COURSE NOTES

Here are some course notes I offer to my students, either highlights or for more information.Check
www.bluenotch.com/resources for downloadable papers and presentations.

GENERAL LINKS:
SANS portal (access to mp3s, etc.)
GIAC Gold Certification

Networking Things

TCP/IPv4 Pocket Reference IPv6 Quick Reference
James Summer's networking reference
netdude is a graphical packet editing tool
Hunt 1.5 tarball (TCP session hijack Proof of Concept
DNS creativity by Dan Kaminsky Cisco's
Content Services Switch FAQ (Application Layer filtering device).
Cisco Global Exploiter
Current Bogon list (Bogus Networks)

Josh Wright's perl script for examining packets
My own cheesy perl script for examining IPv4/TCP headers
traffic samples

Wireless Things

http://www.wigle.net has geographic mapping info for wireless
New WEP accelerated attack (new from April 2007)
Renderman's WPA tables (top 1000 SSID passphrase pre-computed)
Migrating from WEP to WPA2 ( free webcast)
Broadband hardware database - good breakdown of features of broadband devices that includes many wireless APs
WPA2 notes for XP Service Pack 2 -- This article is an example of WPA2 on XP. The AP they talk about is the DGL-4300 (a pretty decent AP). There is a link to the KB article for WPA2 on XP along with a quickfix.
La Fonera maps - La Fonera is a social 802.11 project where everyone in the "club" can share their access. Sounds like a violation of your ISP's use agreement, but interesting idea.
www.loki.com is an interesting project to figure location from the "wi-fi profile" in your area.
DS-USB vs. 802.11n article on the future of high-bandwidth wireless devices
More wi-fi links from Raul Siles, GSE

The APs we played with in class:

Malware Things

What a botnet looks like

My DLL Injection demonstration.
REC is an open source decompiler.

Gozi Trojan summary analysis.

Web Things

Open Web Application Security Project has WebGoat and WebScarab for web application security testing

Hacking Things

USB U3 pwdump howto for dumping passwords with USB U3 autorun devices

Ed's WMIC webcast

Intelguardians preliminary work leading to
VMware escape and
closer, Monty McDougal's
take on the situation.
Paterva's Maltego which is a relationship search engine of sorts.

@tlas's Defcon 2006 slides.
fmtbuilder is a utility to help you building format strings used in attacks, and a decent
howto that is different than the one in class. some
remote hacking games
My DLL Injection demonstration.

Forensic Things

http://www.libforensics.org ". . . is a framework for developing computer forensics applications."

Brian Carrier's book (sample chapter available)
James Summer's packet reference
Chris Betz's memparser (older 1.0 sourcecode ?)
Python framework for forensic analysis
www.forensicblog.org
Data Triage E-Discovery Blog
Another forensics blog
A good mobile forensics blog
Commands to use when investigating a Motorola RAZR Paper on
Cell Phone Forensic Tools published on http://csrc.nist.gov

Intro to File System Forensics presentation for UUASC - LA Chapter on May 1, 2008

Maltego is a great research tool, and don't forget about personal information in zabasearch.com and
archive.org

Hot Plug (UPS kit to keep machines running and portable--just in case there is any encryption that is already opened, it will stay open!
dc3dd is a project that has dcfldd style functionality but in the form of patches to gnu dd.
mdd is a project that reads memory well for live RAM acquisition on recent versions of Windows
DaisyDukes is a toolkit from the
Intel Guardians folks to acquire an image of inactive DRAM . . .

Current top-end Forensic laptop
Drive/Media adapter for USB

Law Things

http://www.krollontrack.com has the incident handling/forensic case law newsletter
Supplemental Canadian Law slides Some other thoughts about Canadian Law:
General interpretation of viral software
Computer Software Copyright
PIPEDA US States breach laws summary