SlideShare a Scribd company logo

Top open source security tools you should know

B.A.
B.A.

Quick talk by Marc Vael and yours truly about the treasure trove of open source security tools that are available to us all.

Technology
1 of 45
Download to read offline
What are relevant open source security tools you should know and use today? Marc Vael, SAI.be Jan Guldentops, BA.be Wednesday 20th of March 2019 Brussels, Belgium
Disclaimer The views and opinions expressed during this session are those of the speakers. Nothing in this session should be construed as professional or security advice. For all tools shown in this presentation, quality has been demonstrated by thousands of users who have downloaded, deployed and actively used/reviewed them.
Disclaimer bis This presentation is only a “45 minute appetizer” ! • There are plenty of open source security tools that we will not discuss today…. (more about this later)
Red Hat = 100% open source company • IBM could download all their code for free & use it • Still IBM paid 34.000.000.000 USD
Why use open source security tools? 1. Cost is one of the reasons why security professionals spend some of their time working with open source security tools. 2. Whether for learning, experimenting, dealing with new or unique situations or deploying on a production basis, security professionals look at open source security software as a valuable part of their toolkit. 3. Transparancy: you have access to all code & you are free to do whatever you like with it! 4. Avoiding lock-in with a specific security vendor/supplier.
Open Source Security Tools facilitators
Categories We have taken the liberty to split up all open source security tools in the following 3 main categories : I. Security audits, testing & forensics II. Security monitoring & logging III.System Security
Tools we will not discuss in the next minutes…
I. SECURITY AUDITS, TESTING & FORENSICS 3
• Hindu goddess, destroyer of evil forces • = a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools aimed at various information security tasks, such as Penetration Testing, Forensics and Reverse Engineering. • The ideal place to start if you want to start using open source tools for auditing & forensic. • Used to be called backtrack • Just boot the distro and you have all your tools available. • A lot of tutorials available https://www.kali.org/ https://tools.kali.org/tools-listing KALI
How to use KALI (1) • Bootable usb • Live • Install • Use encrypted filesystems ! • vm • Virtualbox, KVM or vmware on your laptop. • @ cloud provider ideal for auditing the “outside” • E.g. Azure, Google Cloud, Hetzner, etc. KALI https://www.kali.org/ https://tools.kali.org/tools-listing
Advanced Kali use • Probe • We use a raspberry pi as an audit device. • PI3 + POE HAT/powerbank + external usbbased WIFI • +- 130€ • Leave it behind at customers : • Sets up a vpn, ssh or dns tunnel to our hq • We have all the tools available for wifi, network and other auditing. https://www.kali.org/ https://tools.kali.org/tools-listing KALI
• Information Gathering • ace-voip,Amap,APT2,arp-scan,Automater,bing-ip2hosts,braa,CaseFile,CDPSnarf,cisco-torch,copy-router- config,DMitry,dnmap,dnsenum,dnsmap,DNSRecon,dnstracer,dnswalk,DotDotPwn,enum4linux,enumIAX,EyeWitness,Faraday,Fierce,Firewalk,fragroute,fragr outer,Ghost Phisher,GoLismero,goofile,hping3,ident-user-enum,InSpy,InTrace,iSMTP,lbd,Maltego Teeth,masscan,Metagoofil,Miranda,nbtscan- unixwiz,Nikto,Nmap,ntop,OSRFramework,p0f,Parsero,Recon-ng,SET,SMBMap,smtp-user-enum,snmp- check,SPARTA,sslcaudit,SSLsplit,sslstrip,SSLyze,Sublist3r,THC-IPV6,theHarvester,TLSSLed,twofi,Unicornscan,URLCrazy,Wireshark,WOL-E,Xplico • Vulnerability Analysis • BBQSQL,BED,cisco-auditing-tool,cisco-global-exploiter,cisco-ocs,cisco-torch,copy-router-config,Doona,DotDotPwn,HexorBase,jSQL Injection,Lynis,Nmap,ohrwurm,openvas,Oscanner,Powerfuzzer,sfuzz,SidGuesser,SIPArmyKnife,sqlmap,Sqlninja,sqlsus,THC-IPV6,tnscmd10g,unix-privesc- check,Yersinia • Wireless Attacks • Airbase-ng,Aircrack-ng,Airdecap-ng and Airdecloak-ng,Aireplay-ng,airgraph-ng,Airmon-ng,Airodump-ng,airodump-ng-oui-update,Airolib-ng,Airserv- ng,Airtun-ng,Asleap,Besside-ng,Bluelog,BlueMaho,Bluepot,BlueRanger,Bluesnarfer,Bully,coWPAtty,crackle,eapmd5pass,Easside-ng,Fern Wifi Cracker,FreeRADIUS-WPE,Ghost Phisher,GISKismet,Gqrx,gr-scan,hostapd-wpe,ivstools,kalibrate-rtl,KillerBee,Kismet,makeivs- ng,mdk3,mfcuk,mfoc,mfterm,Multimon-NG,Packetforge-ng,PixieWPS,Pyrit,Reaver,redfang,RTLSDR Scanner,Spooftooph,Tkiptun-ng,Wesside-ng,Wifi Honey,wifiphisher,Wifitap,Wifite,wpaclean • Web Application Security • apache-users,Arachni,BBQSQL,BlindElephant,Burp Suite,CutyCapt,DAVTest,deblaze,DIRB,DirBuster,fimap,FunkLoad,Gobuster,Grabber,hURL,jboss- autopwn,joomscan,jSQL Injection,Maltego Teeth,Nikto,PadBuster,Paros,Parsero,plecost,Powerfuzzer,ProxyStrike,Recon- ng,Skipfish,sqlmap,Sqlninja,sqlsus,ua-tester,Uniscan,w3af,WebScarab,Webshag,WebSlayer,WebSploit,Wfuzz,WhatWeb,WPScan,XSSer,zaproxy • Exploitation tools • Armitage,Backdoor Factory,BeEF,cisco-auditing-tool,cisco-global-exploiter,cisco-ocs,cisco-torch,Commix,crackle,exploitdb,jboss-autopwn,Linux Exploit Suggester,Maltego Teeth,Metasploit Framework,MSFPC,RouterSploit,SET,ShellNoob,sqlmap,THC-IPV6,Yersinia • Stress testing • DHCPig,FunkLoad,iaxflood,Inundator,inviteflood,ipv6-toolkit,mdk3,Reaver,rtpflood,SlowHTTPTest,t50,Termineter,THC-IPV6,THC-SSL-DOS https://www.kali.org/ https://tools.kali.org/tools-listing KALI
• Forensic tools • Binwalk,bulk-extractor,Capstone,chntpw,Cuckoo,dc3dd,ddrescue,DFF,diStorm3,Dumpzilla,extundelete,Foremost,Galleta,Guymager,iPhone Backup Analyzer,p0f,pdf-parser,pdfid,pdgmail,peepdf,RegRipper,Volatility,Xplico • Sniffing & spoofing • bettercap,Burp Suite,DNSChef,fiked,hamster-sidejack,HexInject,iaxflood,inviteflood,iSMTP,isr-evilgrade,mitmproxy,ohrwurm,protos- sip,rebind,responder,rtpbreak,rtpinsertsound,rtpmixsound,sctpscan,SIPArmyKnife,SIPp,SIPVicious,SniffJoke,SSLsplit,sslstrip,THC- IPV6,VoIPHopper,WebScarab,Wifi Honey,Wireshark,xspy,Yersinia,zaproxy • Password attacks • BruteSpray,Burp Suite,CeWL,chntpw,cisco-auditing-tool,CmosPwd,creddump,crowbar,crunch,findmyhash,gpp-decrypt,hash- identifier,Hashcat,HexorBase,THC-Hydra,John the Ripper,Johnny,keimpx,Maltego Teeth,Maskprocessor,multiforcer,Ncrack,oclgausscrack,ophcrack,PACK,patator,phrasendrescher,polenum,RainbowCrack,rcracki- mt,RSMangler,SecLists,SQLdict,Statsprocessor,THC-pptp-bruter,TrueCrack,WebScarab,wordlists,zaproxy • Maintaining Access • CryptCat,Cymothoa,dbd,dns2tcp,HTTPTunnel,Intersect,Nishang,polenum,PowerSploit,pwnat,RidEnum,sbd,shellter,U3-Pwn,Webshells,Weevely,Winexe • Reverse engineering • apktool,dex2jar,diStorm3,edb-debugger,jad,javasnoop,JD-GUI,OllyDbg,smali,Valgrind,YARA • Hardware hacking • android-sdk,apktool,Arduino,dex2jar,Sakis3G,smali • Reporting tools • CaseFile,cherrytree,CutyCapt,dos2unix,Dradis,MagicTree,Metagoofil,Nipper-ng,pipal,RDPY https://www.kali.org/ https://tools.kali.org/tools-listing KALI
NMAP • Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing. • Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. • Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. • Nmap was designed to rapidly scan large networks, but works fine against single hosts. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping). • Nmap also has scripts that can detect network related issues. https://nmap.org/
• Beginners : use zenmap • Easy selection of what you want to do • All type of scans from pingsweep to intense scan • Nice way of displaying and reporting the stuff you find • But : you always get the nmap cli command for later use • Cool stuff : • NSE – all kinds of scripts to check out services and test them • OS detection • Service fingerprinting NMAP https://nmap.org/
Zenmap https://nmap.org/zenmap/
NMAP Examples from the cli • nmap --open 10.0.0.0/24 –p22 (quick way of finding all hosts in a network running ssh) • nmap --script http-headers -p80,443 www.ba.be • Checks the headers of the webserver • Nmap –script ssl-* -p443 storefront.marks.com • Checks the ssl-quality of a webserver ( keys, vulnerabilities, etc. ) • Locate *.nse gives you an overview of all plugins ( > 540 ) • All kinds of scripts for brute-forcing, checking known vulnerabilities, etc. https://nmap.org/
OPENVAS •Vulnerability scanner • Fork of the open source NESSUS tool that became commercial in 2005. • Nessus/Openvas is the most popular vulnerability scanner and third most popular security program currently in use. • Sits underneath a lot of commercial offerings : Greenbone, Acunetix, Alienvault, etc. •Uses a lot of tools (nmap, etc.) to check service and creates a clean report. https://www.tenable.com/products/nessus/nessus-professional http://www.openvas.org/
OPENVAS • Webbased vulnerability assessment tool • Especially important is de feed of vulnerabilities! • Community • Commercial feeds are available (react faster) http://www.openvas.org/
8
WIRESHARK • Wireshark is a network protocol analyzer. It lets you view traffic in as much detail as you want. Use Wireshark to follow network streams and find problems. • Wireshark is a tool designed for anyone needing to monitor their network for security or performance issues. And because Wireshark can read captured information from applications like Snoop, Sniffer, and Microsoft Network Monitor, it can also serve as an additional tool for network analysis. • Wireshark solves the problem of being able to analyze network traffic on any size network. Wireshark does this with the power often found in more costly tools, but for free. https://www.wireshark.org/
ETTERCAP • If you need to test your enterprise network for resistance to man-in- the-middle attacks (MITM), Ettercap is the tool. This program has been doing one thing – launching MITM attacks – since its initial release in 2001. • Ettercap has four basic modes of attack: IP-based, MAC-based, and two ARP-based strategies. You can decide which type of vulnerabilities to explore and look for how your environment responds to each. • In the process of scanning for a testing attack, Ettercap can provide a great deal of information about the network and its devices. As part of an overall security toolkit, Ettercap provides strong capabilities for MITM attacks and solid augmentation for analysis and visibility functions. https://www.ettercap-project.org/ettercap/
METASPLOIT • Metasploit is free and open source penetration software, which is very popular among white or black hat hackers. It is the best tool to test the network in an offensive way against open and well-known vulnerabilities. It is a combination of different modules for checking different exploits. It is also used for auditing and scanning. • Metasploit helps teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game. • It is useful for exploitation validation. When a vulnerability scanner shows a machine is vulnerable to an exploit manual testing is always a preferred practice to ensure it is not a false positive from the scanner. Manual validation allows the tester to better understand the exploit and how to properly defend from it. • Metasploit framework is used to run internal security tests. It helps to identify possible weaknesses in internal networks before compromise occurs. It's also used to justify costly updates to software and business practices by illustrating a vulnerability's possible use in the wild. https://github.com/rapid7/metasploit-framework https://www.metasploit.com/
GHIDRA • Ghidra is a software reverse engineering (SRE) framework developed by the NSA. It helps analyze malicious code and malware like viruses, and can give cybersecurity professionals a better understanding of potential vulnerabilities in their networks and systems. • The tool is ideal for software engineers, but will be especially useful for malware analysts first and foremost. • Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. https://ghidra-sre.org/ https://github.com/NationalSecurityAgency/ghidra
SIFT • SIFT is a group of free open-source incident response & forensic tools designed to perform detailed digital forensic examinations in a variety of settings. • SIFT can match any current incident response and forensic tool suite. • SIFT demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated. • This open source all-in-one forensic toolkit can easily be built right in cloud environments. https://digital-forensics.sans.org/community/downloads#overview
BINWALK Binwalk can: • Find and extract interesting files / data from binary images • Find and extract raw compression streams • Identify opcodes for a variety of architectures • Perform data entropy analysis • Heuristically analyze unknown compression / encryption • Visualize binary data • Diff an arbitrary number of files http://binwalk.org/
Ddrescue • GNU ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying to rescue the good parts first in case of read errors. • Ddrescue helps you make correct, forensic copies of disks (even when they are damaged) • Ddrescuelog is a tool that manipulates ddrescue mapfiles, shows mapfile contents, converts mapfiles to/from other formats, compares mapfiles, tests rescue status, and can delete a mapfile if the rescue is done. Ddrescuelog operations can be restricted to one or several parts of the mapfile if the domain setting options are used. • The basic operation of ddrescue is fully automatic. • The mapfile is periodically saved to disc. So in case of a crash you can resume the rescue with little recopying. Also, the same mapfile can be used for multiple commands that copy different areas of the file, and for multiple recovery attempts over different subsets. • Ddrescue also features a "fill mode" able to selectively overwrite parts of the output file, which has a number of interesting uses like wiping data, marking bad areas or even, in some cases, "repair" damaged sectors. • One of the great strengths of ddrescue is that it is interface-agnostic, and so can be used for any kind of device supported by your kernel (ATA, SATA, SCSI, old MFM drives, floppy discs, or even flash media cards like SD). https://www.gnu.org/software/ddrescue/
XPLICO • helps you extract files from internet traffic capture the applications data contained • For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. • Xplico is an open source Network Forensic Analysis Tool (NFAT). • Xplico System is composed from 4 macro-components: • a Decoder Manager called DeMa • an IP decoder called Xplico • a set of data manipulators • a visualization system to view data extracted https://www.xplico.org/
II. SECURITY MONITORING & LOGGING 2
NAGIOS • Nagios monitors the network: Infrastructure, traffic, and attached servers all fall within the reach of its basic or extended capabilities. • Nagios is available in both free and commercial versions. • Nagios Core is the heart of the open source project, based on the free, open source version. Individual products can be monitored, and individual tasks can be performed, by plug-ins; there are roughly 50 "official" plug-ins developed by Nagios and more than 3,000 plug-ins contributed by the community. • Nagios's user interface can be modified through a front end for the desktop, web, or mobile platform, and configuration can be managed through one of the available config tools. https://www.nagios.org/
ELK Stack 3 open source projects: • Elasticsearch is a search and analytics engine. • Logstash is a server-side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. • Kibana lets users visualize data with charts and graphs in Elasticsearch. https://www.elastic.co/elk-stack
ELK Stack https://www.elastic.co/elk-stack
ELK Stack • Elastic Stack is the next evolution of the ELK Stack, but with more flexibility to do great things. https://www.elastic.co/elk-stack
III. SYSTEM SECURITY 5
SNORT • SNORT has been the starting point of knowledge about intrusion detection systems (IDS) for more than a generation of security pros. • Snort can be configured in three separate modes: as a network sniffer, packet logger, or full IDS. As such, it can be the core of an automated security system or a component that sits alongside an array of commercial products. • Now owned by Cisco, Snort continues to evolve and be developed by an active community. • Community-developed IDS rules are available, as are rules licensed on a commercial basis. https://www.snort.org/
MOD_SECURITY •Open source Web Application Firewall addon for Apache and NGINX •Can be used with the standard OWASP set and commercial subscription. •Checks all incoming http/https sessions on certain based security guidelines https://modsecurity.org/
Lynis • Lynis is a tool that makes lists — lists of the applications and utilities it finds on Unix-based systems, lists of the versions of those systems, and lists of the vulnerabilities it finds in either the code or the configurations of each one. • With source code available on GitHub, Lynis has an active development community, with primary support coming from Cisofy. • One of the special capabilities of Lynis is that, because of its Unix foundation, it is able to perform scanning & evaluation of popular IoT development boards, including Raspberry Pi. https://cisofy.com/lynis/
Certbot • Encryption is critical for many security standards, including everyone's new favorite, GDPR. Implementing encryption can be complicated and costly, but the EFF has tried to make it less of both with tools like Certbot, an open source automatic client that fetches and deploys SSL/TLS certificates for your web server. • Certbot began as a front end for Let's Encrypt, but it has grown to be a client for any CA that supports the ACME protocol. • The Certbot project is part of the EFF's effort to "Encrypt the Internet," a goal that has been embraced by many privacy advocates and government regulators. Keeping your employees, partners, and customers safe is both a worthwhile goal and a legal responsibility; the open source tools discussed in this article can be helpful in making steps in that direction. https://certbot.eff.org/
VeraCrypt • VeraCrypt is the free open source disk encryption utility available to encrypt the file system. • Nowadays, we store our data in Dropbox, Google Drive and other cloud based software which guarantee privacy and security. But what if employees of those cloud services companies use that data for their own purposes? A better option is to encrypt those files/flash drives before dumping them into the cloud. https://www.veracrypt.fr/en/Home.html
Want to know more about open source security tools? http://www.hackingtools.in/
Want to know more about open source security tools? Marc Vael • marc@vael.net • @marcvael • https://www.linkedin.com/in/marcvael/ Jan Guldentops • j@ba.be • @JanGuldentops • https://www.linkedin.com/in/janguldentops/

Recommended

Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
 
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
 
Weekend Malware Research 2012
Weekend Malware Research 2012Weekend Malware Research 2012
Weekend Malware Research 2012Andrew Morris
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented DefenceSensePost
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tatSensePost
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
Tools kali
Tools kaliTools kali
Tools kaliketban0702
 

Recommended

Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoFruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud Xiao
Fruit vs Zombies: Defeat Non-jailbroken iOS Malware by Claud XiaoShakacon
 
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...
ShmooCon 2015: No Budget Threat Intelligence - Tracking Malware Campaigns on ...Andrew Morris
 
Web Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoWeb Application Security Testing: Kali Linux Is the Way to Go
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
 
Weekend Malware Research 2012
Weekend Malware Research 2012Weekend Malware Research 2012
Weekend Malware Research 2012Andrew Morris
 
Offence oriented Defence
Offence oriented DefenceOffence oriented Defence
Offence oriented DefenceSensePost
 
Rat a-tat-tat
Rat a-tat-tatRat a-tat-tat
Rat a-tat-tatSensePost
 
Outlook and Exchange for the bad guys
Outlook and Exchange for the bad guysOutlook and Exchange for the bad guys
Outlook and Exchange for the bad guysNick Landers
 
Tools kali
Tools kaliTools kali
Tools kaliketban0702
 
Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed OverviewSensePost
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingSteve Phillips
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009dnomura
 
Kali presentation
Kali presentationKali presentation
Kali presentationZain Ul abadin
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014grecsl
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsAPNIC
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...CODE BLUE
 
2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali LinuxJason Murray
 
Practical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPractical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPRISMA CSI
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014grecsl
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
After School cyber security class slides - Pat
After School cyber security class slides - PatAfter School cyber security class slides - Pat
After School cyber security class slides - PatDan Winson
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the KingdomDennis Maldonado
 
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPractical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPRISMA CSI
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015ESET
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHAndrew Morris
 
Ending the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeEnding the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeMichele Chubirka
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 

More Related Content

What's hot

Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed OverviewSensePost
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingSteve Phillips
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009dnomura
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014grecsl
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsAPNIC
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...CODE BLUE
 
2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali LinuxJason Murray
 
Practical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPractical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPRISMA CSI
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014grecsl
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface DevicePositive Hack Days
 
After School cyber security class slides - Pat
After School cyber security class slides - PatAfter School cyber security class slides - Pat
After School cyber security class slides - PatDan Winson
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the KingdomDennis Maldonado
 
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPractical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPRISMA CSI
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...Andrew Morris
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwarePriyanka Aash
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015ESET
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliPriyanka Aash
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHAndrew Morris
 

What's hot (20)

Heartbleed Overview
Heartbleed OverviewHeartbleed Overview
Heartbleed Overview
 
Hack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration TestingHack Attack! An Introduction to Penetration Testing
Hack Attack! An Introduction to Penetration Testing
 
Nomura UCCSC 2009
Nomura UCCSC 2009Nomura UCCSC 2009
Nomura UCCSC 2009
 
Kali presentation
Kali presentationKali presentation
Kali presentation
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at CactusCon on April 4, 2014
 
Threat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my HoneypotsThreat Con 2021: What's Hitting my Honeypots
Threat Con 2021: What's Hitting my Honeypots
 
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
PANDEMONIUM: Automated Identification of Cryptographic Algorithms using Dynam...
 
2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux2016 TTL Security Gap Analysis with Kali Linux
2016 TTL Security Gap Analysis with Kali Linux
 
Practical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability DetectionPractical White Hat Hacker Training - Vulnerability Detection
Practical White Hat Hacker Training - Vulnerability Detection
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
Malware Analysis 101 - N00b to Ninja in 60 Minutes at Notacon on April 12, 2014
 
Creating Havoc using Human Interface Device
Creating Havoc using Human Interface DeviceCreating Havoc using Human Interface Device
Creating Havoc using Human Interface Device
 
After School cyber security class slides - Pat
After School cyber security class slides - PatAfter School cyber security class slides - Pat
After School cyber security class slides - Pat
 
Sticky Keys to the Kingdom
Sticky Keys to the KingdomSticky Keys to the Kingdom
Sticky Keys to the Kingdom
 
Practical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber SecurityPractical White Hat Hacker Training - Introduction to Cyber Security
Practical White Hat Hacker Training - Introduction to Cyber Security
 
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
BSidesCharleston2014 - Ballin on a Budget: Tracking Chinese Malware Campaigns...
 
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malwareDefcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
Defcon 22-wesley-mc grew-instrumenting-point-of-sale-malware
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015Operation Buhtrap - AVAR 2015
Operation Buhtrap - AVAR 2015
 
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteliDefcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
Defcon 22-zoltan-balazs-bypass-firewalls-application-whiteli
 
Shmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSHShmoocon Epilogue 2013 - Ruining security models with SSH
Shmoocon Epilogue 2013 - Ruining security models with SSH
 

Similar to Top open source security tools you should know

Ending the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeEnding the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeMichele Chubirka
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdfMAHESHUMANATHGOPALAK
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdfBeratAkit
 
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUESEMERSON EDUARDO RODRIGUES
 
Eliz seminar
Eliz seminar Eliz seminar
Eliz seminar henelpj
 
EMBA Firmware analysis - TROOPERS22
EMBA Firmware analysis - TROOPERS22EMBA Firmware analysis - TROOPERS22
EMBA Firmware analysis - TROOPERS22MichaelM85042
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Mobodexter
 
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
EMBA - Firmware analysis DEFCON30 demolabs USA 2022EMBA - Firmware analysis DEFCON30 demolabs USA 2022
EMBA - Firmware analysis DEFCON30 demolabs USA 2022MichaelM85042
 
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...PaloAltoNetworks
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksAsep Sopyan
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)ClubHack
 
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptxBSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptxJasonOstrom1
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombPriyanka Aash
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsMichele Chubirka
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101dc612
 
hacking your website with vega, confoo2011
hacking your website with vega, confoo2011hacking your website with vega, confoo2011
hacking your website with vega, confoo2011Bachkoutou Toutou
 

Similar to Top open source security tools you should know (20)

Ending the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New HopeEnding the Tyranny of Expensive Security Tools: A New Hope
Ending the Tyranny of Expensive Security Tools: A New Hope
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
SOC-BlueTEam.pdf
SOC-BlueTEam.pdfSOC-BlueTEam.pdf
SOC-BlueTEam.pdf
 
100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf100 Security Operation Center Tools.pdf
100 Security Operation Center Tools.pdf
 
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
100 Security Operation Center Tools EMERSON EDUARDO RODRIGUES
 
soctool.pdf
soctool.pdfsoctool.pdf
soctool.pdf
 
Eliz seminar
Eliz seminar Eliz seminar
Eliz seminar
 
EMBA Firmware analysis - TROOPERS22
EMBA Firmware analysis - TROOPERS22EMBA Firmware analysis - TROOPERS22
EMBA Firmware analysis - TROOPERS22
 
Breach and attack simulation tools
Breach and attack simulation toolsBreach and attack simulation tools
Breach and attack simulation tools
 
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
Top 10 Software to Detect & Prevent Security Vulnerabilities from BlackHat US...
 
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
EMBA - Firmware analysis DEFCON30 demolabs USA 2022EMBA - Firmware analysis DEFCON30 demolabs USA 2022
EMBA - Firmware analysis DEFCON30 demolabs USA 2022
 
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...
 
Ceh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networksCeh v8 labs module 03 scanning networks
Ceh v8 labs module 03 scanning networks
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptxBSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
BSidesDFW2022-PurpleTeam_Cloud_Identity.pptx
 
RIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob HolcombRIoT (Raiding Internet of Things) by Jacob Holcomb
RIoT (Raiding Internet of Things) by Jacob Holcomb
 
Kali linux.ppt
Kali linux.pptKali linux.ppt
Kali linux.ppt
 
Demystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source OptionsDemystifying Wireless Security Using Open Source Options
Demystifying Wireless Security Using Open Source Options
 
DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101DC612 Day - Hands on Penetration Testing 101
DC612 Day - Hands on Penetration Testing 101
 
hacking your website with vega, confoo2011
hacking your website with vega, confoo2011hacking your website with vega, confoo2011
hacking your website with vega, confoo2011
 

More from B.A.

GDPR one year in: Observations
GDPR one year in: ObservationsGDPR one year in: Observations
GDPR one year in: ObservationsB.A.
 
Multicloud - Nadenken over een polynimbus infrastructuur
Multicloud - Nadenken over een polynimbus infrastructuurMulticloud - Nadenken over een polynimbus infrastructuur
Multicloud - Nadenken over een polynimbus infrastructuurB.A.
 
Werken aan je (digitale) toekomst ?
Werken aan je (digitale) toekomst ? Werken aan je (digitale) toekomst ?
Werken aan je (digitale) toekomst ? B.A.
 
Verhalen uit de loopgraven - Workshop Security & privacy
Verhalen uit de loopgraven - Workshop Security & privacyVerhalen uit de loopgraven - Workshop Security & privacy
Verhalen uit de loopgraven - Workshop Security & privacyB.A.
 
BC, DR & SLA's
BC, DR & SLA'sBC, DR & SLA's
BC, DR & SLA'sB.A.
 
Cyberincidenten - Verhalen uit de loopgraven
Cyberincidenten - Verhalen uit de loopgravenCyberincidenten - Verhalen uit de loopgraven
Cyberincidenten - Verhalen uit de loopgravenB.A.
 
The good, the Bad & the Ugly : ICT-beveiliging en privacy bij lokale besturen
The good, the Bad & the Ugly : ICT-beveiliging en privacy bij lokale besturenThe good, the Bad & the Ugly : ICT-beveiliging en privacy bij lokale besturen
The good, the Bad & the Ugly : ICT-beveiliging en privacy bij lokale besturenB.A.
 
GDPR Revealed: EU privacy wetgeving in het juiste perspectief
GDPR Revealed: EU privacy wetgeving in het juiste perspectiefGDPR Revealed: EU privacy wetgeving in het juiste perspectief
GDPR Revealed: EU privacy wetgeving in het juiste perspectiefB.A.
 
Belgium 101 - Snelle cursus zakendoen in België voor (Nederlandse) beginners
Belgium 101 - Snelle cursus zakendoen in België voor (Nederlandse) beginnersBelgium 101 - Snelle cursus zakendoen in België voor (Nederlandse) beginners
Belgium 101 - Snelle cursus zakendoen in België voor (Nederlandse) beginnersB.A.
 
Van brandweerman tot brandpreventieadviseur
Van brandweerman tot brandpreventieadviseurVan brandweerman tot brandpreventieadviseur
Van brandweerman tot brandpreventieadviseurB.A.
 
Business Continuity & Disaster Recovery introductie
Business Continuity & Disaster Recovery introductieBusiness Continuity & Disaster Recovery introductie
Business Continuity & Disaster Recovery introductieB.A.
 
Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learnedB.A.
 
Presentatie Proactieve Monitoring ( BA Monitoring )
Presentatie Proactieve Monitoring ( BA Monitoring )Presentatie Proactieve Monitoring ( BA Monitoring )
Presentatie Proactieve Monitoring ( BA Monitoring )B.A.
 
Storage: trends, oplossingen, caveats
Storage: trends, oplossingen, caveatsStorage: trends, oplossingen, caveats
Storage: trends, oplossingen, caveatsB.A.
 
De verschillende beveiligingsrisico’s van mobiele toepassingen en Devices
De verschillende beveiligingsrisico’s van mobiele toepassingen en DevicesDe verschillende beveiligingsrisico’s van mobiele toepassingen en Devices
De verschillende beveiligingsrisico’s van mobiele toepassingen en DevicesB.A.
 
Random thoughts on security
Random thoughts on securityRandom thoughts on security
Random thoughts on securityB.A.
 
Safeshops ? Nadenken over veiligheidsaspecten van E-shops/Commerce
Safeshops ? Nadenken over veiligheidsaspecten van E-shops/CommerceSafeshops ? Nadenken over veiligheidsaspecten van E-shops/Commerce
Safeshops ? Nadenken over veiligheidsaspecten van E-shops/CommerceB.A.
 
Proactive monitoring tools or services - Open Source
Proactive monitoring tools or services - Open Source Proactive monitoring tools or services - Open Source
Proactive monitoring tools or services - Open Source B.A.
 
Zarafa Tour 2014: "Where Zarafa can make a difference"
Zarafa Tour 2014: "Where Zarafa can make a difference"Zarafa Tour 2014: "Where Zarafa can make a difference"
Zarafa Tour 2014: "Where Zarafa can make a difference"B.A.
 
INFORUM - VEILIGHEIDSPROBLEMEN VOOR BIBLIOTHEEK EN ARCHIEF IN HET DIGITALE TI...
INFORUM - VEILIGHEIDSPROBLEMEN VOOR BIBLIOTHEEK EN ARCHIEF IN HET DIGITALE TI...INFORUM - VEILIGHEIDSPROBLEMEN VOOR BIBLIOTHEEK EN ARCHIEF IN HET DIGITALE TI...
INFORUM - VEILIGHEIDSPROBLEMEN VOOR BIBLIOTHEEK EN ARCHIEF IN HET DIGITALE TI...B.A.
 

More from B.A. (20)

GDPR one year in: Observations
GDPR one year in: ObservationsGDPR one year in: Observations
GDPR one year in: Observations
 
Multicloud - Nadenken over een polynimbus infrastructuur
Multicloud - Nadenken over een polynimbus infrastructuurMulticloud - Nadenken over een polynimbus infrastructuur
Multicloud - Nadenken over een polynimbus infrastructuur
 
Werken aan je (digitale) toekomst ?
Werken aan je (digitale) toekomst ? Werken aan je (digitale) toekomst ?
Werken aan je (digitale) toekomst ?
 
Verhalen uit de loopgraven - Workshop Security & privacy
Verhalen uit de loopgraven - Workshop Security & privacyVerhalen uit de loopgraven - Workshop Security & privacy
Verhalen uit de loopgraven - Workshop Security & privacy
 
BC, DR & SLA's
BC, DR & SLA'sBC, DR & SLA's
BC, DR & SLA's
 
Cyberincidenten - Verhalen uit de loopgraven
Cyberincidenten - Verhalen uit de loopgravenCyberincidenten - Verhalen uit de loopgraven
Cyberincidenten - Verhalen uit de loopgraven
 
The good, the Bad & the Ugly : ICT-beveiliging en privacy bij lokale besturen
The good, the Bad & the Ugly : ICT-beveiliging en privacy bij lokale besturenThe good, the Bad & the Ugly : ICT-beveiliging en privacy bij lokale besturen
The good, the Bad & the Ugly : ICT-beveiliging en privacy bij lokale besturen
 
GDPR Revealed: EU privacy wetgeving in het juiste perspectief
GDPR Revealed: EU privacy wetgeving in het juiste perspectiefGDPR Revealed: EU privacy wetgeving in het juiste perspectief
GDPR Revealed: EU privacy wetgeving in het juiste perspectief
 
Belgium 101 - Snelle cursus zakendoen in België voor (Nederlandse) beginners
Belgium 101 - Snelle cursus zakendoen in België voor (Nederlandse) beginnersBelgium 101 - Snelle cursus zakendoen in België voor (Nederlandse) beginners
Belgium 101 - Snelle cursus zakendoen in België voor (Nederlandse) beginners
 
Van brandweerman tot brandpreventieadviseur
Van brandweerman tot brandpreventieadviseurVan brandweerman tot brandpreventieadviseur
Van brandweerman tot brandpreventieadviseur
 
Business Continuity & Disaster Recovery introductie
Business Continuity & Disaster Recovery introductieBusiness Continuity & Disaster Recovery introductie
Business Continuity & Disaster Recovery introductie
 
Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned Hit by a Cyberattack: lesson learned
Hit by a Cyberattack: lesson learned
 
Presentatie Proactieve Monitoring ( BA Monitoring )
Presentatie Proactieve Monitoring ( BA Monitoring )Presentatie Proactieve Monitoring ( BA Monitoring )
Presentatie Proactieve Monitoring ( BA Monitoring )
 
Storage: trends, oplossingen, caveats
Storage: trends, oplossingen, caveatsStorage: trends, oplossingen, caveats
Storage: trends, oplossingen, caveats
 
De verschillende beveiligingsrisico’s van mobiele toepassingen en Devices
De verschillende beveiligingsrisico’s van mobiele toepassingen en DevicesDe verschillende beveiligingsrisico’s van mobiele toepassingen en Devices
De verschillende beveiligingsrisico’s van mobiele toepassingen en Devices
 
Random thoughts on security
Random thoughts on securityRandom thoughts on security
Random thoughts on security
 
Safeshops ? Nadenken over veiligheidsaspecten van E-shops/Commerce
Safeshops ? Nadenken over veiligheidsaspecten van E-shops/CommerceSafeshops ? Nadenken over veiligheidsaspecten van E-shops/Commerce
Safeshops ? Nadenken over veiligheidsaspecten van E-shops/Commerce
 
Proactive monitoring tools or services - Open Source
Proactive monitoring tools or services - Open Source Proactive monitoring tools or services - Open Source
Proactive monitoring tools or services - Open Source
 
Zarafa Tour 2014: "Where Zarafa can make a difference"
Zarafa Tour 2014: "Where Zarafa can make a difference"Zarafa Tour 2014: "Where Zarafa can make a difference"
Zarafa Tour 2014: "Where Zarafa can make a difference"
 
INFORUM - VEILIGHEIDSPROBLEMEN VOOR BIBLIOTHEEK EN ARCHIEF IN HET DIGITALE TI...
INFORUM - VEILIGHEIDSPROBLEMEN VOOR BIBLIOTHEEK EN ARCHIEF IN HET DIGITALE TI...INFORUM - VEILIGHEIDSPROBLEMEN VOOR BIBLIOTHEEK EN ARCHIEF IN HET DIGITALE TI...
INFORUM - VEILIGHEIDSPROBLEMEN VOOR BIBLIOTHEEK EN ARCHIEF IN HET DIGITALE TI...
 

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 

Recently uploaded (20)

Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 

Top open source security tools you should know

  • 1. What are relevant open source security tools you should know and use today? Marc Vael, SAI.be Jan Guldentops, BA.be Wednesday 20th of March 2019 Brussels, Belgium
  • 2. Disclaimer The views and opinions expressed during this session are those of the speakers. Nothing in this session should be construed as professional or security advice. For all tools shown in this presentation, quality has been demonstrated by thousands of users who have downloaded, deployed and actively used/reviewed them.
  • 3. Disclaimer bis This presentation is only a “45 minute appetizer” ! • There are plenty of open source security tools that we will not discuss today…. (more about this later)
  • 4.
  • 5. Red Hat = 100% open source company • IBM could download all their code for free & use it • Still IBM paid 34.000.000.000 USD
  • 6. Why use open source security tools? 1. Cost is one of the reasons why security professionals spend some of their time working with open source security tools. 2. Whether for learning, experimenting, dealing with new or unique situations or deploying on a production basis, security professionals look at open source security software as a valuable part of their toolkit. 3. Transparancy: you have access to all code & you are free to do whatever you like with it! 4. Avoiding lock-in with a specific security vendor/supplier.
  • 7. Open Source Security Tools facilitators
  • 8. Categories We have taken the liberty to split up all open source security tools in the following 3 main categories : I. Security audits, testing & forensics II. Security monitoring & logging III.System Security
  • 9. Tools we will not discuss in the next minutes…
  • 10.
  • 11. I. SECURITY AUDITS, TESTING & FORENSICS 3
  • 12. • Hindu goddess, destroyer of evil forces • = a Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. Kali contains several hundred tools aimed at various information security tasks, such as Penetration Testing, Forensics and Reverse Engineering. • The ideal place to start if you want to start using open source tools for auditing & forensic. • Used to be called backtrack • Just boot the distro and you have all your tools available. • A lot of tutorials available https://www.kali.org/ https://tools.kali.org/tools-listing KALI
  • 13. How to use KALI (1) • Bootable usb • Live • Install • Use encrypted filesystems ! • vm • Virtualbox, KVM or vmware on your laptop. • @ cloud provider ideal for auditing the “outside” • E.g. Azure, Google Cloud, Hetzner, etc. KALI https://www.kali.org/ https://tools.kali.org/tools-listing
  • 14. Advanced Kali use • Probe • We use a raspberry pi as an audit device. • PI3 + POE HAT/powerbank + external usbbased WIFI • +- 130€ • Leave it behind at customers : • Sets up a vpn, ssh or dns tunnel to our hq • We have all the tools available for wifi, network and other auditing. https://www.kali.org/ https://tools.kali.org/tools-listing KALI
  • 15. • Information Gathering • ace-voip,Amap,APT2,arp-scan,Automater,bing-ip2hosts,braa,CaseFile,CDPSnarf,cisco-torch,copy-router- config,DMitry,dnmap,dnsenum,dnsmap,DNSRecon,dnstracer,dnswalk,DotDotPwn,enum4linux,enumIAX,EyeWitness,Faraday,Fierce,Firewalk,fragroute,fragr outer,Ghost Phisher,GoLismero,goofile,hping3,ident-user-enum,InSpy,InTrace,iSMTP,lbd,Maltego Teeth,masscan,Metagoofil,Miranda,nbtscan- unixwiz,Nikto,Nmap,ntop,OSRFramework,p0f,Parsero,Recon-ng,SET,SMBMap,smtp-user-enum,snmp- check,SPARTA,sslcaudit,SSLsplit,sslstrip,SSLyze,Sublist3r,THC-IPV6,theHarvester,TLSSLed,twofi,Unicornscan,URLCrazy,Wireshark,WOL-E,Xplico • Vulnerability Analysis • BBQSQL,BED,cisco-auditing-tool,cisco-global-exploiter,cisco-ocs,cisco-torch,copy-router-config,Doona,DotDotPwn,HexorBase,jSQL Injection,Lynis,Nmap,ohrwurm,openvas,Oscanner,Powerfuzzer,sfuzz,SidGuesser,SIPArmyKnife,sqlmap,Sqlninja,sqlsus,THC-IPV6,tnscmd10g,unix-privesc- check,Yersinia • Wireless Attacks • Airbase-ng,Aircrack-ng,Airdecap-ng and Airdecloak-ng,Aireplay-ng,airgraph-ng,Airmon-ng,Airodump-ng,airodump-ng-oui-update,Airolib-ng,Airserv- ng,Airtun-ng,Asleap,Besside-ng,Bluelog,BlueMaho,Bluepot,BlueRanger,Bluesnarfer,Bully,coWPAtty,crackle,eapmd5pass,Easside-ng,Fern Wifi Cracker,FreeRADIUS-WPE,Ghost Phisher,GISKismet,Gqrx,gr-scan,hostapd-wpe,ivstools,kalibrate-rtl,KillerBee,Kismet,makeivs- ng,mdk3,mfcuk,mfoc,mfterm,Multimon-NG,Packetforge-ng,PixieWPS,Pyrit,Reaver,redfang,RTLSDR Scanner,Spooftooph,Tkiptun-ng,Wesside-ng,Wifi Honey,wifiphisher,Wifitap,Wifite,wpaclean • Web Application Security • apache-users,Arachni,BBQSQL,BlindElephant,Burp Suite,CutyCapt,DAVTest,deblaze,DIRB,DirBuster,fimap,FunkLoad,Gobuster,Grabber,hURL,jboss- autopwn,joomscan,jSQL Injection,Maltego Teeth,Nikto,PadBuster,Paros,Parsero,plecost,Powerfuzzer,ProxyStrike,Recon- ng,Skipfish,sqlmap,Sqlninja,sqlsus,ua-tester,Uniscan,w3af,WebScarab,Webshag,WebSlayer,WebSploit,Wfuzz,WhatWeb,WPScan,XSSer,zaproxy • Exploitation tools • Armitage,Backdoor Factory,BeEF,cisco-auditing-tool,cisco-global-exploiter,cisco-ocs,cisco-torch,Commix,crackle,exploitdb,jboss-autopwn,Linux Exploit Suggester,Maltego Teeth,Metasploit Framework,MSFPC,RouterSploit,SET,ShellNoob,sqlmap,THC-IPV6,Yersinia • Stress testing • DHCPig,FunkLoad,iaxflood,Inundator,inviteflood,ipv6-toolkit,mdk3,Reaver,rtpflood,SlowHTTPTest,t50,Termineter,THC-IPV6,THC-SSL-DOS https://www.kali.org/ https://tools.kali.org/tools-listing KALI
  • 16. • Forensic tools • Binwalk,bulk-extractor,Capstone,chntpw,Cuckoo,dc3dd,ddrescue,DFF,diStorm3,Dumpzilla,extundelete,Foremost,Galleta,Guymager,iPhone Backup Analyzer,p0f,pdf-parser,pdfid,pdgmail,peepdf,RegRipper,Volatility,Xplico • Sniffing & spoofing • bettercap,Burp Suite,DNSChef,fiked,hamster-sidejack,HexInject,iaxflood,inviteflood,iSMTP,isr-evilgrade,mitmproxy,ohrwurm,protos- sip,rebind,responder,rtpbreak,rtpinsertsound,rtpmixsound,sctpscan,SIPArmyKnife,SIPp,SIPVicious,SniffJoke,SSLsplit,sslstrip,THC- IPV6,VoIPHopper,WebScarab,Wifi Honey,Wireshark,xspy,Yersinia,zaproxy • Password attacks • BruteSpray,Burp Suite,CeWL,chntpw,cisco-auditing-tool,CmosPwd,creddump,crowbar,crunch,findmyhash,gpp-decrypt,hash- identifier,Hashcat,HexorBase,THC-Hydra,John the Ripper,Johnny,keimpx,Maltego Teeth,Maskprocessor,multiforcer,Ncrack,oclgausscrack,ophcrack,PACK,patator,phrasendrescher,polenum,RainbowCrack,rcracki- mt,RSMangler,SecLists,SQLdict,Statsprocessor,THC-pptp-bruter,TrueCrack,WebScarab,wordlists,zaproxy • Maintaining Access • CryptCat,Cymothoa,dbd,dns2tcp,HTTPTunnel,Intersect,Nishang,polenum,PowerSploit,pwnat,RidEnum,sbd,shellter,U3-Pwn,Webshells,Weevely,Winexe • Reverse engineering • apktool,dex2jar,diStorm3,edb-debugger,jad,javasnoop,JD-GUI,OllyDbg,smali,Valgrind,YARA • Hardware hacking • android-sdk,apktool,Arduino,dex2jar,Sakis3G,smali • Reporting tools • CaseFile,cherrytree,CutyCapt,dos2unix,Dradis,MagicTree,Metagoofil,Nipper-ng,pipal,RDPY https://www.kali.org/ https://tools.kali.org/tools-listing KALI
  • 17. NMAP • Nmap (Network Mapper) is a free and open source utility for network discovery and security auditing. • Many systems and network administrators also find it useful for tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime. • Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. • Nmap was designed to rapidly scan large networks, but works fine against single hosts. In addition to the classic command-line Nmap executable, the Nmap suite includes an advanced GUI and results viewer (Zenmap), a flexible data transfer, redirection, and debugging tool (Ncat), a utility for comparing scan results (Ndiff), and a packet generation and response analysis tool (Nping). • Nmap also has scripts that can detect network related issues. https://nmap.org/
  • 18. • Beginners : use zenmap • Easy selection of what you want to do • All type of scans from pingsweep to intense scan • Nice way of displaying and reporting the stuff you find • But : you always get the nmap cli command for later use • Cool stuff : • NSE – all kinds of scripts to check out services and test them • OS detection • Service fingerprinting NMAP https://nmap.org/
  • 20. NMAP Examples from the cli • nmap --open 10.0.0.0/24 –p22 (quick way of finding all hosts in a network running ssh) • nmap --script http-headers -p80,443 www.ba.be • Checks the headers of the webserver • Nmap –script ssl-* -p443 storefront.marks.com • Checks the ssl-quality of a webserver ( keys, vulnerabilities, etc. ) • Locate *.nse gives you an overview of all plugins ( > 540 ) • All kinds of scripts for brute-forcing, checking known vulnerabilities, etc. https://nmap.org/
  • 21. OPENVAS •Vulnerability scanner • Fork of the open source NESSUS tool that became commercial in 2005. • Nessus/Openvas is the most popular vulnerability scanner and third most popular security program currently in use. • Sits underneath a lot of commercial offerings : Greenbone, Acunetix, Alienvault, etc. •Uses a lot of tools (nmap, etc.) to check service and creates a clean report. https://www.tenable.com/products/nessus/nessus-professional http://www.openvas.org/
  • 22. OPENVAS • Webbased vulnerability assessment tool • Especially important is de feed of vulnerabilities! • Community • Commercial feeds are available (react faster) http://www.openvas.org/
  • 23. 8
  • 24. WIRESHARK • Wireshark is a network protocol analyzer. It lets you view traffic in as much detail as you want. Use Wireshark to follow network streams and find problems. • Wireshark is a tool designed for anyone needing to monitor their network for security or performance issues. And because Wireshark can read captured information from applications like Snoop, Sniffer, and Microsoft Network Monitor, it can also serve as an additional tool for network analysis. • Wireshark solves the problem of being able to analyze network traffic on any size network. Wireshark does this with the power often found in more costly tools, but for free. https://www.wireshark.org/
  • 25. ETTERCAP • If you need to test your enterprise network for resistance to man-in- the-middle attacks (MITM), Ettercap is the tool. This program has been doing one thing – launching MITM attacks – since its initial release in 2001. • Ettercap has four basic modes of attack: IP-based, MAC-based, and two ARP-based strategies. You can decide which type of vulnerabilities to explore and look for how your environment responds to each. • In the process of scanning for a testing attack, Ettercap can provide a great deal of information about the network and its devices. As part of an overall security toolkit, Ettercap provides strong capabilities for MITM attacks and solid augmentation for analysis and visibility functions. https://www.ettercap-project.org/ettercap/
  • 26. METASPLOIT • Metasploit is free and open source penetration software, which is very popular among white or black hat hackers. It is the best tool to test the network in an offensive way against open and well-known vulnerabilities. It is a combination of different modules for checking different exploits. It is also used for auditing and scanning. • Metasploit helps teams do more than just verify vulnerabilities, manage security assessments, and improve security awareness; it empowers and arms defenders to always stay one step (or two) ahead of the game. • It is useful for exploitation validation. When a vulnerability scanner shows a machine is vulnerable to an exploit manual testing is always a preferred practice to ensure it is not a false positive from the scanner. Manual validation allows the tester to better understand the exploit and how to properly defend from it. • Metasploit framework is used to run internal security tests. It helps to identify possible weaknesses in internal networks before compromise occurs. It's also used to justify costly updates to software and business practices by illustrating a vulnerability's possible use in the wild. https://github.com/rapid7/metasploit-framework https://www.metasploit.com/
  • 27. GHIDRA • Ghidra is a software reverse engineering (SRE) framework developed by the NSA. It helps analyze malicious code and malware like viruses, and can give cybersecurity professionals a better understanding of potential vulnerabilities in their networks and systems. • The tool is ideal for software engineers, but will be especially useful for malware analysts first and foremost. • Capabilities include disassembly, assembly, decompilation, graphing, and scripting, along with hundreds of other features. Ghidra supports a wide variety of processor instruction sets and executable formats and can be run in both user-interactive and automated modes. Users may also develop their own Ghidra plug-in components and/or scripts using Java or Python. https://ghidra-sre.org/ https://github.com/NationalSecurityAgency/ghidra
  • 28. SIFT • SIFT is a group of free open-source incident response & forensic tools designed to perform detailed digital forensic examinations in a variety of settings. • SIFT can match any current incident response and forensic tool suite. • SIFT demonstrates that advanced incident response capabilities and deep dive digital forensic techniques to intrusions can be accomplished using cutting-edge open-source tools that are freely available and frequently updated. • This open source all-in-one forensic toolkit can easily be built right in cloud environments. https://digital-forensics.sans.org/community/downloads#overview
  • 29. BINWALK Binwalk can: • Find and extract interesting files / data from binary images • Find and extract raw compression streams • Identify opcodes for a variety of architectures • Perform data entropy analysis • Heuristically analyze unknown compression / encryption • Visualize binary data • Diff an arbitrary number of files http://binwalk.org/
  • 30. Ddrescue • GNU ddrescue is a data recovery tool. It copies data from one file or block device (hard disc, cdrom, etc) to another, trying to rescue the good parts first in case of read errors. • Ddrescue helps you make correct, forensic copies of disks (even when they are damaged) • Ddrescuelog is a tool that manipulates ddrescue mapfiles, shows mapfile contents, converts mapfiles to/from other formats, compares mapfiles, tests rescue status, and can delete a mapfile if the rescue is done. Ddrescuelog operations can be restricted to one or several parts of the mapfile if the domain setting options are used. • The basic operation of ddrescue is fully automatic. • The mapfile is periodically saved to disc. So in case of a crash you can resume the rescue with little recopying. Also, the same mapfile can be used for multiple commands that copy different areas of the file, and for multiple recovery attempts over different subsets. • Ddrescue also features a "fill mode" able to selectively overwrite parts of the output file, which has a number of interesting uses like wiping data, marking bad areas or even, in some cases, "repair" damaged sectors. • One of the great strengths of ddrescue is that it is interface-agnostic, and so can be used for any kind of device supported by your kernel (ATA, SATA, SCSI, old MFM drives, floppy discs, or even flash media cards like SD). https://www.gnu.org/software/ddrescue/
  • 31. XPLICO • helps you extract files from internet traffic capture the applications data contained • For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. • Xplico is an open source Network Forensic Analysis Tool (NFAT). • Xplico System is composed from 4 macro-components: • a Decoder Manager called DeMa • an IP decoder called Xplico • a set of data manipulators • a visualization system to view data extracted https://www.xplico.org/
  • 32. II. SECURITY MONITORING & LOGGING 2
  • 33. NAGIOS • Nagios monitors the network: Infrastructure, traffic, and attached servers all fall within the reach of its basic or extended capabilities. • Nagios is available in both free and commercial versions. • Nagios Core is the heart of the open source project, based on the free, open source version. Individual products can be monitored, and individual tasks can be performed, by plug-ins; there are roughly 50 "official" plug-ins developed by Nagios and more than 3,000 plug-ins contributed by the community. • Nagios's user interface can be modified through a front end for the desktop, web, or mobile platform, and configuration can be managed through one of the available config tools. https://www.nagios.org/
  • 34. ELK Stack 3 open source projects: • Elasticsearch is a search and analytics engine. • Logstash is a server-side data processing pipeline that ingests data from multiple sources simultaneously, transforms it, and then sends it to a "stash" like Elasticsearch. • Kibana lets users visualize data with charts and graphs in Elasticsearch. https://www.elastic.co/elk-stack
  • 36. ELK Stack • Elastic Stack is the next evolution of the ELK Stack, but with more flexibility to do great things. https://www.elastic.co/elk-stack
  • 38. SNORT • SNORT has been the starting point of knowledge about intrusion detection systems (IDS) for more than a generation of security pros. • Snort can be configured in three separate modes: as a network sniffer, packet logger, or full IDS. As such, it can be the core of an automated security system or a component that sits alongside an array of commercial products. • Now owned by Cisco, Snort continues to evolve and be developed by an active community. • Community-developed IDS rules are available, as are rules licensed on a commercial basis. https://www.snort.org/
  • 39. MOD_SECURITY •Open source Web Application Firewall addon for Apache and NGINX •Can be used with the standard OWASP set and commercial subscription. •Checks all incoming http/https sessions on certain based security guidelines https://modsecurity.org/
  • 40. Lynis • Lynis is a tool that makes lists — lists of the applications and utilities it finds on Unix-based systems, lists of the versions of those systems, and lists of the vulnerabilities it finds in either the code or the configurations of each one. • With source code available on GitHub, Lynis has an active development community, with primary support coming from Cisofy. • One of the special capabilities of Lynis is that, because of its Unix foundation, it is able to perform scanning & evaluation of popular IoT development boards, including Raspberry Pi. https://cisofy.com/lynis/
  • 41. Certbot • Encryption is critical for many security standards, including everyone's new favorite, GDPR. Implementing encryption can be complicated and costly, but the EFF has tried to make it less of both with tools like Certbot, an open source automatic client that fetches and deploys SSL/TLS certificates for your web server. • Certbot began as a front end for Let's Encrypt, but it has grown to be a client for any CA that supports the ACME protocol. • The Certbot project is part of the EFF's effort to "Encrypt the Internet," a goal that has been embraced by many privacy advocates and government regulators. Keeping your employees, partners, and customers safe is both a worthwhile goal and a legal responsibility; the open source tools discussed in this article can be helpful in making steps in that direction. https://certbot.eff.org/
  • 42. VeraCrypt • VeraCrypt is the free open source disk encryption utility available to encrypt the file system. • Nowadays, we store our data in Dropbox, Google Drive and other cloud based software which guarantee privacy and security. But what if employees of those cloud services companies use that data for their own purposes? A better option is to encrypt those files/flash drives before dumping them into the cloud. https://www.veracrypt.fr/en/Home.html
  • 43.
  • 44. Want to know more about open source security tools? http://www.hackingtools.in/
  • 45. Want to know more about open source security tools? Marc Vael • marc@vael.net • @marcvael • https://www.linkedin.com/in/marcvael/ Jan Guldentops • j@ba.be • @JanGuldentops • https://www.linkedin.com/in/janguldentops/