Tuesday, September 25, 2007

Links for AITP and FAEDS presentations

Thank all of you for attending my presentation. If you have any questions, please don't hesitate to e-mail me. Here are links to many of the things I talked about and demonstrated along with several that I didn't have time to get to.

My Websites
-----------------------------------
Personal Blog
http://www.johnhsawyer.com

Dark Reading Blog
http://www.darkreading.com/blog.asp?blog_sectionid=447

UF IT Security Team
http://infosec.ufl.edu

Malware Analysis and Sandboxes
-----------------------------------
VirusTotal (submit files for analysis)
http://www.virustotal.com/

CWSandbox - Behavior-based Malware Analysis
http://www.cwsandbox.org/

Anubis: Analyzing Unknown Binaries
http://analysis.seclab.tuwien.ac.at/index.php

Norman Sandbox
http://www.norman.com/microsites/nsic/Submit/en

Mandiant Red Curtain
http://www.mandiant.com/mrc

PEiD
http://www.secretashell.com/codomain/peid/

pefile (for you Python programmers)
http://dkbza.org/pefile.html

Firefox Extensions and SpiderMonkey
-----------------------------------
NoScript
http://noscript.net/

User Agent Switcher
http://chrispederick.com/work/web-developer/

WebDeveloper
http://chrispederick.com/work/web-developer/

SpiderMonkey
http://www.mozilla.org/js/spidermonkey/

Incident Response Tools (& more)
-----------------------------------
Sysinternals
http://www.microsoft.com/technet/sysinternals/default.mspx
(autoruns, tcpview, filemon, regmon, process moniopenports, tor, process explorer, pstools)
Sysinternals Suite (all tools in one download)
http://www.microsoft.com/technet/sysinternals/Utilities/SysinternalsSuite.mspx

DiamondCS
http://www.diamondcs.com.au/consoletools.php
(cmdline, openports)

Wireshark - sniffer and protocol analzer (formerly Ethereal)
http://www.wireshark.org

Helix - CD designed for incident response and forensics (Linux & Windows tools)
http://www.e-fense.com/helix/

Some Security Blogs
-----------------------------------
SANS Internet Storm Center
http://isc.sans.org

Windows Incident Response (Harlan Carvey) - event logs, registry and memory analysis & more
http://windowsir.blogspot.com/

int for(ensic){blog;} (Andreas Schuster) - event logs and memory analysis
http://computer.forensikblog.de/en/

Centralizing Windows Event Logs
-----------------------------------
Series of Posts on DarkReading about logs:
Log Central
http://www.darkreading.com/blog.asp?blog_sectionid=447&doc_id=132446
How to Centralize Windows Event Logs (links to Snare and Lasso)
http://www.darkreading.com/blog.asp?blog_sectionid=447&doc_id=132709
Watch Out for That Log!
http://www.darkreading.com/blog.asp?blog_sectionid=447&doc_id=133005

Miscellaneous Links
-----------------------------------
Metasploit Framework
http://framework.metasploit.com/

VMware (Workstation for Linux & Windows, Fusion for Mac, Server and Player are FREE )
http://www.vmware.com
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)