Intrusion Detection FAQ: What are common attacker tools?


Editors note, we really need someone to take ownership of this question and do a complete job, until then:

The number 1 script kiddie tool is sscan (http://www.ben2.ucla.edu/~jsbach/) Also, I have posted a whitepaper comparing nnmap and sscan, and how to determine if you have been scanned by them. Check out http://www.enteract.com/~lspitz/enemy2.html

spitzner@dimension.net (Lance Spitzner)
  1. L0pht Crack (www.l0pht.com)
  2. Legion (www.rhino9.com)
  3. Back Oriffice (www.cultdeadcow.com)
  4. Grinder (www.rhino9.com)
  5. Larva (www.rhino9.com)
  6. Conde Vampiro


The fire hose strikes again! My brain hurts!
-Dean Farrington, Wells Fargo

SANSFIRE 2013 - Washington

Latest Whitepapers

Event Monitoring and Incident Response
By Ryan Boyle

Dead Linux Machines Do Tell Tales
By James Fung

Setting Up a Database Security Logging and Monitoring Program
By Jim Horwath

Latest Tweets

DFIR Webcast starts in 75 minutes - 50 Shades of Hidden - Di [...]
May 17, 2013 - 3:46 PM

New blog post by @yorikv on pen test tips for file analysis. [...]
May 16, 2013 - 5:07 PM

New Blog Post: SANS EU #DFIR Summit in Prague - Call for Spe [...]
May 16, 2013 - 12:33 AM

Contact Us

(301) 654-SANS (7267)
Mon-Fri 9am - 8pm EST/EDT
info@sans.org

"As a security professional, this info is foundational to do a competent job, let alone be successful."
- Michael Foster, Providence Health & Security

"This has been a great way to get working knowledge that would have taken years of experience to learn."
- Josh Carlson, Nelnet

"SANS is a great place to enhance your technical and hands-on skills and tools. I thoroughly recommend it."
- Aaron Waugh, Datacom NZ Ltd