I frequently give talks about cybersecurity. During these talks I mention (and sometimes live-demo) various tools hackers and security researchers use, as well as tools used to prevent or mitigate attacks. Here is a partial list of the tools I mention. This is by no means an exhaustive list. As with the rest of this blog, opinions here are my own.
Last update: January 9, 2018
- Email harvesting - TheHarvester by Edge Security
- Vulnerability scanning - Nessus by Tenable
- Penetration testing - Metasploit by Rapid7.
- Viruses to download - VirusShare.com WARNING: these are real viruses. Do not run anything from this site on a device you care about.
- Twitter locations - GeoSocial Footprint
- Corporate website IT job listings - look at your target’s job listings for IT staff to identify potential attack vectors
- Password management - 1password, Dashlane
- Endpoint security - Cisco Umbrella in addition to antivirus software and software firewall.
- Adopt principle of least privilege.
- Use two-factor authentication when possible!