to's" on attacking websites. and straight away someone has posted need wireshark assistance!?! Rofl.

This looks like a pretty long list of literary works worth a glance.. Love the site there advertised on.. http://staff.washington.edu/dittrich/cyberwarfare.html

According to the Wiki a Cyber Warrior is a person who is highly skilled in the art of Cyber Warfare. Governments, their militaries, law enforcement, and the private sector around the world are taking the initiative to train their people in the field of cyber warfare. The necessary skills that a cyber warrior shall possess will vary in magnitude; however, the key skills shall include: information security, hacking, espionage, and computer forensics.



  

Aww, bless, I remember how that used to feel... Where do I start??? Best answer, pick up a hacking book like The Unofficial Guide to Ethical Hacking (Paperback) and start from page one, when you get halfway through the book you'll be brimming with the Basic's and then it's just a case of putting it into application.

The Unofficial Guide to Ethical Hacking (Paperback)
by Anklt Fadia (Author)

# Paperback: 864 pages <-- Almost as big as the Bible!
# Publisher: Course Technology Inc; 2nd Revised edition edition (13 Oct 2005)
# Language English
# ISBN-10: 1598630628
# ISBN-13: 978-1598630626
# Product Dimensions: 23.1 x 18.8 x 5.8 cm

N.B: This product was printed in 2005 and so in some respects the info it contains will be a little stale but still a very informative and a very worthwhile read.

P.S: They have it on eBay, a little knowledge is a dangerous thing!

You could try this, I have no idea if its any good, nor if its made in Russia or China (greetings comrades!), but it does say no shareware and no demoware, ie: 100% freeware.

It's a Office Brute Forcer by the looks of it..

http://www.freewordexcelpassword.com

All the other ones look like they cost money, being on Linux limits my experience of having to recover MS-Office passwords as I use Open Office instead and I have never taken the time to password protect something, when I just encrypt it with my PGP key's instead.

-enzo

eCrypt_FS is another great proggie similar to true crypt, if your using an encrypted file system and then use GnuPG standards on everything your shoveling into that filing system, then the cipher chaining method would stop people in there tracks anyway.

Who the hell would want to waste there time trying to break into an encrypted filing system knowing everything else in that filing system has also been encrypted with huge keys that are simply unavailable. The expression that flys to my mind is "rots of ruck!"