Cybersecurity Resources

I frequently give talks about cybersecurity. During these talks I mention (and sometimes live-demo) various tools hackers and security researchers use, as well as tools used to prevent or mitigate attacks. Here is a partial list of the tools I mention. This is by no means an exhaustive list. As with the rest of this blog, opinions here are my own.

Last updated April 29, 2018

Offense

• Email harvesting - TheHarvester by Edge Security
• Vulnerability scanning - Nessus by Tenable
• Penetration testing - Metasploit by Rapid7.
• Viruses to download - VirusShare.com WARNING: these are real viruses. Do not run anything from this site on a device you care about.
• Twitter locations - GeoSocial Footprint
• Corporate website IT job listings - look at your target’s job listings for IT staff to identify potential attack vectors

Defense

• Password management - 1password, Dashlane
• Endpoint security - Cisco Umbrella in addition to antivirus software and software firewall.
• Adopt principle of least privilege.
• Use two-factor authentication when possible!

Education

• http://hackallthethings.com/
• http://overthewire.org/wargames/
• http://www.isecom.org/research/
• https://www.owasp.org/index.php/Testing_Checklist

Reports and further reading

• Dan’s Cybersecurity clips - news and opinion pieces I collect online.
• The Financial Management of Cyber Risk - Internet Security Alliance / the American National Standards Institute
• Cost of Data Breach Study - Ponemon Institute / IBM Security
• Data Breach Investigations Report - Verizon