Acknowledgments | p. xxi |
Introduction | p. xxiii |
Multifunctional and Miscellaneous Tools | |
Netcat and Cryptcat | p. 3 |
Netcat | p. 4 |
Cryptcat | p. 25 |
The X Window System | p. 27 |
Choosing a Window Manager | p. 28 |
A Client/Server Model | p. 28 |
How Remote X Servers and Clients Communicate | p. 28 |
Securing X, Part I: Using xhost and xauth | p. 30 |
Securing X, Part II: Tunneling X Traffic Through SSH | p. 33 |
The Other Important Players | p. 34 |
Now You Know | p. 36 |
Emulators | p. 37 |
VMware | p. 38 |
Cygwin | p. 50 |
Tools for Auditing and Defending the Hosts | |
Port Scanners | p. 63 |
Nmap | p. 64 |
THC-Amap | p. 85 |
NetScan Tools | p. 90 |
SuperScan | p. 94 |
IPEye | p. 100 |
ScanLine | p. 101 |
WUPS | p. 106 |
Udp_scan | p. 107 |
Unix Enumeration Tools | p. 111 |
Samba: Server Message Block Implementation for Unix | p. 112 |
Rpcinfo | p. 115 |
showmount | p. 117 |
R-Tools | p. 118 |
Finger | p. 120 |
who, w, and last | p. 123 |
Windows Enumeration Tools | p. 127 |
Net Tools | p. 129 |
Nbtstat | p. 133 |
Winfingerprint | p. 138 |
GetUserInfo | p. 140 |
Enum | p. 142 |
PsTools | p. 146 |
HFNetChk | p. 165 |
Web Hacking Tools | p. 169 |
Vulnerability Scanners | p. 170 |
All-Purpose Tools | p. 184 |
Application Inspection | p. 194 |
Password Cracking/Brute-Force Tools | p. 207 |
PassFilt.dll and Windows Password Policies | p. 208 |
PAM and Unix Password Policies | p. 210 |
OpenBSD login.conf | p. 214 |
John the Ripper | p. 216 |
L0phtCrack | p. 228 |
Grabbing Windows Password Hashes | p. 233 |
Active Brute-Force Tools | p. 236 |
Host Hardening | p. 243 |
Titan | p. 244 |
Msec | p. 247 |
Backdoors and Remote Access Tools | p. 253 |
VNC | p. 255 |
Netbus | p. 261 |
Back Orifice | p. 265 |
SubSeven | p. 270 |
Loki | p. 275 |
Stcpshell | p. 279 |
Knark | p. 282 |
Simple Source Auditing Tools | p. 289 |
Flawfinder | p. 290 |
RATS | p. 295 |
Combination System Auditing Tools | p. 301 |
Nessus | p. 302 |
STAT | p. 318 |
Retina | p. 327 |
Internet Scanner | p. 333 |
Tripwire | p. 342 |
Tools for Auditing and Defending Your Network | |
Firewalls | p. 363 |
Firewalls and Packet Filters--the Basics | p. 364 |
Freeware Firewalls | p. 373 |
Commercial Firewalls | p. 404 |
Network Reconnaissance Tools | p. 411 |
whois/fwhois | p. 412 |
Host, Dig, and Nslookup | p. 417 |
Ping | p. 420 |
Fping | p. 423 |
Traceroute | p. 426 |
Hping | p. 430 |
Port Redirection | p. 439 |
Datapipe | p. 441 |
FPipe | p. 444 |
WinRelay | p. 452 |
Sniffers | p. 453 |
Sniffers Overview | p. 454 |
BUTTSniffer | p. 455 |
Tcpdump and WinDump | p. 465 |
Ethereal | p. 478 |
Dsniff | p. 489 |
Ettercap | p. 496 |
Snort: An Intrusion-Detection System | p. 499 |
Wireless Tools | p. 513 |
NetStumbler | p. 515 |
AiroPeek | p. 518 |
Wellenreiter | p. 520 |
Kismet | p. 521 |
War Dialers | p. 531 |
ToneLoc | p. 532 |
THC-Scan | p. 542 |
Beyond the CONNECT String | p. 549 |
TCP/IP Stack Tools | p. 551 |
ISIC: IP Stack Integrity Checker | p. 552 |
Iptest | p. 559 |
Nemesis: Packet-Weaving 101 | p. 562 |
Beyond the Command Line | p. 568 |
Tools for Computer Forensics and Incident Response | |
Creating a Bootable Environment and Live Response Tool Kit | p. 571 |
Trinux | p. 572 |
Windows Live Response Tool Kit | p. 577 |
Unix Live Response Tool Kit | p. 599 |
Commercial Forensic Duplication Tool Kits | p. 615 |
EnCase | p. 616 |
Format: Creating a Trusted Boot Disk | p. 625 |
PDBLOCK: Write Blocking Your Source Drives | p. 626 |
Safeback | p. 627 |
SnapBack | p. 637 |
Ghost | p. 641 |
Open-Source Forensic Duplication Tool Kits | p. 651 |
dd: A Forensic Duplication Tool | p. 653 |
dd: A Hard Drive Cleansing Tool | p. 659 |
Losetup: Transforming a Regular File into a Device on Linux | p. 660 |
The Enhanced Linux Loopback Device | p. 661 |
Vnode: Transforming a Regular File into a Device on FreeBSD | p. 664 |
Md5sum and md5: Validating the Evidence Collected | p. 666 |
Tool Kits to Aid in Forensic Analysis | p. 671 |
The Forensic Toolkit | p. 672 |
EnCase | p. 684 |
The Coroner's Toolkit | p. 698 |
Tools to Aid in Internet Activity Reconstruction | p. 711 |
Outlook Express | p. 712 |
Outlook | p. 714 |
Netscape Navigator/Communicator | p. 715 |
America Online Client | p. 720 |
Unix Mailboxes | p. 724 |
Paraben's E-mail Examiner | p. 726 |
IE History | p. 730 |
X-Ways Trace | p. 733 |
Generalized Editors and Viewers | p. 743 |
The file Command | p. 744 |
Hexdump | p. 745 |
Hexedit | p. 749 |
Vi | p. 753 |
Frhed | p. 757 |
Xvi32 | p. 760 |
WinHex | p. 761 |
Quick View Plus | p. 765 |
Midnight Commander | p. 769 |
Appendixes | |
Useful Charts and Diagrams | p. 779 |
Protocol Headers | p. 780 |
ASCII Table | p. 785 |
About the CD-ROM | p. 791 |
How to Use the CD-ROM | p. 792 |
Security Tools on the CD | p. 792 |
Links to More Tools | p. 793 |
Problems with the CD | p. 793 |
Index | p. 795 |
Table of Contents provided by Ingram. All Rights Reserved. |