After much fiddling, I manage to find the most simple way to do WiFi WEP cracking on Eee PC.
You don’t even need to know linux 
No more typing in command on the terminal and memory all the MAC address, channel , etc.
I gonna update this with screenshot later and adding more WEP cracking technique.
I going to do some in depth cover on Conficker worm.
Have been dealing with Conficker for the past few worm and I think i better document it down 
An Analysis of Conficker’s Logic and Rendezvous Points
http://mtc.sri.com/Conficker/
Dun like IE? IE is slow for certain website?
Try this -> http://code.google.com/chrome/chromeframe/
Try use Google Chrome Frame. After install, just change your IE URL from http://www.google.com to cf:http://www.google.com.
You will now enjoy chrome speed in IE !!!
Best use with gmail/facebook and other heavy javascript site.
Here the announcement from Google:
Introducing Google Chrome Frame
Tuesday, September 22, 2009
Today, we’re releasing an early version of Google Chrome Frame, an open source plug-in that brings HTML5 and other open web technologies to Internet Explorer.
We’re building Google Chrome Frame to help web developers deliver faster, richer applications like Google Wave. Recent JavaScript performance improvements and the emergence of HTML5 have enabled web applications to do things that could previously only be done by desktop software. One challenge developers face in using these new technologies is that they are not yet supported by Internet Explorer. Developers can’t afford to ignore IE — most people use some version of IE — so they end up spending lots of time implementing work-arounds or limiting the functionality of their apps.
With Google Chrome Frame, developers can now take advantage of the latest open web technologies, even in Internet Explorer. From a faster Javascript engine, to support for current web technologies like HTML5’s offline capabilities and , to modern CSS/Layout handling, Google Chrome Frame enables these features within IE with no additional coding or testing for different browser versions.
To start using Google Chrome Frame, all developers need to do is to add a single tag:
When Google Chrome Frame detects this tag it switches automatically to using Google Chrome’s speedy WebKit-based rendering engine. It’s that easy. For users, installing Google Chrome Frame will allow them to seamlessly enjoy modern web apps at blazing speeds, through the familiar interface of the version of IE that they are currently using.
We believe that Google Chrome Frame makes life easier for web developers as well as users. While this is still an early version intended for developers, our team invites you to try out this for your site. You can start by reading our documentation. Please share your feedback in our discussion group and file any bugs you find through the Chromium issue tracker.
Seem like there is a fine control on OS level patching cycle/process, the new key point is the third party app.
Web application and client software still remain as a huge entry point. Code review and SDLC education will be critical to all of us
Published: 2009-09-15 by Johannes Ullrich
SANS today released a new Cyber Security Risks report. The report used data from Tippingpoint, Qualys, the Internet Storm Center and input from SANS faculty like Ed Skoudis and Rob Lee.
Some of the key findings include that operating systems are for the large part less and less of a problem. There are few attacks against the operating system itself, and patching has become pretty robust when it comes to the operating system and its core components. However, third party applications (think Adobe, Java, Quicktime) are a big problem, and they are usually not well covered by existing controls.
On the server side, web applications are of course the big entry point for an attacker. In particular the combination of vulnerable web applications and vulnerable client software is frequently used to inject a client exploit into a web application in order to pivot and attack inside the attacked network.
The report includes case studies of actual attacks to underline these points.
For details, see http://www.sans.org/top-cyber-security-risks
Two Japanese scientists have figured out a way to crack WPA encryption in sixty seconds.
Two Japanese scientists, Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, plan to reveal how they can crack WPA encryption in sixty seconds at a technical conference taking place on September 25 in Hiroshima. PC Advisor said that the two scientists have designed an attack that gives hackers a way to read the encrypted traffic passed from PCs and certain routers that use WPA.
The method isn’t new: security researchers revealed a way to break WPA encryption back in November. However, according to Dragos Ruiu, organizer of the PacSec security conference where the first WPA hack took place, the scientists have taken the supposed attack “to a new level,” saying that they took theoretical information and made it “much more practical.”
The previous attack method, developed by researchers Martin Beck and Erik Tews, took between 12 and 15 minutes to work on a smaller range of WPA devices. The PC advisor report also stated that both attacks only work on WPA systems that use the Temporal Key Integrity Protocol (TKIP) algorithm. Fortunately, the attack does not work on WPA systems using Advanced Encryption Standard (AES) algorithm, or WPA 2 devices.
If this bit of news seems a little frightening, don’t fret: many WPA routers allow users to switch from TKIP encryption to AES through the administration interface.
This attack has caused personal information leakage. The detail of the attack can be found from:
http://blog.quaji.com/2009/08/facebook-csrf-attack-full-disclosure.html
I gonna try and verify this attack
unalias lsHow to cover your track in Linux.
1. SSH – History Clear
unset HISTORY HISTFILE HISTSAVE HISTZONE HISTORY HISTLOG; export HISTFILE=/dev/null; export HISTSIZE=0; export HISTFILESIZE=0
2. SED – Cover Track
Replace IP address in log
sed -s 's/211.xxx.xxx.xxx/192.168.1.1/g' access_log access.log security
3. SED – Restrict SSH access
sed -i 's/AllowUsers fuck root oracle/AllowUsers fuck root oracle rqcuser/g' sshd_config
lsof -i:22 "Check sshd PID" COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME sshd 18662 root 11u IPv6 27925867 TCP *:ssh (LISTEN) sshd 31793 sshd 12u IPv6 34742994 TCP 192.168.1.2:ssh->192.168.1.5:49080 (ESTABLISHED) kill -SIGHUP 18662
4. ttyshell
python -c 'import pty; pty.spawn("/bin/sh")'
5. Netcat Fix
unalias ls
Huge bug in WordPress and show the security flaw design in PHP program.
PHP is typeless, so attacker can just pass array onto variable 
Not much damage except it reset your admin password 
(just reset only)
WordPress have issue a fix -> http://core.trac.wordpress.org/changeset/11798
Work…Work !!!
SPI Dynamics (live) – http://zero.webappsecurity.com/
Cenzic (live) – http://crackme.cenzic.com/
Watchfire (live) – http://demo.testfire.net/
Acunetix (live) – http://testphp.acunetix.com/ http://testasp.acunetix.com http://testaspnet.acunetix.com
WebMaven / Buggy Bank – http://www.mavensecurity.com/webmaven
Foundstone SASS tools – http://www.foundstone.com/us/resources-free-tools.asp
Updated HackmeBank – http://www.o2-ounceopen.com/technical-info/2008/12/8/updated-version-of-hacmebank.html
OWASP WebGoat – http://www.owasp.org/index.php/OWASP_WebGoat_Project
OWASP SiteGenerator – http://www.owasp.org/index.php/Owasp_SiteGenerator
Stanford SecuriBench – http://suif.stanford.edu/~livshits/securibench/
SecuriBench Micro – http://suif.stanford.edu/~livshits/work/securibench-micro/
WebScarab – http://www.owasp.org/index.php/Category:OWASP_WebScarab_Project
Burp – http://www.portswigger.net/
Paros – http://www.parosproxy.org/
Fiddler – http://www.fiddlertool.com/
Web Proxy Editor – http://www.microsoft.com/mspress/companion/0-7356-2187-X/
Pantera – http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project
Suru – http://www.sensepost.com/research/suru/
httpedit (curses-based) – http://www.neutralbit.com/en/rd/httpedit/
Charles – http://www.xk72.com/charles/
Odysseus – http://www.bindshell.net/tools/odysseus
Burp, Paros, and WebScarab for Mac OS X – http://www.corsaire.com/downloads/
Web-application scanning tool from `Network Security Tools’/O’Reilly – http://examples.oreilly.com/networkst/
JS Commander – http://jscmd.rubyforge.org/
Ratproxy – http://code.google.com/p/ratproxy/
Wfuzz – http://www.edge-security.com/wfuzz.php
ProxMon – http://www.isecpartners.com/proxmon.html
Wapiti – http://wapiti.sourceforge.net/
Grabber – http://rgaucher.info/beta/grabber/
XSSScan – http://darkcode.ath.cx/scanners/XSSscan.py
CAL9000 – http://www.owasp.org/index.php/Category:OWASP_CAL9000_Project
HTMangLe – http://www.fishnetsecurity.com/Tools/HTMangLe/publish.htm
JBroFuzz – http://sourceforge.net/projects/jbrofuzz
XSSFuzz – http://ha.ckers.org/blog/20060921/xssfuzz-released/
WhiteAcid’s XSS Assistant – http://www.whiteacid.org/greasemonkey/
Overlong UTF – http://www.microsoft.com/mspress/companion/0-7356-2187-X/
[TGZ] MielieTool (SensePost Research) – http://packetstormsecurity.org/UNIX/utilities/mielietools-v1.0.tgz
RegFuzzer: test your regular expression filter – http://rgaucher.info/b/index.php/post/2007/05/26/RegFuzzer%3A-Test-your-regular-expression-filter
screamingCobra – http://www.dachb0den.com/projects/screamingcobra.html
SPIKE and SPIKE Proxy – http://immunitysec.com/resources-freesoftware.shtml
RFuzz – http://rfuzz.rubyforge.org/
WebFuzz – http://www.codebreakers-journal.com/index.php?option=com_content&task=view&id=112&Itemid=99999999
TestMaker – http://www.pushtotest.com/Docs/downloads/features.html
ASP Auditor – http://michaeldaw.org/projects/asp-auditor-v2/
WSTool – http://wstool.sourceforge.net/
Web Hack Control Center (WHCC) – http://ussysadmin.com/whcc/
Web Text Converter – http://www.microsoft.com/mspress/companion/0-7356-2187-X/
HackBar (Firefox Add-on) – https://addons.mozilla.org/firefox/3899/
Net-Force Tools (NF-Tools, Firefox Add-on) – http://www.net-force.nl/library/downloads/
PostIntercepter (Greasemonkey script) – http://userscripts.org/scripts/show/743
Wbox: HTTP testing tool – http://hping.org/wbox/
ht://Check – http://htcheck.sourceforge.net/
Mumsie – http://www.lurhq.com/tools/mumsie.html
WebInject – http://www.webinject.org/
Torture.pl Home Page – http://stein.cshl.org/~lstein/torture/
JoeDog’s Seige – http://www.joedog.org/JoeDog/Siege/
OPEN-LABS: metoscan (http method testing) – http://www.open-labs.org/
Load-balancing detector – http://ge.mine.nu/lbd.html
HMAP – http://ujeni.murkyroc.com/hmap/
Net-Square: httprint – http://net-square.com/httprint/
Wpoison: http stress testing – http://wpoison.sourceforge.net/
Net-square: MSNPawn – http://net-square.com/msnpawn/index.shtml
hcraft: HTTP Vuln Request Crafter – http://druid.caughq.org/projects/hcraft/
rfp.labs: LibWhisker – http://www.wiretrip.net/rfp/lw.asp
Nikto – http://www.cirt.net/code/nikto.shtml
twill – http://twill.idyll.org/
DirBuster – http://www.owasp.org/index.php/Category:OWASP_DirBuster_Project
[ZIP] DFF Scanner – http://security-net.biz/files/dff/DFF.zip
[ZIP] The Elza project – http://packetstormsecurity.org/web/elza-1.4.7-beta.zip http://www.stoev.org/elza.html
HackerFox and Hacking Addons Bundled: Portable Firefox with web hacking addons bundled – http://sf.net/projects/hackfox
TamperIE – http://www.bayden.com/Other/
isr-form – http://www.infobyte.com.ar/developments.html
Modify Headers (Firefox Add-on) – http://modifyheaders.mozdev.org/
Tamper Data (Firefox Add-on) – http://tamperdata.mozdev.org/
UrlParams (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1290/
TestGen4Web (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1385/
DOM Inspector / Inspect This (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1806/ https://addons.mozilla.org/en-US/firefox/addon/1913/
LiveHTTPHeaders / Header Monitor (Firefox Add-on) – http://livehttpheaders.mozdev.org/ https://addons.mozilla.org/en-US/firefox/addon/575/
[TGZ] stompy: session id tool – http://lcamtuf.coredump.cx/stompy.tgz
Add’N Edit Cookies (AnEC, Firefox Add-on) – http://addneditcookies.mozdev.org/
CookieCuller (Firefox Add-on) – http://cookieculler.mozdev.org/
CookiePie (Firefox Add-on) – http://www.nektra.com/oss/firefox/extensions/cookiepie/
CookieSpy – http://www.codeproject.com/shell/cookiespy.asp
Cookies Explorer – http://www.dutchduck.com/Features/Cookies.aspx
Sahi – http://sahi.co.in/
scRUBYt – http://scrubyt.org/
jQuery – http://jquery.com/
jquery-include – http://www.gnucitizen.org/projects/jquery-include
Sprajax – http://www.denimgroup.com/sprajax.html
Watir – http://wtr.rubyforge.org/
Watij – http://watij.com/
Watin – http://watin.sourceforge.net/
RBNarcissus – http://idontsmoke.co.uk/2005/rbnarcissus/
SpiderTest (Spider Fuzz plugin) – http://blog.caboo.se/articles/2007/2/21/the-fabulous-spider-fuzz-plugin
Javascript Inline Debugger (jasildbg) – http://jasildbg.googlepages.com/
Firebug Lite – http://www.getfirebug.com/lite.html
firewaitr – http://code.google.com/p/firewatir/
LiveLines (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/324/
rss-cache – http://www.dubfire.net/chris/projects/rss-cache/
0×90.org: home of Absinthe, Mezcal, etc – http://0×90.org/releases.php
SQLiX – http://www.owasp.org/index.php/Category:OWASP_SQLiX_Project
sqlninja: a SQL Server injection and takover tool – http://sqlninja.sourceforge.net/
JustinClarke’s SQL Brute – http://www.justinclarke.com/archives/2006/03/sqlbrute.html
BobCat – http://www.northern-monkee.co.uk/projects/bobcat/bobcat.html
sqlmap – http://sqlmap.sourceforge.net/
Scully: SQL Server DB Front-End and Brute-Forcer – http://www.sensepost.com/research/scully/
FG-Injector – http://www.flowgate.net/?lang=en&seccion=herramientas
PRIAMOS – http://www.priamos-project.com/
W3AF: Web Application Attack and Audit Framework – http://w3af.sourceforge.net/
Jikto – http://busin3ss.name/jikto-in-the-wild/
XSS Shell – http://ferruh.mavituna.com/article/?1338
XSS-Proxy – http://xss-proxy.sourceforge.net
AttackAPI – http://www.gnucitizen.org/projects/attackapi/
FFsniFF – http://azurit.elbiahosting.sk/ffsniff/
HoneyBlog’s web-based junkyard – http://honeyblog.org/junkyard/web-based/
BeEF – http://www.bindshell.net/tools/beef/
Firefox Extension Scanner (FEX) – http://www.gnucitizen.org/projects/fex/
What is my IP address? – http://reglos.de/myaddress/
xRumer: blogspam automation tool – http://www.botmaster.net/movies/XFull.htm
SpyJax – http://www.merchantos.com/makebeta/tools/spyjax/
Greasecarnaval – http://www.gnucitizen.org/projects/greasecarnaval
Technika – http://www.gnucitizen.org/projects/technika/
Load-AttackAPI bookmarklet – http://www.gnucitizen.org/projects/load-attackapi-bookmarklet
MD’s Projects: JS port scanner, pinger, backdoors, etc – http://michaeldaw.org/my-projects/
Netcraft – http://www.netcraft.net
AboutURL – http://www.abouturl.com/
The Scrutinizer – http://www.scrutinizethis.com/
net.toolkit – http://clez.net/
ServerSniff – http://www.serversniff.net/
Online Microsoft script decoder – http://www.greymagic.com/security/tools/decoder/
Webmaster-Toolkit – http://www.webmaster-toolkit.com/
myIPNeighbbors, et al – http://digg.com/security/MyIPNeighbors_Find_Out_Who_Else_is_Hosted_on_Your_Site_s_IP_Address
PHP charset encoding – http://h4k.in/encoding
data: URL testcases – http://h4k.in/dataurl
Zalewski’s MangleMe – http://lcamtuf.coredump.cx/mangleme/mangle.cgi
hdm’s tools: Hamachi, CSSDIE, DOM-Hanoi, AxMan – http://metasploit.com/users/hdm/tools/
Peach Fuzzer Framework – http://peachfuzz.sourceforge.net/
TagBruteForcer – http://research.eeye.com/html/tools/RT20060801-3.html
PROTOS Test-Suite: c05-http-reply – http://www.ee.oulu.fi/research/ouspg/protos/testing/c05/http-reply/index.html
COMRaider – http://labs.idefense.com
bcheck – http://bcheck.scanit.be/bcheck/
Stop-Phishing: Projects page – http://www.indiana.edu/~phishing/?projects
LinkScanner – http://linkscanner.explabs.com/linkscanner/default.asp
BrowserCheck – http://www.heise-security.co.uk/services/browsercheck/
Cross-browser Exploit Tests – http://www.jungsonnstudios.com/cool.php
Stealing information using DNS pinning demo – http://www.jumperz.net/index.php?i=2&a=1&b=7
Javascript Website Login Checker – http://ha.ckers.org/weird/javascript-website-login-checker.html
Mozilla Activex – http://www.iol.ie/~locka/mozilla/mozilla.htm
Jungsonn’s Black Dragon Project – http://blackdragon.jungsonnstudios.com/
Mr. T (Master Recon Tool, includes Read Firefox Settings PoC) – http://ha.ckers.org/mr-t/
Vulnerable Adobe Plugin Detection For UXSS PoC – http://www.0×000000.com/?i=324
About Flash: is your flash up-to-date? – http://www.macromedia.com/software/flash/about/
Test your installation of Java software – http://java.com/en/download/installed.jsp?detect=jre&try=1
WebPageFingerprint – Light-weight Greasemonkey Fuzzer – http://userscripts.org/scripts/show/30285
PHP-SAT.org: Static analysis for PHP – http://www.program-transformation.org/PHP/
Unl0ck Research Team: tool for searching in google for include bugs – http://unl0ck.net/tools.php
FIS: File Inclusion Scanner – http://www.segfault.gr/index.php?cat_id=3&cont_id=25
PHPSecAudit – http://developer.spikesource.com/projects/phpsecaudit
PHPInfoSec – Check phpinfo configuration for security – http://phpsec.org/projects/phpsecinfo/
A Greasemonkey Replacement can be found at http://yehg.net/lab/#tools.greasemonkey
Php-Brute-Force-Attack Detector – http://yehg.net/lab/pr0js/files.php/php_brute_force_detect.zip
PHP-Login-Info-Checker
http://yehg.net/lab/pr0js/files.php/loginfo_checkerv0.1.zip
http://yehg.net/lab/pr0js/files.php/phploginfo_checker_demo.zip
php-DDOS-Shield – A tricky script to prevent idiot distributed bots which discontinue their flooding attacks by identifying HTTP 503 header code. http://code.google.com/p/ddos-shield/
PHPMySpamFIGHTER – http://yehg.net/lab/pr0js/files.php/phpmyspamfighter.zip http://yehg.net/lab/pr0js/files.php/phpMySpamFighter_demo.rar
APIDS on Wikipedia – http://en.wikipedia.org/wiki/APIDS
PHP Intrusion Detection System (PHP-IDS) – http://php-ids.org/ http://code.google.com/p/phpids/
dotnetids – http://code.google.com/p/dotnetids/
Secure Science InterScout – http://www.securescience.com/home/newsandevents/news/interscout1.0.html
Remo: whitelist rule editor for mod_security – http://remo.netnea.com/
GotRoot: ModSecuirty rules – http://www.gotroot.com/tiki-index.php?page=mod_security+rules
The Web Security Gateway (WSGW) – http://wsgw.sourceforge.net/
mod_security rules generator – http://noeljackson.com/tools/modsecurity/
Mod_Anti_Tamper – http://www.wisec.it/projects.php?id=3
[TGZ] Automatic Rules Generation for Mod_Security – http://www.wisec.it/rdr.php?fn=/Projects/Rule-o-matic.tgz
AQTRONIX WebKnight – http://www.aqtronix.com/?PageID=99
Akismet: blog spam defense – http://akismet.com/
Samoa: Formal tools for securing web services – http://research.microsoft.com/projects/samoa/
WebServiceStudio2.0 – http://www.codeplex.com/WebserviceStudio
Net-square: wsChess – http://net-square.com/wschess/index.shtml
WSFuzzer – http://www.owasp.org/index.php/Category:OWASP_WSFuzzer_Project
SIFT: web method search tool – http://www.sift.com.au/73/171/sift-web-method-search-tool.htm
iSecPartners: WSMap, WSBang, etc – http://www.isecpartners.com/tools.html
Pixy: a static analysis tool for detecting XSS vulnerabilities – http://www.seclab.tuwien.ac.at/projects/pixy/
Brixoft.Net: Source Edit – http://www.brixoft.net/prodinfo.asp?id=1
Security compass web application auditing tools (SWAAT) – http://www.owasp.org/index.php/Category:OWASP_SWAAT_Project
An even more complete list here – http://www.cs.cmu.edu/~aldrich/courses/654/tools/
A nice list that claims some demos available – http://www.cs.cmu.edu/~aldrich/courses/413/tools.html
A smaller, but also good list – http://spinroot.com/static/
Yasca: A highly extensible source code analysis framework; incorporates several analysis tools into one package. http://www.yasca.org/
RATS – http://www.securesoftware.com/resources/download_rats.html
ITS4 – http://www.cigital.com/its4/
FlawFinder – http://www.dwheeler.com/flawfinder/
Splint – http://www.splint.org/
Uno – http://spinroot.com/uno/
BOON (Buffer Overrun detectiON) – http://www.cs.berkeley.edu/~daw/boon/ http://boon.sourceforge.net
Valgrind – http://www.valgrind.org/
LAPSE – http://suif.stanford.edu/~livshits/work/lapse/
HDIV Struts – http://hdiv.org/
Orizon – http://sourceforge.net/projects/orizon/
FindBugs: Find bugs in Java programs – http://findbugs.sourceforge.net/
PMD – http://pmd.sourceforge.net/
CUTE: A Concolic Unit Testing Engine for C and Java – http://osl.cs.uiuc.edu/~ksen/cute/
EMMA – http://emma.sourceforge.net/
JLint – http://jlint.sourceforge.net/
Java PathFinder – http://javapathfinder.sourceforge.net/
Fujaba: Move between UML and Java source code – http://wwwcs.uni-paderborn.de/cs/fujaba/
Checkstyle – http://checkstyle.sourceforge.net/
Cookie Revolver Security Framework – http://sourceforge.net/projects/cookie-revolver
tinapoc – http://sourceforge.net/projects/tinapoc
jarsigner – http://java.sun.com/j2se/1.5.0/docs/tooldocs/solaris/jarsigner.html
Solex – http://solex.sourceforge.net/
Java Explorer – http://metal.hurlant.com/jexplore/
HTTPClient – http://www.innovation.ch/java/HTTPClient/
another HttpClient – http://jakarta.apache.org/commons/httpclient/
a list of code coverage and analysis tools for Java – http://mythinkpond.blogspot.com/2007/06/java-foss-freeopen-source-software.html
Microsoft Threat Analysis and Modeling Tool v2.1 (TAM) – http://www.microsoft.com/downloads/details.aspx?FamilyID=59888078-9daf-4e96-b7d1-944703479451&displaylang=en
Amenaza: Attack Tree Modeling (SecurITree) – http://www.amenaza.com/software.php
Octotrike – http://www.octotrike.org/
Web Developer Toolbar – https://addons.mozilla.org/firefox/60/
Plain Old Webserver (POW) – https://addons.mozilla.org/firefox/3002/
XML Developer Toolbar – https://addons.mozilla.org/firefox/2897/
Public Fox – https://addons.mozilla.org/firefox/3911/
XForms Buddy – http://beaufour.dk/index.php?sec=misc&pagename=xforms
MR Tech Local Install – http://www.mrtech.com/extensions/local_install/
Nightly Tester Tools – http://users.blueprintit.co.uk/~dave/web/firefox/buildid/index.html
IE Tab – https://addons.mozilla.org/firefox/1419/
User-Agent Switcher – https://addons.mozilla.org/firefox/59/
ServerSwitcher – https://addons.mozilla.org/firefox/2409/
HeaderMonitor – https://addons.mozilla.org/firefox/575/
RefControl – https://addons.mozilla.org/firefox/953/
refspoof – https://addons.mozilla.org/firefox/667/
No-Referrer – https://addons.mozilla.org/firefox/1999/
LocationBar^2 – https://addons.mozilla.org/firefox/4014/
SpiderZilla – http://spiderzilla.mozdev.org/
Slogger – https://addons.mozilla.org/en-US/firefox/addon/143
Fire Encrypter – https://addons.mozilla.org/firefox/3208/
Selenium IDE – http://www.openqa.org/selenium-ide/
Firebug – http://www.joehewitt.com/software/firebug/
Venkman – http://www.mozilla.org/projects/venkman/
Chickenfoot – http://groups.csail.mit.edu/uid/chickenfoot/
Greasemonkey – http://www.greasespot.net/
Greasemonkey compiler – http://www.letitblog.com/greasemonkey-compiler/
User script compiler – http://arantius.com/misc/greasemonkey/script-compiler
Extension Developer’s Extension (Firefox Add-on) – http://ted.mielczarek.org/code/mozilla/extensiondev/
Smart Middle Click (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/3885/
RSnake’s security bookmarklets – http://ha.ckers.org/bookmarklets.html
BMlets – http://optools.awardspace.com/bmlet.html
Huge list of bookmarklets – http://www.squarefree.com/bookmarklets/
Blummy: consists of small widgets, called blummlets, which make use of Javascript to provide rich functionality – http://www.blummy.com/
Bookmarklets every blogger should have – http://www.micropersuasion.com/2005/10/bookmarklets_ev.html
Flat Bookmark Editing (Firefox Add-on) – http://n01se.net/chouser/proj/mozhack/
OpenBook and Update Bookmark (Firefox Add-ons) – http://www.chuonthis.com/extensions/
[ZIP] THCSSLCheck – http://thc.org/root/tools/THCSSLCheck.zip
[ZIP] Foundstone SSLDigger – http://www.foundstone.com/us/resources/termsofuse.asp?file=ssldigger.zip
Cert Viewer Plus (Firefox Add-on) – https://addons.mozilla.org/firefox/1964/
Honeyclient Project: an open-source honeyclient – http://www.honeyclient.org/trac/
HoneyC: the low-interaction honeyclient – http://honeyc.sourceforge.net/
Capture: a high-interaction honeyclient – http://capture-hpc.sourceforge.net/
Google Hack Honeypot – http://ghh.sourceforge.net/
PHP.Hop – PHP Honeynet Project – http://www.rstack.org/phphop/
SpyBye – http://www.monkey.org/~provos/spybye/
Honeytokens – http://www.securityfocus.com/infocus/1713
SearchStatus (Firefox Add-on) – http://www.quirk.biz/searchstatus/
SEO for Firefox (Firefox Add-on) – http://tools.seobook.com/firefox/seo-for-firefox.html
SEOQuake (Firefox Add-on) – http://www.seoquake.com/
Evolution – http://www.paterva.com/evolution-e.html
GooSweep – http://www.mcgrewsecurity.com/projects/goosweep/
Aura: Google API Utility Tools – http://www.sensepost.com/research/aura/
Edge-Security tools – http://www.edge-security.com/soft.php
Fierce Domain Scanner – http://ha.ckers.org/fierce/
Googlegath – http://www.nothink.org/perl/googlegath/
Advanced Dork (Firefox Add-on) – https://addons.mozilla.org/firefox/2144/
Passive Cache (Firefox Add-on) – https://addons.mozilla.org/firefox/977/
CacheOut! (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1453/
BugMeNot Extension (Firefox Add-on) – http://roachfiend.com/archives/2005/02/07/bugmenot/
TrashMail.net Extension (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1813/
DiggiDig (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/2819/
Digger (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1467/
Scuba by Imperva Database Vulnerability Scanner – http://www.imperva.com/scuba/
DieHard – http://www.diehard-software.org/
LocalRodeo (Firefox Add-on) – http://databasement.net/labs/localrodeo/
NoMoXSS – http://www.seclab.tuwien.ac.at/projects/jstaint/
Request Rodeo – http://savannah.nongnu.org/projects/requestrodeo
FlashBlock (Firefox Add-on) – http://flashblock.mozdev.org/
CookieSafe (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/2497
NoScript (Firefox Add-on) – http://www.noscript.net/
FormFox (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1579/
Adblock (Firefox Add-on) – http://adblock.mozdev.org/
httpOnly in Firefox (Firefox Add-on) – http://blog.php-security.org/archives/40-httpOnly-Cookies-in-Firefox-2.0.html
SafeCache (Firefox Add-on) – http://www.safecache.com/
SafeHistory (Firefox Add-on) – http://www.safehistory.com/
PrefBar (Firefox Add-on) – http://prefbar.mozdev.org/
All-in-One Sidebar (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/1027/
QArchive.org web file checker (Firefox Add-on) – https://addons.mozilla.org/firefox/4115/
Update Notified (Firefox Add-on) – https://addons.mozilla.org/en-US/firefox/addon/2098/
FireKeeper – http://firekeeper.mozdev.org/
Greasemonkey: XSS Malware Script Detector – http://yehg.net/lab/#tools.greasemonkey
TrackMeNot (Firefox Add-on) – https://addons.mozilla.org/firefox/3173/
Privacy Bird – http://www.privacybird.com/
Sulley – http://fuzzing.org/
taof: The Art of Fuzzing – http://sourceforge.net/projects/taof/
zzuf: multipurpose fuzzer – http://sam.zoy.org/zzuf/
autodafé: an act of software torture – http://autodafe.sourceforge.net/
EFS and GPF: Evolutionary Fuzzing System – http://www.appliedsec.com/resources.html
Recently coming through a few article that describe the SDL and the importance of the Static Analysis Tool in use.
I currently familiar with Fortify (http://www.fortify.com/) and i think the company going to purchase an upgrade to Fortify 360 soon. It was very very powerful as it able to detect not only static Code but able to review huge web application and found out injection point and XSS vulnerability as well.
Think of this, i just come across a very interested article from Michael Howard, the author of many security book.
In my point of view, Static Code Analysis is definitely the most difficult and crucial part in SDL. Is hard to find the right tool, and it take too much time to custom develop one for own use. Not only that, from which tool kit to use, till rapid code testing, getting the developer to READ SDL requirement and final implementation of a manageable Static Analysis Tool, it take a long time before you can say job done.
But judging how many bug fix and incident prevent with the help of Fortify analysis, I would say it totally worth it.
 | patrick on WEP Cracking on Eee PC 701 … |
 | Passerby on Taiwan Trip – Day #… |
| Passerby on How to make a MP3 ring tone fo… |
 | Jimmy Liew on LocalTi.me City/Country Inform… |
 | Lumix LX-3 Trick … on Aperture & Depth of F… |
