Cybersecurity Resources
I frequently give talks about cybersecurity. During these talks I mention (and sometimes live-demo) various tools hackers and security researchers use, as well as tools used to prevent or mitigate attacks. Here is a partial list of the tools I mention. This is by no means an exhaustive list. As with the rest of this blog, opinions here are my own.
Last updated April 29, 2018
Offense
- Email harvesting - TheHarvester by Edge Security
- Vulnerability scanning - Nessus by Tenable
- Penetration testing - Metasploit by Rapid7.
- Viruses to download - VirusShare.com WARNING: these are real viruses. Do not run anything from this site on a device you care about.
- Twitter locations - GeoSocial Footprint
- Corporate website IT job listings - look at your target’s job listings for IT staff to identify potential attack vectors
Defense
- Password management - 1password, Dashlane
- Endpoint security - Cisco Umbrella in addition to antivirus software and software firewall.
- Adopt principle of least privilege.
- Use two-factor authentication when possible!
Education
- http://hackallthethings.com/
- http://overthewire.org/wargames/
- http://www.isecom.org/research/
- https://www.owasp.org/index.php/Testing_Checklist
Reports and further reading
- Dan’s Cybersecurity clips - news and opinion pieces I collect online.
- The Financial Management of Cyber Risk - Internet Security Alliance / the American National Standards Institute
- Cost of Data Breach Study - Ponemon Institute / IBM Security
- Data Breach Investigations Report - Verizon