System Rescue CD

System Rescue CD – is a Linux system on a bootable CD-ROM for repairing your system and recovering your data after a crash. It aims to provide an easy way to carry out admin tasks on your computer, such as creating and editing the partitions of the hard disk. It contains a lot of system utilities (parted, partimage, fstools, …) and basic tools (editors, midnight commander, network tools). It is very easy to use: just boot the CDROM. The kernel supports most of the important file systems (ext2/ext3, reiserfs, reiser4, xfs, jfs, vfat, ntfs, iso9660), as well as network filesystems (samba and nfs).

FireCAT (Firefox Catalog of Auditing exTensions)

FireCAT (Firefox Catalog of Auditing Toolbox) is a Firefox Framework Map collection of the most useful security oriented extensions.
Some of the categories included with FireCAT addons are:

  • Information Gathering
  • Proxying / Web Utilities
  • Security auditing
  • Network Utilities

Some of the tools I have found very handy are:

  • Host IP and Show IP info (displays the sites IP Address)
  • Firekeeper (IDS/IPS for Firefox)
  • FireGPG (encrypt, decrypt, sign or verify the signature of text in any web page using GnuPG)

Visit Security Database website for more info:,302.html

Handy Netstat Commands

The Netstat command displays active connections, ports, IP routing table and much more. When running the command you can be overwhelmed by the output, especially on Unix/Linux based systems.

To filter out the noise, you can use certain syntax to provide only the results you want to see. For example I use the following to see only SMTP port 25 connections:

netstat -an -p TCP | find ":25"

To see what connections are coming from a specific IP address say

netstat -an -p TCP | find ""

On a Linux system you can simply use grep e.g.

netstat -an -p TCP | grep ""
netstat -atve
netstat -tulpn | grep :53

Here is the complete example list from the Windows help file:
The usual windows netstat output:
Displays protocol statistics and current TCP/IP network connections.

NETSTAT [-a] [-b] [-e] [-n] [-o] [-p proto] [-r] [-s] [-t] [-v] [interval]

-a Displays all connections and listening ports.
-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient
-e Displays Ethernet statistics. This may be combined with the -s
-n Displays addresses and port numbers in numerical form.
-o Displays the owning process ID associated with each connection.
-p proto Shows connections for the protocol specified by proto; proto
may be any of: TCP, UDP, TCPv6, or UDPv6. If used with the -s
option to display per-protocol statistics, proto may be any of:
IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, or UDPv6.
-r Displays the routing table.
-s Displays per-protocol statistics. By default, statistics are
shown for IP, IPv6, ICMP, ICMPv6, TCP, TCPv6, UDP, and UDPv6;
the -p option may be used to specify a subset of the default.
-t Displays the current connection offload state.
-v When used in conjunction with -b, will display sequence of
components involved in creating the connection or listening
port for all executables.
interval Redisplays selected statistics, pausing interval seconds
between each display. Press CTRL+C to stop redisplaying
statistics. If omitted, netstat will print the current
configuration information once.

Powershell is a little different:

 netstat -a -n | find `"443`" 

To prevent PowerShell from stripping the double quotes use the grave accent (`) to escape them. You can also use the –% parameter to perform the escape.

 nestat -a -n | find --% "443" 

Web 2.0 is great right?

Web 2.0 best described by the guys that coined it, O’Reilly and “What Is Web 2.0
Design Patterns and Business Models for the Next Generation of Software”
website should provide you with some insight into what exactly it is.

However as with everything these days, the more cooler stuff you add, the more vulnerable it is. Which is highlighted in this article over at Help Net-Security “Top 10 Web 2.0 Attack Vectors“.

So when the powers to be come running into your office with we need to have this Web 2.0 stuff because everyone else has it! Remember the attack vectors associated with it and ensure you provide a risk assessment and if possible business case to either justify it’s usefulness vs security risk… in plain English do we really need this stuff?

No doubt in just about all cases there are going to be some components of Web 2.0 that will benefit the organisation. You probably really do need some of them and/or have no choice in the matter and you may already be using some of them.

Just don’t forget to apply the security principles to Web 2.0 that you are using on your network.

Yes I’m using Web 2.0 here by blogging 🙂 for searching code

Google now has a new search tool

I’m sure this may be of use to some coders and I’m also sure it’s of even greater use for the bad guys!! Many Security experts are warning about the ease of obtaining code and other information.

A great book by Johnny Long “Google Hacking for Penetration Testers” highlights the current dangers of Google. I think he might be adding a new chapter for the next edition!