SANS InfoSec Reading Room - Tools
Most of the computer security white papers in the Reading Room have been written by students seeking GIAC certification to fulfill part of their certification requirements and are provided by SANS as a resource to benefit the security community at large. SANS attempts to ensure the accuracy of information, but papers are published "as is". Errors or inconsistencies may exist or may be introduced over time as material becomes dated. If you suspect a serious error, please contact
webmaster@sans.org.
Featuring 29 papers as of Feb 10, 2010
Defense in Depth: How Application Whitelisting Can Increase Your Desktop Security
Faronics - November 2009
Capturing and Analyzing Packets with Perl
- By: John Brozycki (posted on January 28, 2010)
-
The steps in setting up a Windows system with Perl and the
necessary add-ons to be able to run and create packet capturing Perl scripts.
Winquisitor: Windows Information Gathering Tool
- By: Michael Cardosa (posted on January 19, 2010)
-
Winquisitor is a tool that facilitates the timely retrieval of information from multiple Windows systems enabling the administrator to respond in an appropriate amount of time. Unlike other command line tools, Winquisitor allows multiple types of queries in a single command
with several output formats.
Building an Automated Behavioral Malware Analysis Environment using Open Source Software
- By: Jim Clausing (posted on June 18, 2009)
-
This paper describes how an automated behavioral malware
analysis environment for analyzing malware targeted at Microsoft Windows can be built using free and open source software.
IOScat - a Port of Netcat's TCP functions to Cisco IOS
- By: Robert Vandenbrink (posted on May 29, 2009)
-
This paper outlines both how IOScat was written, and how it can be used for both Penetration Testing and System Administration.
IOSMap: TCP and UDP Port Scanning on Cisco IOS Platforms
- By: Robert VandenBrink (posted on November 18, 2008)
-
Developing a Snort Dynamic Preprocessor
- By: Daryl Ashley (posted on August 20, 2008)
-
OS and Application Fingerprinting Techniques
- By: Jon Mark Allen (posted on September 27, 2007)
-
Nessus Primer with the NessusWX Client
- By: Cecil Stoll (posted on September 16, 2004)
-
The focus of this paper will be to proactively seek out known vulnerabilities on the end systems and the processes running on them.
An Ettercap Primer
- By: Duane Norton (posted on June 9, 2004)
-
Ettercap is a versatile network manipulation tool. It uses its ability to easily perform man-in-the-middle (MITM) attacks in a switched LAN environment as the launch pad for many of its other functions.
Managing Peer-to-Peer Applications in Dormitory Networks
- By: Wayne Lai (posted on March 9, 2004)
-
Network security for dormitory networks have similar but special network security implications than the typical network.
Demystifying security tools: Should I use commercial or freeware?
- By: Sang Han (posted on October 31, 2003)
-
In this paper, I will touch upon why all network administrators need to incorporate security tool usage into their daily practices to help secure their environment.
Virtually Free Network Security Software - For the *nix disinclined
- By: Dennis W. McHugh (posted on October 31, 2003)
-
This paper discusses some of the tools that have become a part of my personal toolkit that provide me with the ability to detect or verify different attacks and vulnerabilities as well as give me information necessary to report the attacks to the proper authorities.
Netprowler--A Look at Symantec's Network Based IDS
- By: Eric Biedermann (posted on October 31, 2003)
-
This paper examines the features and capabilities of the Netprowler IDS, reviews common types of attacks and looks at an example of a typical intrusion scenario.
Intrusion Detection using ACID on Linux
- By: Rusty Scott (posted on October 31, 2003)
-
This paper addresses a set of security practices that includes a number of key features mentioned in the SANS defense in depth model.
PhoneSweep: The Corporate War Dialer
- By: Greg Hodes (posted on October 31, 2003)
-
The unsecured modem provides a weak and often overlooked avenue into some of the most secure networks as discussed in this paper.
An Overview of SecureIIS - Are We Really Secured Now?
- By: Zul Azhan Suhaimi (posted on October 31, 2003)
-
The objective of this practical paper is to understand how our IIS can be protected using an application firewall.
Using Basic Security Module (BSM), Tripwire, System Logs, and Symantec's ITA for Audit Data C
- By: Philip DiFato (posted on October 31, 2003)
-
The primary focus of this paper is to provide host based set of tools auditing trace records of attempted attacks on a secured network of Solaris boxes.
Network Monitoring with Nagios
- By: Scott V. Seglie (posted on October 31, 2003)
-
Nagios is a network-monitoring tool that allows administrators the ability to examine computers, routers, printers, and services.
Stop Port Scans with LaBrea
- By: Jim McClurg (posted on October 31, 2003)
-
LaBrea is one of the best ideas in security retaliation.
Tools, Tools, and TOOLS!!
- By: Firas Shaheen (posted on October 31, 2003)
-
This paper provides a quick reference on popular tools (IDSes, Firewalls, Exploits, Scanners, Reconnaissance, Password crackers, Auditing, etc.), with a brief explanation on how they work, and where to get them.
Pocket Nessus
- By: Tony Enriquez (posted on October 31, 2003)
-
The purpose of this paper is to introduce a particular set of tools that can be used to secure your network.
netForensics - A Security Information Management Solution
- By: Michael B. Godfrey (posted on October 31, 2003)
-
This paper discusses netForensics, a security information management (SIM) solution that positions itself as a central point for your security information that is collected by various devices.
Patch Management of Microsoft Products Using HFNetChkPro
- By: Kris Poznanski (posted on October 31, 2003)
-
Microsoft together with Shavlik Technologies has developed a Network Security Hotfix Checker the HFNetChk tool (Hfnetchk.exe), a command-line tool that administrators can use to centrally assess a computer or group of computers for the absence of security patches.
Using Sam Spade
- By: Terry Pasley (posted on October 31, 2003)
-
This paper will examine a number of the more useful tools in Sam Spade.
An Introduction to NMAP
- By: Tim Corcoran (posted on October 25, 2001)
-
NMAP is an excellent, multi functional utility that should be a part of every system administrator's toolkit.
Free NT Security Tools
- By: Douglas T. Orey (posted on August 6, 2001)
-
A discussion of several software tools available to assist with security for NT users.
Password Cracking with L0phtCrack 3.0
- By: Patrick Boismenu (posted on June 19, 2001)
-
This paper was designed to describe how most password crackers operate.
Netcat - The TCP/IP Swiss Army Knife
- By: Tom Armstrong (posted on February 15, 2001)
-
Netcat is a tool that every security professional should be aware of and possibly have in their 'security tool box'.
I learned more at this conference than 2 other training conferences I have attended combined.
-Steve Farmer, LANL