Technology Tool Kit

Technology Tool Kit (160)

What?

The Technology Tool Kit (TTK) is intended to provide a collection of cyber security tools and guidance on their utilization.
  • OpenSource Cyber Security Tool Repository
  • Educational Awareness on Cyber Security Tool Utilization
  • Reference Materials for Cyber Security Tools
  • Map Legal and Regulatory Controls to Tools

Why?

Increase security awareness while reducing risk and ensuring budgets are focused on capabilities that provide optimal ROI.

Who?

The collection will be stocked with free and open source tools and made available to InfraGard members.

When?

Tools have being collected into the initial list, and published here. The TTK will be an ongoing program with continuous improvement efforts.

Children categories

Anonymizer

Anonymizer (1)

An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet. It accesses the Internet on the user's behalf, protecting personal information by hiding the client computer's identifying information.

View items...
Anti Malware

Anti Malware (8)

Detection and Removal of Viruses, Worms, Trojans, Rootkits, Dialers and Spyware

View items...
Configuration Management

Configuration Management (0)

Solution that let you define the state of a system via a baseline. Then you can monitor and alert for changes with an option to automatically enforce the correct configuration to ensure the right services are up and running, on the right platforms. This can ensure that correct security configurations remain in place and also assist in intrusion detection.

View items...
Encrypted Communication

Encrypted Communication (2)

Secure communication is when two entities are communicating and do not want a third party to listen in. For that they need to communicate in a way not susceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what was said.

View items...
Firewalls

Firewalls (3)

A firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted.

View items...
Forensics

Forensics (4)

Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.

View items...
Fuzzers

Fuzzers (2)

Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. There are two forms of fuzzing program, mutation-based and generation-based, which can be employed as white-, grey-, or black-box testing.

View items...
Malware Analysis

Malware Analysis (2)

Sandbox environments that can be used to investigate suspicious files. Generally will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

View items...
Packet Crafting

Packet Crafting (6)

Packet crafting is a technique that allows network administrators or hackers to probe firewall rule-sets and find entry points into a targeted system or network. This is done by manually generating packets to test network devices and behaviour, instead of using existing network traffic.

View items...
Packet Sniffers

Packet Sniffers (10)

A packet analyzer (network analyzer, protocol analyzer, Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content.

View items...
Password Crackers

Password Crackers (13)

Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A common approach (brute-force attack) is to repeatedly try guesses for the password.

View items...
Password Safe

Password Safe (0)

Repository for encrypted, centralized storage of passwords.

View items...
Phishing

Phishing (1)

Software that indicates the potential presence of a rootkit on the system.

View items...
Port Scanner

Port Scanner (9)

A port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it.

View items...
Proxy

Proxy (0)

A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. Proxies were invented to add structure and encapsulation to distributed systems.

View items...
Recon

Recon (7)

Reconnaissance is the military term for exploring beyond the area occupied by friendly forces to gain vital information about enemy forces or features of the environment for later analysis and/or dissemination. In IT we explore to identify and gather as much data as we can through as many resources as we can identify including search engines, social media, public domain data, marketing information, company news releases, etc.

View items...
Reference

Reference (8)

Reference guides and links to cheat sheets for common commands or code in standard languages.

View items...
Rootkit Detectors

Rootkit Detectors (1)

Software that indicates the potential presence of a rootkit on the system.

View items...
Screen Recording

Screen Recording (2)

Screen recording can be useful when you need to record a how-to video to help someone learn how to use a program, record a walkthrough, or prepare for a presentation. Record here means you can create a video of whatever you are doing on your desktop, save the recording as a video file and send it to a coworker or upload it on YouTube.

View items...
Traffic Monitoring

Traffic Monitoring (5)

Solution that let you define the state of a system via a baseline. Then you can monitor and alert for changes with an option to automatically enforce the correct configuration to ensure the right services are up and running, on the right platforms. This can ensure that correct security configurations remain in place and also assist in intrusion detection.

View items...
Vulnerability Analysis

Vulnerability Analysis (19)

A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. Some of the solutions alsp provide the ability to exploit the vulnerability once identified, e.g. Metasploit. See also Web Vulnerability Scanners, which are designed to scan web applications.

View items...
Web Vulnerability Scanners

Web Vulnerability Scanners (21)

A web vulnerability scanner is a computer program designed to assess web applications for weaknesses. They can be run either as part of vulnerability management by those tasked with protecting systems - or by black hat attackers looking to gain unauthorized access.

View items...
Wireless Analysis

Wireless Analysis (5)

Solution that let you define the state of a system via a baseline. Then you can monitor and alert for changes with an option to automatically enforce the correct configuration to ensure the right services are up and running, on the right platforms. This can ensure that correct security configurations remain in place and also assist in intrusion detection.

View items...

Ettercap is a comprehensive suite for man in the middle attacks. It features sniffing of live connections, content filtering on the fly and many other interesting tricks. It supports active and passive dissection of many protocols and includes many features for network and host analysis.

Tuesday, 09 June 2015 00:51 Written by in Packet Sniffers

eXait is a benchmark-like tool to test anti-instrumentation techniques

Wednesday, 10 June 2015 01:05 Written by in Vulnerability Analysis

Exomind is a tool designed to deliver targetted phising attacks through social networks. In order to do this we must first retrieve information from them in an OSINT fashion, this information is then used to impersonate key individuals whose fake online profiles can be used as the delivery medium for links into handcrafted webpages.

The most sophisticated attack that we have implemented so far is a sub-network replication attack, this means we are not only impersonating one individual, but also creating fake profiles for a big-enough part of his subnetwork. This lets us detach from profiles of real people who may perceive the attack, and also gives us more control on the topology of the network. # gutes is our attack target gutes = Graph.TwitterProfile("http://twitter.com/gutes")

# exomind is the user that will impersonate gutes. # cloneProfile clones the look and feel (theme, image, colors, etc...) exomind = Graph.ControlledTwitterProfile("http://twitter.com/exomindtest1", "password") exomind.cloneProfile(gutes)

# Test cloneFollowingStealth # We first instantiate the bots for the profiles Exomind controls exoclone = Graph.ControlledTwitterProfile("http://twitter.com/exomindclone", "password") exoclone1 = Graph.ControlledTwitterProfile("http://twitter.com/exomindclone1", "password") exoclone2 = Graph.ControlledTwitterProfile("http://twitter.com/exomindclone2", "password") exoclone3 = Graph.ControlledTwitterProfile("http://twitter.com/exomindclone3", "password") exoclone4 = Graph.ControlledTwitterProfile("http://twitter.com/exomindclone4", "password") exoclone5 = Graph.ControlledTwitterProfile("http://twitter.com/exomindclone5", "password")

#  Then for each user of the real sub-network we want to clone and follow, a bot # is asisnged to that user. That can be done using the id or the screen-name of # the target user. followersTest = { 17157238 : exoclone, "axelbrz":exoclone1,                  "MarioVilas":exoclone2, "eglinsky":exoclone3,                  "tutterr":exoclone4, "whead":exoclone5,} exomind.cloneFollowingStealth(gutes, followersTest)

Wednesday, 10 June 2015 01:09 Written by in Screen Recording

Exomind is a tool designed to deliver targeted phishing attacks through social networks. In order to do this we must first retrieve information from them in an OSINT fashion, this information is then used to impersonate key individuals whose fake online profiles can be used as the delivery medium for links into handcrafted webpages.

Sunday, 21 June 2015 15:28 Written by in Phishing

The Exploit Database (EDB) – an ultimate archive of exploits and vulnerable software. A great resource for penetration testers, vulnerability researchers, and security addicts alike. Their aim is to collect exploits from submittals and mailing lists and concentrate them in one, easy to navigate database.

Includes the Google Hacking Database (GHDB)

Sunday, 21 June 2015 15:50 Written by in Vulnerability Analysis

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.
EyeWitness is designed to take a file, parse out the URLs, take a screenshot of the web pages, and generate a report of the screenshot along with some server header information.
EyeWitness is able to parse three different types of files, a general text file with each url on a new line, the xml output from a NMap scan, or a .Nessus file.
EyeWitness will generate a report based on the screenshots it was able to grab, and will provide the header information alongside it.
- Part of Kali Linux

Sunday, 21 June 2015 16:00 Written by in Web Vulnerability Scanners

A Tool For Mass Password Auditing of Windows Systems. Shuts down and restarts AV to run.

Sunday, 21 June 2015 16:16 Written by in Password Crackers

The free web debugging proxy for any browser, system or platform

Sunday, 21 June 2015 16:19 Written by in Web Vulnerability Scanners

Fierce is designed specifically to pinpoint likely targets inside and outside a corporate network. It is essentially a reconnaissance tool, a PERL script built to scan domains within minutes, using a variety of tactics.

Sunday, 21 June 2015 16:27 Written by in Recon

Fix security issues to protect and secure Windows automatically
Diagnose and repair Windows security problems by turning on UAC, DEP protection, Windows Firewall and other Windows security options and features. Find other automated solutions
 What it fixes...
•Checks Windows security features and enables them if needed
•Phishing or Smartscreen filters
•User Account Control (UAC)
•Data Execution Prevention (DEP)
•Windows Firewall
•Antivirus protection status and updates

Sunday, 21 June 2015 16:28 Written by in General Purpose / Utility

Warranty Disclaimer

Warranty Disclaimer: The FBI, InfraGard, and its affiliates provide information, including but not limited to software, documentation, training, and other guidance to be known as “materials”. The materials are provided as-is and we expressly disclaim any and all warranties, express or implied, including, and without limitation, the implied warranties of merchantability, fitness for a particular purpose, non-infringement, quiet enjoyment, and integration, and warranties arising out of course of dealing or usage of trade. You agree that, as between you and the FBI, InfraGard, and its affiliates, you are responsible for the outcome of the use of materials made available, including but not limited to adherence to licensing requirements, and taking legal and regulatory considerations into account. There is no guarantee of accuracy, completeness, timeliness, or correct sequencing of the information provided.