Security-Database Blog

ISO 31000:2009 provides principles and generic guidelines on risk management.

ISO 31000:2009 can be used by any public, private or community enterprise, association, group or individual. Therefore, ISO 31000:2009 is not specific to any industry or sector.

Process Hacker is a free and open source process viewer and memory editor with unique features such as powerful process termination and a Regex memory searcher. It can show services, processes and their threads, modules, handles and memory regions.

Hyena is a tool for day-to-day administration of Windows NT and Windows XP/2000/2003 systems. Now Windows 7 too.

Hyena brings together all of the administrative tools from Windows NT such as User Manager, Server Manager, and File Manager/Explorer, and many of the MMC components from Windows 2000/2003 into a single, easy-to-use, centralized program. Hyena arranges all system objects, such as users, servers, and groups, in a hierarchical tree for easy and logical system administration.

VideoJak is an IP Video security assessment tool that can simulate a proof of concept video interception or replay test against a targeted, user-selected video session.

iWatch is a realtime filesystem monitoring program. Its purpose is to monitor any changes in a specific directory or file and send email notification immediately after the change.

The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).

inSSIDer is an award-winning free Wi-Fi network scanner for Windows Vista and Windows XP. Because NetStumbler doesn’t work well with Vista and 64-bit XP, exits an open-source Wi-Fi network scanner designed for the current generation of Windows operating systems.

Knock is a python script designed to enumerate subdomains on a target domain trought a wordlist. This code is released under the GNU / GPL v3.

CAT.NET is a binary code analysis tool that helps identify common variants of certain prevailing vulnerabilities that can give rise to common attack vectors such as Cross-Site Scripting (XSS), SQL Injection and XPath Injection.

log2timeline is a framework for artifact timeline creation and analysis. The main purpose is to provide a single tool to parse various log files and artifacts found on suspect systems (and supporting systems, such as network equipment) and produce a body file that can be used to create a timeline, using tools such as mactime from TSK, for forensic investigators.

The Metasploit Framework is a development platform for creating security tools and exploits. The framework is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler.