Sunday, July 19, 2009

Pick a toolsmith topic

I've decided to implement a new feature from time to time with regard to toolsmith, my monthly column in the ISSA Journal.
You, dear reader, are invited to propose topics. If I choose your topic, you will be mentioned in the column, and win an information security book of my choosing.
A few important guidelines.
1) It must be an information security tool I haven't already discussed. See the full list of those I have discussed here.
2) The tool must be information security related.
3) The tool must be free, and preferably open source.
4) Ideally, I prefer to try and focus on tools that aren't well known, with less exposure, in order to help them receive the attention they deserve.
Submit ideas at my contact page.
I look forward to hearing what might be of interest for you. | digg | Submit to Slashdot

Please support the Open Security Foundation (OSVDB)


ekse said...

Fuzzing is something that might be interesting to talk about. While the subject is quite vast, for an introduction I would suggest FileFuzz ( It is a Windows tool that make it easy to fuzz files with a brute force approach. On the web side, WebScarab and Burp fuzzing modules might be interesting to talk about too (although burp's fuzzer is throttled on the free version so it's pretty much useless).

Another neat tool is the Capture the Flag series from LAMPSecurity ( It is a set of VMWare images that contains hosts that are to be compromised. CTF6 was just released this week and I didn't have time to test it but CTF5 was very fun to play, with a good diversity of vulnerabilities. There are also instructions if people get stuck, although it pretty much ruins the fun.

Unknown said...

How about CAINE? It's a liveCD distribution useful in assisting digital forensic examination. I'm primarily a HELIX/Sleuthkit sort of guy, but I've used CAINE on occasion and there's alot going on (includes Sleuthkit).

The Link:

Moving blog to

toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...