Tenable Nessus

The Nessus® vulnerability scanner is the world-leader in active scanners with more than five million downloads to date. Nessus features high-speed discovery, configuration auditing, asset profiling, sensitive data discovery and vulnerability analysis of your security posture. Nessus scanners can be distributed throughout an entire enterprise, inside DMZs and across physically separate networks.

Source: http://www.nessus.org/products/nessus
How to Install (Ubuntu): http://linhost.info/2009/03/nessus-installation-on-ubuntu/

Run Nessus Server: /etc/init.d/nessusd start
Run Nessus Client: in browser
Stored Folder: /opt/nessus/


User2sid and Sid2user are two small utilities for Windows NT, created by Evgenii Rudny, that allow the administrator to query the SAM to find out a SID value for a given account name and vice versa. User2sid.exe can retrieve a SID from the SAM (Security Accounts Manager) from the local or a remote machine and Sid2user.exe can then be used to retrieve the names of all the user accounts and more. These utilities do not exploit a bug but call the functions; LookupAccountName and LookupAccountSid respectively. These tools can be called against a remote machine without providing logon credentials except those needed for a null session connection. These tools rely on the ability to create a null session in order to work.

Source: http://www.windowsecurity.com/whitepapers/Windows-Enumeration-USER2SID-SID2USER.html
Download: http://securityoverride.com/infusions/pro_download_panel/download.php?did=24


We all know that by using the Windows delete key and removing them from the trash is not going to be sufficient as I have previously written in one of my posts Recovering Deleted Files and Partitions.  SDelete is a tool that is capable of preventing these tools from recovering them!  Mark Russinovich tells us more about SDelete.

“The only way to ensure that deleted files, as well as files that you encrypt with EFS, are safe from recovery is to use a secure delete application. Secure delete applications overwrite a deleted file’s on-disk data using techiques that are shown to make disk data unrecoverable, even using recovery technology that can read patterns in magnetic media that reveal weakly deleted files. SDelete (Secure Delete) is such an application. You can use SDelete both to securely delete existing files, as well as to securely erase any file data that exists in the unallocated portions of a disk (including files that you have already deleted or encrypted). SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, to give you confidence that once deleted with SDelete, your file data is gone forever.”

Source: http://technet.microsoft.com/en-us/sysinternals/bb897443

TCPDUMP | Network Sniffing Tool

Tcpdump is similar to what Wireshark in which i have explained earlier in my posts.  It captures packets that travels through your network into your computer disregarding whether it is from the Internet or your inner network.  Tcpdump is a command line utility whereby you would have to set the options before you proceed in capturing packets.  This application is very useful especially for network administrators as well as security analyst to analyze threats that are in the system.  Personally, i run tcpdump on my Ubuntu laptop.  To get tcpdump on your Ubuntu, type “sudo apt-get install tcpdump”.  The thing is that tcpdump runs in Linux based machines while it is called WinDump in the Windows operating system.  Basically it is up to you to run tcpdump in Linux, WinDump in Windows or Wireshark (Linux/Windows) but the most important thing is how good are you at using it.

Source: http://www.tcpdump.org/

Wireshark | Network Sniffing Tool

Wireshark is one of the tools that help you identify incoming and outgoing packets be it UDP or TCP level, ICMP or IP level.  Wireshark is a tool that intercepts packets and analyze them.  One of the helpful tool that helped me analyze how website POST GET works for my projects, it is considered user friendly thanks to its Graphical User Interface.  The GUI of Wireshark is one of its strong points.  You are able to look at a list of tens and thousands of packets and filter them according to your need with conditional statements.  Wireshark is capable of running in both Linux and Windows. Read the rest of this entry »

TinEye | The perfect tool to search duplicate images

We all hate people that plagiarizes; stealing our property and using it for their own selfish use without giving any credits to the people that had done much.  Have you ever drew any wallpaper that is cool and shared it to the world wide web only to find that someone had claimed it to be a property of his?  Find this situation common?  Use TinEye, a website where you can upload your own image and search through the world wide web for any duplicates of your own product!

Source: TinEye Reverse Image Search

Googlestruction, the ultimate power!

Do you know that Google is a very powerful search tool?  I am not trying to pull your leg here asking you to use Uncle Google in time of needs.  I had a lesson today in one of my lecturer classes given by my professor in the subject Malicious Software and Security Programming.  Do you know that googling may give you result you may never expected?  Try googling for “site:myschool.com allintext:exam paper filetype:doc OR filetype:pdf”.  This may just give you your coming exams paper!  Today i will be posting some of the amazing links that can be helpful with Google!

1.) IHS | GHDB
2.) Google Hacking Database, GHDB, Google Dorks

I would like to highlight that the first link posted above is the person that has discovered GHDB according to my professor.  If you like this post or require some study materials in learning Google Hacking, write a comment below so i will update it further.


Nirsoft is a website where you can find utilities for nearly every possible need in computing!  Doesn’t matter whether you’re a programmer, network administrator, forensics specialist or a nobody, Nirsoft provide tools that are useful for everyone.  You can find password recovery tools (where hackers usually use them for their malicious intent), or system tools where you can view detailed information of your computer (although you would require certain knowledge to understand them).

Visit NirSoft here.

Checking file types

If you are a forensic investigator, you would need to know how to study files byte by byte understanding their signatures.  You need to check their header or magic number.  For example, executables magic number would be the ASCII value “MZ” or hexadecimal value “5A4D”.  By using hex editors such as Hex Workshop, you are capable of reading files in their bytes.  If you doubt a file of it’s actual extension you can always use Hex Workshop and check with Filext.com, an online website that helps you see what magic number files have!  Search the file extension in Filext.com and look at its magic number and compare with the one you saw in Hex Workshop.

Booting DBAN from a pendrive

DBAN or Darik’s Boot and Nuke software is a great deal for erasing any hard drive you want the quickest.  As mentioned in one of the previous post and it’s homepage if you saw, it is basically installed on a CD or DVD.  However as convenient as it can be, it is possible to install DBAN on a pendrive!  In this post, you will be guided from top to bottom on how to setup your own pendrive DBAN. Read the rest of this entry »