Technology Tool Kit

Technology Tool Kit (160)

What?

The Technology Tool Kit (TTK) is intended to provide a collection of cyber security tools and guidance on their utilization.
  • OpenSource Cyber Security Tool Repository
  • Educational Awareness on Cyber Security Tool Utilization
  • Reference Materials for Cyber Security Tools
  • Map Legal and Regulatory Controls to Tools

Why?

Increase security awareness while reducing risk and ensuring budgets are focused on capabilities that provide optimal ROI.

Who?

The collection will be stocked with free and open source tools and made available to InfraGard members.

When?

Tools have being collected into the initial list, and published here. The TTK will be an ongoing program with continuous improvement efforts.

Children categories

Anonymizer

Anonymizer (1)

An anonymizer or an anonymous proxy is a tool that attempts to make activity on the Internet untraceable. It is a proxy server computer that acts as an intermediary and privacy shield between a client computer and the rest of the Internet. It accesses the Internet on the user's behalf, protecting personal information by hiding the client computer's identifying information.

View items...
Anti Malware

Anti Malware (8)

Detection and Removal of Viruses, Worms, Trojans, Rootkits, Dialers and Spyware

View items...
Configuration Management

Configuration Management (0)

Solution that let you define the state of a system via a baseline. Then you can monitor and alert for changes with an option to automatically enforce the correct configuration to ensure the right services are up and running, on the right platforms. This can ensure that correct security configurations remain in place and also assist in intrusion detection.

View items...
Encrypted Communication

Encrypted Communication (2)

Secure communication is when two entities are communicating and do not want a third party to listen in. For that they need to communicate in a way not susceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what was said.

View items...
Firewalls

Firewalls (3)

A firewall is a software or hardware-based network security system that controls the incoming and outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is not assumed to be secure and trusted.

View items...
Forensics

Forensics (4)

Computer forensics is a branch of digital forensic science pertaining to legal evidence found in computers and digital storage media. The goal of computer forensics is to examine digital media in a forensically sound manner with the aim of identifying, preserving, recovering, analyzing and presenting facts and opinions about the digital information.

View items...
Fuzzers

Fuzzers (2)

Fuzz testing or fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. There are two forms of fuzzing program, mutation-based and generation-based, which can be employed as white-, grey-, or black-box testing.

View items...
Malware Analysis

Malware Analysis (2)

Sandbox environments that can be used to investigate suspicious files. Generally will provide you back some detailed results outlining what such file did when executed inside an isolated environment.

View items...
Packet Crafting

Packet Crafting (6)

Packet crafting is a technique that allows network administrators or hackers to probe firewall rule-sets and find entry points into a targeted system or network. This is done by manually generating packets to test network devices and behaviour, instead of using existing network traffic.

View items...
Packet Sniffers

Packet Sniffers (10)

A packet analyzer (network analyzer, protocol analyzer, Ethernet sniffer or wireless sniffer) is a computer program or a piece of computer hardware that can intercept and log traffic passing over a digital network or part of a network. As data streams flow across the network, the sniffer captures each packet and, if needed, decodes the packet's raw data, showing the values of various fields in the packet, and analyzes its content.

View items...
Password Crackers

Password Crackers (13)

Password cracking is the process of recovering passwords from data that have been stored in or transmitted by a computer system. A common approach (brute-force attack) is to repeatedly try guesses for the password.

View items...
Password Safe

Password Safe (0)

Repository for encrypted, centralized storage of passwords.

View items...
Phishing

Phishing (1)

Software that indicates the potential presence of a rootkit on the system.

View items...
Port Scanner

Port Scanner (9)

A port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by attackers to identify running services on a host with the view to compromise it.

View items...
Proxy

Proxy (0)

A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource available from a different server and the proxy server evaluates the request as a way to simplify and control its complexity. Proxies were invented to add structure and encapsulation to distributed systems.

View items...
Recon

Recon (7)

Reconnaissance is the military term for exploring beyond the area occupied by friendly forces to gain vital information about enemy forces or features of the environment for later analysis and/or dissemination. In IT we explore to identify and gather as much data as we can through as many resources as we can identify including search engines, social media, public domain data, marketing information, company news releases, etc.

View items...
Reference

Reference (8)

Reference guides and links to cheat sheets for common commands or code in standard languages.

View items...
Rootkit Detectors

Rootkit Detectors (1)

Software that indicates the potential presence of a rootkit on the system.

View items...
Screen Recording

Screen Recording (2)

Screen recording can be useful when you need to record a how-to video to help someone learn how to use a program, record a walkthrough, or prepare for a presentation. Record here means you can create a video of whatever you are doing on your desktop, save the recording as a video file and send it to a coworker or upload it on YouTube.

View items...
Traffic Monitoring

Traffic Monitoring (5)

Solution that let you define the state of a system via a baseline. Then you can monitor and alert for changes with an option to automatically enforce the correct configuration to ensure the right services are up and running, on the right platforms. This can ensure that correct security configurations remain in place and also assist in intrusion detection.

View items...
Vulnerability Analysis

Vulnerability Analysis (19)

A vulnerability scanner is a computer program designed to assess computers, computer systems, networks or applications for weaknesses. Some of the solutions alsp provide the ability to exploit the vulnerability once identified, e.g. Metasploit. See also Web Vulnerability Scanners, which are designed to scan web applications.

View items...
Web Vulnerability Scanners

Web Vulnerability Scanners (21)

A web vulnerability scanner is a computer program designed to assess web applications for weaknesses. They can be run either as part of vulnerability management by those tasked with protecting systems - or by black hat attackers looking to gain unauthorized access.

View items...
Wireless Analysis

Wireless Analysis (5)

Solution that let you define the state of a system via a baseline. Then you can monitor and alert for changes with an option to automatically enforce the correct configuration to ensure the right services are up and running, on the right platforms. This can ensure that correct security configurations remain in place and also assist in intrusion detection.

View items...

Use Google for recon

Sunday, 21 June 2015 16:45 Written by in Recon

A tool for automated security scanning of web applications. Many features are also present for manual penetration testing.

Sunday, 21 June 2015 16:47 Written by in Web Vulnerability Scanners

Hasher allows you to generate a hash in a hashing algorithm that you choose, with a cleartext string of your choice, all locally on your machine.  Additionally, Hasher lets you compare a cleartext string with a hashed value to determine if they match, again, all locally to your machine.  One item to note, Hasher is NOT designed to be a password/hash cracking program.  It’s designed for locally creating hashed, or comparing passwords and hashes locally, not for cracking passwords.

Current supported hashing algorithms:

  • md5
  • sha1
  • sha256
  • sha512
  • ntlm
  • msdcc
  • msdcc2
  • md5_crypt
  • sha1_crypt
  • sha256_crypt
  • sha512_crypt
  • MSSQL2000
  • MSSQL2005
  • MySQL v3.2.3
  • MySQL v4.1
  • Oracle 10G
  • Oracle 11G
  • Postgres_md5
Sunday, 21 June 2015 16:51 Written by in General Purpose / Utility

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from the database, execute SQL statements against the server, and even access the underlying file system and execute operating system shell commands.

The distinctive power of Havij that differentiates it from similar tools lies in its unique methods of injection. The success rate of attack on vulnerable targets using Havij is above 95%. The user friendly GUI (Graphical User Interface) of Havij and its automated configuration and heuristic detections make it easy to use for everyone even amateurs.

Friday, 26 June 2015 11:33 Written by in Web Vulnerability Scanners

HeapDraw was originally created as a postmortem analisys tool, to see how the heap evolved during the life of a process. The idea is that although we may be used to textual output, like that of ltrace or a malloc/free hooking library, it's much better to see it graphically (in fact I used to make drawings by hand until I realized "WTF am I doing? I have a computer to do it for me!").

HeapTracer is the new name, after it became a runtime analysis tool.

In the image you can see an example. It's the heap of ping. The 4 spikes correspond to the 4 packets sent. Before the first spike you can see the initialization, and after the last, the evolution of the heap for the final phase.

In this release you can find four different versions of HeapDraw/HeapTracer, all including full sourcecode: •Windows postmortem native version. •Linux postmortem native version. •IDA plugin, for doing runtime analisys (only Windows version for Windows appliations) •An unfinished python version.

If you are an IDA fan, and like developing for it, you may find interesting the IDA Plugin version, as it's a relatively complex example of an IDA debugging plugin which opens an OpenGL window to make drawings.

Friday, 26 June 2015 11:47 Written by in General Purpose / Utility

Heappie! is an exploit-writing-oriented memory analysis tool. It assists vulnerability researchers in tracking heap sprays (as well as other memory patterns) by providing visualization of the memory state. Moreover, as samples are generated for each memory state, Heappie! can analyze these together and obtain their intersection. With this feature one can easily find commonalities between several runs, even when switching between software versions or platforms.

Features description

 Heappie! counts with two main analysis types:

•Attach to a process

When using this type of analysis, Heappie! will attach to a selected process after which it starts analyzing its memory. Users can choose to start the analysis immediately or to start after an exception occurs.

This option is very useful when trying to add reliability to an almost-ready exploit by testing it against different platforms/software versions. Usually, the heap spray takes place just before triggering the vulnerability so if it is just a POC: the heap spray will occur, the exception will be raised and Heappie! will start the analysis. If the exploit is already working, you can replace the first byte of the shellcode for a xcc (int 3) to generate a Breakpoint exception.

•Import memory dump

This option lets the user analyze raw memory dumps generated in almost every existent platform/architecture. The mechanism of Heappie! is extremely simple: It finds memory patterns and shows the contiguous data chunks as blocks so users don't have to run Heappie! on the target platform to obtaion this information. Users can generate the memory dump with any available tool (gdb, for example, supports most of the platforms out there) and then analyze it with Heappie! in another platform.

Use cases •Tracking of memory patterns/heap-sprayed memory •Localization of common heap-sprayed addresses between different scenarios (memory states, versions, platforms and architectures) •Visualization of scattered shellcodes (using placeholders)

Friday, 26 June 2015 12:12 Written by in Vulnerability Analysis

A new security risk assessment (SRA) tool to help guide health care providers in small to medium sized offices conduct risk assessments of their organizations is now available from HHS.

The SRA tool is the result of a collaborative effort by the HHS Office of the National Coordinator for Health Information Technology (ONC) and Office for Civil Rights (OCR). The tool is designed to help practices conduct and document a risk assessment in a thorough, organized fashion at their own pace by allowing them to assess the information security risks in their organizations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule.

Friday, 26 June 2015 12:18 Written by in Reference

Honeyd is a small daemon that creates virtual hosts on a network. The hosts can be configured to run arbitrary services, and their personality can be adapted so that they appear to be running certain operating systems. Honeyd enables a single host to claim multiple addresses -  tested up to 65536 - on a LAN for network simulation.

Friday, 26 June 2015 12:23 Written by in Intrusion Detection

Command-line oriented TCP/IP packet assembler/analyzer. The interface is inspired to the ping(8) Unix command, but hping isn't only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Friday, 26 June 2015 12:25 Written by in Packet Crafting

Hushmail can protect you against a variety of security hazards
Protect yourself
Hushmail can protect you against eavesdropping, government surveillance, unauthorized content analysis, identity theft and email forgery. But using Hushmail does not put you above the law. After reading the information below, please take the time to read our policy on illegal activity.
Eavesdropping on your Internet connection
When you are using Hushmail, the connection between your computer and the Hushmail server is protected by encryption. That means that if someone is eavesdropping on your Internet connection, they will not be able to read the traffic that you send to the Hushmail website. This is especially important if you are using your computer on a public or office network, or if you are using a wireless connection that is not encrypted.
Government surveillance programs
In some countries, government sponsored projects have been set up to collect massive amounts of data from the Internet, including emails, and store them away for future analysis. This data collection is done without any search warrant, court order, or subpoena. Hushmail uses HTTPS to help protect your email from that kind of broad government surveillance.
Unauthorized content analysis
When a Hushmail user sends email to another Hushmail user, the body and attachments of the email remain encrypted when they are stored on the hard drives of the Hushmail servers. That means that Hushmail won’t scan your email to collect information for advertising or other purposes.
Data theft
Hushmail can help protect your sensitive data from hackers and identity thieves who try to break into servers and steal large amounts of user data that they can mine for useful information. No system in the world is 100% “unhackable” and anyone who tells you otherwise is being disingenuous. However, some systems are harder to hack than others. In most email systems, once a hacker gains access to the server upon which your email is stored, the email can quickly be copied off the server and read. Hushmail encrypted emails are not so easy to capture, because your passphrase is needed for decryption. The hacker would have to gain control over the software of our system, alter it, and remain undetected until the next time you come back, in hopes of stealing your passphrase the next time that you enter it. That would be a much more difficult task than simply getting in, copying data, and leaving.
Email forgery
Spammers often send emails that look like they come from someone else. If you get an email that looks like it comes from an address of someone you know, there is no guarantee that it actually does. When you send email using Hushmail, you can “digitally sign” the email. That digital signature proves that the email actually came from the true owner of the email account.
FREE – 25 MB storage, no third-party advertising. You’re welcome to evaluate Hushmail for as long as you need to, but you must sign in at least once every three weeks

Friday, 26 June 2015 12:26 Written by in Encrypted Communication
Page 4 of 12

Warranty Disclaimer

Warranty Disclaimer: The FBI, InfraGard, and its affiliates provide information, including but not limited to software, documentation, training, and other guidance to be known as “materials”. The materials are provided as-is and we expressly disclaim any and all warranties, express or implied, including, and without limitation, the implied warranties of merchantability, fitness for a particular purpose, non-infringement, quiet enjoyment, and integration, and warranties arising out of course of dealing or usage of trade. You agree that, as between you and the FBI, InfraGard, and its affiliates, you are responsible for the outcome of the use of materials made available, including but not limited to adherence to licensing requirements, and taking legal and regulatory considerations into account. There is no guarantee of accuracy, completeness, timeliness, or correct sequencing of the information provided.