13 August 2005
11 August 2005
The Honeynet Project
by xenomorphThe Honeynet Project is a non-profit (501c3) organization dedicated to improving the security of the Internet by providing cutting-edge research for free. Founded in October, 1999 we have been providing the following services for free to the public.
Government Security
by xenomorph & 1 otherNetwork security articles and hacking prevention resources for the government and general public. Covering all aspects of Computer Hacking, including tutorials and exploit downloads.
Security Forums :: Security Related Information Portal
by xenomorphComputer Security Forum, Firewalls, Encryption, IDS, Linux, Windows, Hardware, Software.
.:[Security-Protocols]:.
by xenomorph# Advisories
# Backend RSS
# Downloads
# Exploits
# Feedback
# Free Shells
# Gallery
# IP Index
# Library
# Password Generator
# Private Messages
# Recommend Us
# Security Services
# Stories Archive
# Security Store
# Submit News
# Text Files
# Top10
# Topics
# Tutorials
# UNIX Man Pages
# Web Links
# WhitePapers
Network Security and BS7799 / ISO 17799 News
by xenomorphPacketDefense:
Information Security and BS7799 / ISO 17799 News
BindView - RAZOR
by xenomorphIndustry-leading software solutions mean superior business results. And better solutions depend on solid research. BindView's elite RAZOR team delivers the cutting edge in security research. In an ongoing commitment to superiority, RAZOR develops the vulnerability checks, best practices, and compliance algorithms behind BindView's solutions.
iDEFENSE : VCP
by xenomorphVCP
iDEFENSE recognizes that there is an abundance of technical security knowledge concerning undisclosed vulnerabilities and exploit code that are constantly discovered or created by individuals and security groups. Some of this information may see the light of day on security mailing lists or eventually be disclosed as the result of a post-mortem analysis of a compromised computer system.
Our Vulnerability Contributor Program (VCP) compensates individuals who provide iDEFENSE with advance notification of unpublished vulnerabilities and/or exploit code. Alternately, iDEFENSE can donate any earned funds to a charity of the contributor's choice in their name.
Neohapsis Archives
by xenomorph & 1 otherThe Neohapsis Archives is a collection of public mailing lists and vendor announcements. As such, the community at large generates the archival content, not Neohapsis. Most of the content consists of messages sent to popular (public) mailing lists.
Our original intent was to collect mailing lists that we regularly use, and put them in one place - a secure place that would be around for a while. Although Archives has grown into a substantial repository today, the idea is still the same. Our goal is to have a complete, unchanging historical record of information, and to keep it free and accessible for as long as possible.
10 August 2005
SecurityFocus
by xenomorphSecurityFocus is the most comprehensive and trusted source of security information on the Internet. SecurityFocus is a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.
SANS Institute
by xenomorphSANS is the most trusted and by far the largest source for information security training and certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. The SANS (SysAdmin, Audit, Network, Security) Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals, auditors, system administrators, network administrators, chief information security officers, and CIOs who share the lessons they are learning and jointly find solutions to the challenges they face. At the heart of SANS are the many security practitioners in government agencies, corporations, and universities around the world who invest hundreds of hours each year in research and teaching to help the entire information security community.
Internet Security Systems - Research
by xenomorph & 4 othersOnly Internet Security Systems can deliver preemptive security due to our singular focus on security excellence and unwavering commitment to research and development. ISS' security excellence is driven by the world-renowned X-Force research and development team and 24/7 global attack monitoring.
NIAP - NATIONAL INFORMATION ASSURANCE PARTNERSHIP®
by xenomorphIntroducing NIAP
The National Information Assurance Partnership (NIAP) is a U.S. Government initiative originated to meet the security testing needs of both information technology (IT) consumers and producers. NIAP is a collaboration between the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA) in fulfilling their respective responsibilities under PL 100-235 (Computer Security Act of 1987). The partnership combines the extensive IT security experience of both agencies to promote the development of technically sound security requirements for IT products and systems and appropriate measures for evaluating those products and systems.
CERIAS
by xenomorphThe Center for Education and Research in Information Assurance and Security (CERIAS) is currently viewed as one of the world's leading centers for research and education in areas of information security that are crucial to the protection of critical computing and communication infrastructure. CERIAS is unique among such national centers in its multidisciplinary approach to the problems, ranging from purely technical issues (e.g., intrusion detection, network security, etc) to ethical, legal, educational, communicational, linguistic, and economic issues, and the subtle interactions and dependencies among them.
CVE Common Vulnerabilities and Exposures
by xenomorphCommon Vulnerabilities and Exposures (CVE) is:
A list of standardized names for vulnerabilities and other information security exposures - CVE aims to standardize the names for all publicly known vulnerabilities and security exposures.
A Dictionary, NOT a Database - The goal of CVE is to make it easier to share data across separate vulnerability databases and security tools. While CVE may make it easier to search for information in other databases, CVE should not be considered as a vulnerability database on its own merit.
A Community-Wide Effort - The content of CVE is a result of a collaborative effort of the CVE Editorial Board. The Editorial Board includes representatives from numerous security-related organizations such as security tool vendors, academic institutions, and government as well as other prominent security experts. The MITRE Corporation maintains CVE and moderates Editorial Board discussions.
National Vulnerability Database
by xenomorph & 3 othersNVD is a comprehensive cyber security vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources. It is based on the CVE vulnerability naming standard.
OSVDB: The Open Source Vulnerability Database
by xenomorph & 1 otherOSVDB is an independent and open source database created by and for the community.
Our goal is to provide accurate, detailed, current, and unbiased technical information.
Lock Picking
by xenomorphLock picking is almost as much an art as it is a science. You can read all the lock picking instructions and still not be able to open a single lock.
The skill of lock picking involves gaining a good feel for the lock mechanism and the lock picking technique needed to open it. This requires practice and concentration.
The number and variety of locks in current use is staggering, yet the vast majority of locks in use are simple pin-tumbler designs.
Common lock types include:
* Pin-tumbler locks
* Warded locks
* Wafer locks
* Lever locks
* Dial combination locks
* Disc combination locks
* Push-button combination locks
ISECOM - Institute for Security and Open Methodologies
by xenomorph & 1 otherThe Institute for Security and Open Methodologies (ISECOM) is an open-source collaborative community since January 2001 with non-profit status in the USA and Spain. We are dedicated to providing practical security awareness, research, certification and business integrity. ISECOM provides certification, training support, and project support services for non-partisan and vendor-neutral funding of our projects and infrastructure and to assure you our training programs, standards, and best practices are truly neutral of national or commercial influence.
Introduction to Security Risk Analysis & Security Risk Assessment
by xenomorphSecurity risk analysis, otherwise known as risk assessment, is fundamental to the security of any organization. It is essential in ensuring that controls and expenditure are fully commensurate with the risks to which the organization is exposed.
However, many conventional methods for performing security risk analysis are becoming more and more untenable in terms of usability, flexibility, and critically... in terms of what they produce for the user.
This site is intended to explore the basic elements of risk, and to introduce a security risk assessment methodology and tool which is now used by many of the worlds major corporations. It also embraces the use of the same product to help ensure compliance with security policies, external standards (such as ISO 17799) and with legislation (such as Data Protection legislation).
09 August 2005
Lock Picking Guides. Lockpick Library
by xenomorphThe easiest to understand and most comprehensive set of lockpicking guides on the internet. You will learn lock picking secrets so effective that they have been restricted to locksmiths and those "in the know". The Lockpick Library contains over 50 quality guides covering almost every type of locking system commonly in use today and how to pick them.
Treachery Unlimited: A Computer & Network Security Information Site
by xenomorphtreach•er•y, [n]:
1. Willful betrayal of fidelity, confidence, or trust;
2. The act or an instance of such betrayal.
TREACHERY UNLIMITED is founded on one simple principle: "By seeing your defenses through the eyes of your worst enemy, you become your best guardian." This principle is reinforced with the belief that, since attackers make attempts on your systems at no charge, so you should be able to defend your systems at no additional cost.