Create your own awesome maps

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account?
Log In

Sécurité informatique by Mind Map: Sécurité informatique
5.0 stars - 2 reviews range from 0 to 5

Sécurité informatique

veille

gouv

NIST

CERTA

fiches sensibilisation http://www.ene.fr/fr/eneinformer/fiches-information-usages-tic/fiches-ssi-pratic.html

forum iranien http://forum.itsecteam.com/

http://www.offensivecomputing.net/

securityfocus

archives

http://www.orkspace.net/secdocs/

mindmaps

Paolo Pinto hacking

web 2.0

aide memoire pastebin

source code

http://en.pudn.com/

Search engines http://r00tsec.blogspot.com/2011/05/search-engine-for-everything.html

http://lulzsecurity.com/releases

http://www.exploitsearch.net/

crypto

http://eprint.iacr.org/

Infond

Ubuntu post installation script infondlinux

botnets

http://www.clusif.asso.fr/fr/production/ouvrages/pdf/CLUSIF-2009-Bots-et-Botnets.pdf

http://www.cisco.com/web/about/security/intelligence/bots.html

http://www.lasecuriteoffensive.fr/faisabilité-d’un-réseau-décentralisé-introduction

publication Cliff Zou

framework peer to peer GNUnet

Resilient botnet command and control with tor

Take a deep breath: a Stealthy, Resilient and Cost-Effective Botnet Using Skype

trusted platforms

Noémie Floissac

MISC 45 Quelle confiance accorder aux TPM?

2009 Quel avenir pour le TPM

Infond

authentification forte avec TPM

ecryptfs et TPM

pentest

Static code analysis

PHP, RIPS

C, Fortify, heap overflow, Valgrind

tools list, http://samate.nist.gov/index.php/Source_Code_Security_Analyzers.html

C++, java, recréer les diagrammes de classes, bouml

training

de-ice training platform

lampsecurity.org

information gathering

footPrinting, hostmap.rb, Description hostmap, hostmap sur packetstorm, dnsdic.py, dnsbf.py, robtex.com, MetaGoofil, Google subdomains finder, gxfr, creepy geolocalisation agregator, maltego, subdomainer.pl, http://dnshistory.org/, fierce, domain names, www.archive.org, www.score3.com, wikto

find vuln sites, shodan

port scanning, Scripts nmap, Tuto fr coder un plugin nmap

transfert de zone, dig -t axfr @dns.server.com. macible.fr.

protocole

http, Firefox add-ons, Live http headers, Firebug, TamperData, spider, dirBuster, Http splitting, white paper, yehg WebGoat

sql, sql injection, safe3 sql injector, sqlmap, customize sqlmap, havij (win), exploitmyunion, commandes_utiles en injection sql, sqlsus, sql injection tools list, Sql injection python tool, tutos, Reiner's weblog exploiting hard filtered sql injections, 1, 2, 3, sqli detection evasion, M Cherifi, pentestmonkey cheat sheets, LordDaedalus, phpsecure, sql injection pocket reference, Bit shifting, find_in_set, Bypassing WAF, Ms access, sqli

php, file include, http://websec.wordpress.com/2010/02/22/exploiting-php-file-inclusion-overview/, liste de fichiers intéressants, en PHP: passthru() = exec(), php://filter/convert.base64-encode/resource=index.php permet afficher source fichier, fonctions pourries, ereg, eregi, obfuscation, weevely.py, Repérer obfuscation, NeoPI.py, PHP vulnerability whitebox hunter

tcp, netcat Windows, Detect load balancer, MITM pour analyser flux réseaux Mallory

ssh, hydra, edgessh

scapy, présentation de scapy

simulateur réseau, GNS3

fuzzer, sulley, spike

javascript, jsunpack, https://code.google.com/p/jsunpack-n/, http://jsunpack.jeek.org/dec/go

sip, voip sipvicious

pcap, xplico pcap network capture data extraction, rawcap tiny sniffer for Windows generate pcap

SSTP, SSTP_reveal.py

VOIP, pentesting VOIP, VOIP classic exploits

web services, http://clawslab.nds.rub.de/wiki/index.php/Main_Page

Netbios, Net2sharepwn

listes outils pentest

http://dirk-loss.de/python-tools.htm

deobfuscation de code

beautifier

decompileur

flash, sothink

java, Win: DJ java decompiler (utiliser fichier ligne commande), jdgui

AciveX, TypeLib Browser, Visual Studio, WinAPIOverride32, Autodebug

versionning

wamp, permet de choisir rapidement parmi plusieurs version Apache, PHP, MySQL...

assembleur

hextoasm, python -c "print "\\x90\\x42"" | tr -d\r"\\r\\n" | ndisasm -u -

bruteforce

rainbow tables, http://rainbowtables.shmoo.com/

audit windows

astuces, Nicolas Ruff, http://pentestit.com/2009/05/14/reset-administrator-password-windows/

shatter attacks

Kernel, ioctl, http://www.osronline.com/article.cfm?article=229

scanner NetBios, Superscan, ldap browser

exploit metsploit ms 0867

Post exploitation Windows, http://www.ikuppu.com/2011/09/windows-post-exploitation.html

reversing

comment debugger une VM

VisualStudio & nasm

tutos

windows internals, http://www.reactos.org, useful windb commands, // Get module name of module to load bp nt!MmLoadSystemImage;g; dS /c 100 poi(esp+4) g; dS /c 100 poi(esp+4), adresse appel win32k nt!IopLoadDriver+0x669

parse PE files

reversing kit 2010

ollydbg, ollyflow, ollyadvanced, memorydump

diffing tool, darun grim 3

exploit

exploits db, http://osvdb.org/, http://www.intelligentexploit.com/, http://www.cvedetails.com/, http://www.exploit-db.com/, http://exploitkit.ex.ohost.de/CVE%20Exploit%20Kit%20List.htm, http://exploitkit.ex.ohost.de/CVE%20Exploit%20Kit%20List.htm

metasploit, http://en.wikibooks.org/wiki/Metasploit/WritingWindowsExploit, doc writing exploit, scripter meterpreter, 50 best exploits, Tuto

directory traversals, DotDotPwn

Inj3ct0r

obfuscation, anti debugging article

privilege escalation, linux, sock_send_page, win, Kitrap0d

Shellcode 2 exe

backdoors, reverse shell, ncat (dans nmap) = netcat +ssh, icmpsh, 26 exploit kits, devil Shell, icmp Shell, Reverse connect, via serveur ssh, rat, poisonivy, htran, webshells, FaTaLisTicq, php-findsock-shell, NFM, R57, PHPJackal, Zehir, Web shell detection, NeoPI.py, PHP shell scanner (perl), PHP script, JspSpy, C99, weevely, Ani-Shell: Mass Mailer, Web-Server Fuzzer, DDoser, wso, Reverse shell cheat sheet, tiny PHP Shell http://h.ackack.net/tiny-php-shell.html <?=($_=@$_GET[2]).@$_($_GET[1])?>, Ani-Shell, bootkits, tutos, frhack

google hacking

intitle:'index of' Parent directory

inurl:admin

inurl:backup

ext:php

creation de backdoor

win32com permet utilisation de internet explorer

py2exe pour compiler un prog python

nsis pour créer un executable a partir de dll multiples

ntsd.exe

race conditions

http://blog.stalkr.net/2010/11/exec-race-condition-exploitations.html

http://dividead.wordpress.com/2009/07/21/blocking-between-execution-and-main/

http://blog.stalkr.net/2011/04/pctf-2011-18-small-bug.html

LFI/RFI

fimap.py

local exploit

training, intruded.net

malware injection, kOrUPt - tuto PE injection, PowerSyringe - PowerShell-based Code/DLL Injection Utility

Fuzzing, liste de fuzzers, File Fuzz, ppt, Ioctl Fuzzer, MiniFuzz, pdf Fuzzer, PacketStorm, derkeiler

Recherche mots de passe en clair, mimikatz http://pauldotcom.com/2012/02/dumping-cleartext-credentials.html

Remote shells

php, php-reverse-shell, c99, isko, shellzx

Linux

reduh backdoor php, jsp, asp

routeurs

http://www.routerpwn.com/

ids decoy

inundator

XSS

http://ha.ckers.org/xss.html

forensics

Monter des partitions OSFMount

Passware password recovery toolkit

divers

svn

http://tortoisesvn.net/

antivirus

virustotal

http://www.threatexpert.com

Url scan http://vscan.urlvoid.com/

icones

SimpleHttpServer

python -m SimpleHTTPServer 80

MediaWiki

install sous apache2

sécuriser son wiki

tuto

archives events http://avondale.good.net/dl/bd/

openssl

signer certificat

x509 to pkcs12

soft old versions http://www.filehippo.com/

find 0days

http://crash-stats.mozilla.com/query

Crypto

Vigenere, http://www.bibmath.net/crypto/poly/viganaljava.php3

RSA, rsa.py http://www.amk.ca/python/writing/crypto-curiosa, tuto rsa, http://www.siteduzero.com/tutoriel-3-2299-crypter-et-decrypter.html, http://s310652510.onlinehome.fr/t0ka.zip, module python rsa http://stuvel.eu/rsa

Substitution monoalphabetique, http://www.secretcodebreaker.com/scbsolvr.html

MD5, MD5 collisions exploit http://www.mscs.dal.ca/~selinger/md5collision/, md5 multiple sites rainbowtables search http://sqlsus.sourceforge.net/

hash identifier http://code.google.com/p/hash-identifier/

Encoders/decoders, http://www.crypo.com/

morse

Metasploit

Writing msf modules http://www.metasploit.com/redmine/projects/framework/wiki/ExploitModuleDev

zenk roulette

1

2

3

4

5

photos

http://tineye.com/

http://regex.info/exif.cgi

exiv2

delete image exif tags: $ mogrify -strip picture.jpg

credentials

site:pastebin.com "Program: Internet Explorer" password

shodan, netgear "admin password"

astuce anti spidering

mets une image d'un pixel sur ta page. Si le lien est visité, blacklister l'IP qui visite: c'est un robot.

RFID

http://www.proxclone.com/

installation Linux

Luks http://clickngeek.blogspot.com/2010/05/installation-dune-ubuntu-avec-lukslvm.html

créer dessins réseaux

lovelycharts

anti-reversing technics

http://www.codeproject.com/KB/security/AntiReverseEngineering.aspx

Mots de passe des applications Windows

http://securityxploded.com/passwordsecrets.php

certification SSI

OSCP

logs

scanner de logs, http://www.xenuser.org/tools/scan_log.py

Forensics

Effacer un dd http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

taskmanager trick at 10:41 /interactive “cmd.exe”

openvpn

Openvpn ssl & ssh on port 443 http://www.rutschle.net/tech/sslh.shtml

anonymat

paiement: bitcoin

VPN, https://www.mullvad.net/en/

Moteur de recherche

http://www.hackchina.com/en/

le format PE

http://opc0de.tuxfamily.org/?p=6

dd

dcfldd

sudo watch -n 10 kill -USR1 $(pidof dd)

Signatures exécutables

Disitool.py

Anti sniffing

sniffjoke http://www.delirandom.net/sniffjoke/

Cheat sheets http://packetlife.net/library/cheat-sheets/

pkzip plaintext attack using pkcrack http://www.securiteam.com/tools/5NP0C009PU.html

forensics

CB finder http://www.xmco.fr/panbuster.html

captcha

ocr python howto http://fluxius.handgrep.se/2011/06/14/rssil-captcha-des-chiffres-et-des-lettres/

Sniff via iptables http://r00tsec.blogspot.com/2011/06/sniffing-using-iptables.html

gdb tuto howto http://sourceware.org/gdb/current/onlinedocs/gdb/

Ruby RVM utiliser simultanément plusieurs versions http://beginrescueend.com/rvm/basics/

Routeurs

http://www.routerpwn.com/

RSS http://fulltextrssfeed.com/

Steganographie

Tools list http://marcoramilli.blogspot.com/2012/03/steganography-tools-non-exhaustive.html

digital invisible ink toolkit

Proxy python http://code.google.com/p/proxpy

ctf

http://devpsc.blogspot.fr/

collaboration http://rizzoma.com/

phones

iPhone

independance helpfullinks

iPhone dev team portal

http://www.zdziarski.com/blog/

http://networkpx.blogspot.com/

http://blog.metasploit.com/2007/10/cracking-iphone-part-1.html

http://www.brickhousesecurity.com/iphone-spy-data-recovery-stick.html

http://theiphonewiki.com/wiki/index.php?title=Main_Page

Baseband reverse http://www.slideshare.net/slides_luis/baseband-playground-10652487

http://esec-lab.sogeti.com/post/iOS-5-data-protection-updates

http://trailofbits.com/2011/08/10/ios-4-security-evaluation/

iPhone forensics howto http://securityxploded.com/demystifying-iphone-forensics-on-ios5.php

Android

http://thomascannon.net/projects/android-reversing/

DDoS

defense

SYN flooding, http://www.tux-planet.fr/contrer-une-attaque-ddos-de-type-syn-flood-sous-linux/

attack

sokhoi T50

Loic http://sourceforge.net/projects/loic/

http://www.yersinia.net/attacks.htm

sockstress http://h.ackack.net/sockstress.html

xerxes http://www.thehackernews.com/2011/07/xerxes-most-powerful-dos-tool.html

Pythonloic http://code.google.com/p/pythonloic/downloads/list

references

http://www.authsecu.com/dos-attaque-deny-of-service/dos-attaque-deny-of-service.php

Cloud

Memcached

http://www.sensepost.com/blog/4873.html

forensics

analyse pdf http://peepdf.googlecode.com

windows

fuzzers

802.11 wifi access points http://code.google.com/p/wifuzz/

IDS detection nmap nse script http://seclists.org/nmap-dev/2011/q2/1005

socat http://stuff.mit.edu/afs/sipb/machine/penguin-lust/src/socat-1.7.1.2/EXAMPLES

GSM

osmocombb

shop