jed

l0pht heavy industries - mudge, dildog, wed pond

invisiblethings.org - Joanna's insights on hide 'n seek

route's gambling site - phrack, libnet, packetfactory. Need I say more?

snafu.org - old guy Marc's bikes, OpenBSD and retirement photos

Charles Stross - another old guy (net-wise), known SF writer, says a lot of things I tend to agree with most of the time

bruce... schneier, yes. If that doesn't ring a bell then you do not belong.

Packet Storm. Packet Storm Security, a huge collection of software, exploit code, and docs.

SecurityFocus. SecurityFocus web site (the bugtraq, vuln-dev, and pen-test home).

CVE Project. The Dictionary of Common Vulnerabilities and Exposures at Mitre.

Security Tracker. Keep track of the latest vulnerabilities with this free on-line service.

OSVDB. An independent and open-source vulnerability database created by and for the community.

CVSS Project. Common Vulnerability Scoring System, the emerging standard for vunerability metrics.

Milw0rm. A well-mantained and up-to-date exploit collection for various operating systems.

ElseNot. The goal of this site is to publish an exploit for every MS Security Bulletin ever released.

Full-Disclosure. A non-moderated full-disclosure mailing list, for discussion of security issues.

Dailydave. Another interesting computer security mailing list, moderated by Dave Aitel.

WebAppSec. Web Application Security Consortium (WASC) and Web Security Mailing List.

Database Security. The web's leading resource for database security: very interesting information.

Pete Finnigan. Impressive Oracle and Oracle security information and free tools/scripts.

Pentest Ltd. Interesting security information and resources about Oracle and wireless security.

Rainbow Crack. Community project to distribute rainbow tables and provide on-line password audits.

Trifinite. Homepage of the Bluetraq Bluetooth Security Mailing List by Trifinite Group.

Bank Info Security. Homepage of the new Core Banking Application Security Mailing List.

OWASP. The Open Web Application Security Project. Useful information on application security.

Fravia. Fravia's web searching lore: useful hints and powerful tools to effectively search the web.

Honeynet. Honeynet Project: a non-profit research organization dedicated to information security.

CSRC. NIST Computer Security Division CSRC (Computer Security Resource Center) homepage.

SRR. Security Readiness Review evaluation scripts by US Department of Defense's IASE.

Googledorks. Noun 1. Slang. An inept or foolish person as revealed by Google. Don't miss it.

DOTU. Project DOTU, an useful undocumented Cisco IOS commands reference.

Hardapple. Apple Mac OS X security, auditing, hardening, pen-testing, privacy, and more.

NMRC. Nomad Mobile Research Centre by Simple Nomad, the Novell Netware bible and more.

Hacking AS/400. Homepage of the Hacking iSeries book, free information about AS/400 security.

Security.org. Extensive information on the evaluation of physical security systems.

Phrack Archives. Phrack, the hacker magazine by the community, for the community.

Uninformed. Magazine about security technologies, reverse engineering, and lowlevel programming.

AT&T labs. AT&T research labs homepage: lots of interesting projects.

LSD. LSD-PLaNET, the Last Stage of Delirium research group homepage.

THC. The Hacker's Choice official web site: software, papers, and much more.

Xfocus. Home of the Xfocus team: documents, programs, exploits, advisories, and forums.

Phenoelit. Welcome to Phenoelit, the land of packets, brute force, and misuse of trust.

Shmoo. Non-profit think-tank comprised of security professionals from around the world.

Inode. Security papers, programs, exploits, home of the Sarca rainbow tables (now closed).

S0ftpj. The official web site of my friends at S0ftpr0ject (and home of the BFi e-zine).

The Broken. This is a hacking videozine, a very interesting/artistic project.

Lcamtuf. Michal Zalewski (lcamtuf) homepage: very interesting research projects.

KF. Digitalmunition hosts Kevin Finisterre's advisories and computer security projects.

Skylined. Berend-Jan Wever aka SkyLined homepage: exploits, papers, and shellcoding.

Solar Eclipse. Solar's homepage: black hat exploits, documents, and programs.

Sh0k. Sh0k's interesting Windows projects, based on his stoolkit.lib and disx64.lib libraries.

P. Gutmann. Peter Gutmann's homepage, research from a professional paranoid.

o0o. Fyodor Yarochkin's homepage: information security, exploits, papers, tools, and more.

P. Biondi. Philippe Biondi's homepage, some interesting documents and programs (like scapy).

Stealth. Stealth's stuff: ssharp, exploits, networking, rootkits and speeches.

NGS Software. Interesting information about application-level vulnerability research.

Rootkit. Greg Hoglund's on-line rootkit magazine, an interesting security discussion forum.

DDZ. Dino A. Dai Zovi homepage, interesting software tools for wireless testing and more.

Foofus. This web site hosts some interesting security tools/papers by JoMoKun, fizzgig, and others.

JWA. An interesting homepage with some old but useful UNIX security tools.

RFID. Analysis of the Texas Instruments DST tag, a cryptographically enabled RFID transponder.

LIRC. A package that allows to decode and send infra-red signals of many remote controls.

Nothink. Matteo Cantoni's homepage: slides, publications, security, and other useful stuff.

X.25 zine. Russian X.25 zine, interesting (and almost up-to-date) reading.

Lodestar. Lodestar research group, australian X.25 hackers: articles, utils, and scans.

OpenBSD PF. This is the official homepage of the new OpenBSD Packet Filter.

Netfilter. Official homepage of the netfilter/iptables Linux 2.4 packet filter project.

FW-1.de. Information about Check Point VPN-1/Firewall-1, presented by AERAsec.

Nessus. A free, powerful, up-to-date and easy to use remote security scanner.

OpenVAS. A GPL fork of the Nessus security scanner, previously known as GNessUs.

Snort NIDS. Snort, the open-source Network Intrusion Detection System.

Insecure. Nmap free stealth network port scanner, tools, and hacking by Fyodor.

Openwall. Information Security software for open environments, by Solar Designer.

Systrace. Intrusion detection/prevention through interactive policy generation for system calls.

Lcrack. Lepton's Crack for Windows and Linux, password cracker with interesting features.

SELinux. Security-Enhanced Linux, Mandatory Access Control (MAC) from NSA.

Hxdef. Homepage of the Hacker Defender Rootkit and Morphine PE module encryptor.

Airtools. BSD-Airtools, a suite of programs for wlan auditing, from dachb0den labs.

Kismet. Kismet wireless sniffer, one of the best 802.11b auditing tools.

XSS-Proxy. XSS-Proxy is an advanced Cross-Site-Scripting (XSS) attack tool.

IOCCC. The International Obfuscated C Code Contest homepage. Voodoo magic.

Perlmonks. Perlmonks homepage: remember that Perl is a religion and check out Perl Poetry.

Secure Programming. Secure Programming for Linux and UNIX HOWTO (HTML version).

Insecure Programming. A nice collection of insecure code for didactical purposes, by gera.

Metasploit. Metasploit framework, win32 shellcode, opcode/jmp/function address search engine.

Juliano. A good collection of security-related documents, mostly about exploitation techniques.

Intel 80386. Intel 80386 Programmer's Reference 1986 (complete instruction set).

ELF documentation. Executable and Linkable Format specification (ASCII version).

GDB. GNU debugger, allows you to see what is going on inside another program while it executes.

The Dude. A debugger which resides in kernel memory and provides an alternative to ptrace(2).

Bastard. A disassembler -- or, more appropriately, a disassembly environment.

Boomerang. An attempt at a general, open-source, retargetable decompiler of binary files.

IDA Pro. A very cool multi-processor, Windows hosted disassembler and debugger.

VX Heaven. This site is dedicated to providing information about computer viruses.

iDEFENSE Labs. A collection of tools for vulnerability research and exploit development.

HT Editor. HT is a file editor/viewer/analyzer for executables, distributed under the GPL.

Splint. Secure Programming Lint, a tool for statically checking C programs for coding mistakes.

CCA. C Code Analyzer, a static analysis tool for detecting security problems in C source code.

Testdrive. Hewlett-Packard Test Drive: try the latest technologies over the Internet.

CC65. CC65 is a freeware C compiler for 6502 based systems (Commodore, Apple, Atari).

QCL. Quantum Computation Language, a programming language for quantum computers.

Brainfuck. Brainfuck is an 8-instruction Turing-complete programming language.

NPIET. An esoteric stack-oriented language where the programs are works of modern art.

Esoteric. A fairly big collection of esoteric programming languages written by DM.

TLK. The Linux Kernel, a very well-written document about Linux internals.

Cryptome. Cryptography and Digital Privacy: the best resource on the Internet.

Cartome. Spatial and geographic documents on privacy, cryptography, and intelligence.

IACR. International Association for Cryptologic Research official web site.

Cypherpunks. Cypherpunks archive at soda.berkeley.edu: PGP, remailers, rants, and tools.

Cipherwar. Cipherwar information warfare news web site. Interesting stuff.

Crypto. Matt Blaze's cryptography resource on the web: very interesting papers.

Riot.EU.org. Riot anonymous remailer and pseudonymous service, with interesting docs.

Freenet. Free Network Project, the technology against censorship on the Internet.

Tor. An anonymous Internet communication system for TCP-based applications.

Free Haven. This project aims to deploy a distributed, anonymous, persistent data storage.

GNUPG. The GNU Privacy Guard (a free OpenPGP implementation).

TrueCrypt. Free open-source disk encryption software for Windows XP/2000/2003 and Linux.

B. Jenkins. Bob Jenkin's web site, about math and crypto. Very interesting stuff.

P. Barreto. An excellent resource about cryptography: lots of interesting docs and more.

Spylife. Spy equipment: cameras, encryption systems, night vision scopes, and more.

Spyworld. Another spy and surveillance equipment site: a very rich catalog.

OpenSS7. Open-source project aimed to produce a robust SS7 and SIGTRAN stack for Linux.

MobiBug. A new discussion mailing list about the security of mobile terminal systems.

ITU-T. Free on-line archive of ITU-T Recommendations, very interesting telephony information.

VoIP Info. The VoIP Wiki, an interesting reference guide to all things related to VoIP.

Vovida. A forum for open-source software used in datacom and telecom environments.

VOIPSA. The Voice over IP Security Alliance aims to fill the void of VoIP security related resources.

VoIP Testing. A summary of the VoIP security testing procedures and tools compiled by Linux-VoIP.

Vomit. Voice Over Misconfigured Internet Telephones, a nice utility with the worst name.

Asterisk. An open-source PBX (Private Branch eXchange) based on the Linux OS.

VoIPong. Official homepage of the advanced Voice over IP sniffer and call detector.

Dundi. Distributed Universal Number Discovery, a PTP system for locating VoIP gateways.

IPTel. The on-line reference for Internet telephony, home of the SIP Express Router.

Sys-Security. VoIP (in)security advisories, papers, and presentations by the Sys-Security Group.

Symternals. Information about the internals of Symbian OS and related security research.

Old School Phreak. Interesting web site about phreaking: audio, text, and video philes.

World Payphones. This site hosts a big collection of payphones images from all around the world.

Dex Page. Here you can download some useful telephony programs, like SimScan.

SIM-EMU. SIM card emulator, a nice toy for playing with cellular phones and networks.

Vidstrom. Interesting web page with some security tools for cellular phones, worth trying.

Blacksphere. The goal of this project is to document the details of the complete DCT3 hardware.

MADos. MADos is a free, open-source operating system for nokia DCT3 phones.

Gammu. The Gammu project: applications, scripts, and drivers used for managing cell phones.

The BOFH. The original Bastard Operator From Hell complete, by Simon Travaglia.

The Register. The new official home of the mighty Bastard Operator From Hell.

The Jargon File. The Jargon File homepage, mantained by Eric S. Raymond.

UNIX-Haters. UNIX-Haters mailing list and handbook official homepage.

Rotten. ROTTEN DOT COM: when hell is full, the dead will walk on the earth.

BME. Body Modification E-zine, the biggest and best online bod-mod site since 1994.

Info Anarchy. Which future do you want to live in? Interesting news for freedom-supporters.

Suicide Girls. Pin-up punk rock and goth girls: pictures, journals, and videos.

Philosomatika. 100% goa and psychedelic trance mp3 stream (broadband needed).

Deathrow. Beave's OpenVMS cluster (DAHMER, MANSON, and RAMIREZ).

Textfiles. A glimpse into the history of writers and artists bound by ASCII's 128 chars.

Fucked Company. Official lubricant of the new economy: rumors and interesting information.

Circuit Board. Easy printed circuit board fabrication, using laser printer toner transfer.

20Q.net. An interesting experiment of artificial intelligence: a learning system to play with.

Porn Toolkit. Free porn for everyone: porntoolkit and crawler, both written in Python.

Pornzilla. Free tools for surfing porn with Firefox, the best porn browser outta here.

Hack Furby. Interesting site devoted to investigating the geek-appeal of the Furby toy.

(C)DNE. Copyright Does Not Exist, a remarkable book written by Linus Walleij.

Internet Archive. The Internet Wayback Machine, universal access to human knowledge.

CHSP. The Computer History Simulation Project (the SIMH homepage).

MUSCLE Project. Movement for the Use of Smart Cards in a Linux Environment.

OpenVMS Documentation. Official HP (ex-Digital) OpenVMS systems documentation pages.