I was thinking it maybe an good idea to start a thread like e-books... for good security URLs for those who want to share a little of their resources ...

Here's a begin:

http://www.securityfocus.com
http://phrack.org/
http://www.linuxsecurity.com
http://packetstormsecurity.com/
http://www.attrition.org/
http://www.securiteam.com/
http://www.hackerheaven.org/
http://www.bofh.net/

Grtz, M4db33 ...

Content added at top:
Subscribe to Bruce Schneier's CryptoGram (http://www.counterpane.com/crypto-gram.html) A monthly mailing sent out to review security with respect to current events.
Openwall security patches from Solar Designer et. al. (http://www.openwall.com/) which includes linux kernel hardening patches to stock kernels, OWL distribution, and patches to other source trees.
The Coroner's Toolkit (http://www.porcupine.org/forensics/tct.html) (Previously known as the Grave Robber's Toolkit) can be useful when gathering information on a "used system" (read "previously owned" ;-)
correspondence course on locksmithing (http://www.foleybelsaw.com/) Many people report that they have been able to contact this company to ask for info, and then ignore their replies on how much it costs. Eventually (6 months?) they send a "final offer" for $150 for their course-- though some report even lower prices.
MIT Guide to lockpicking (http://www.lysator.liu.se/mit-guide/mit-guide.html) an old "stand-by"
Useful article on various host-based IDS (http://linuxgazette.net/issue98/moen.html) (see bottom of linked page for list. samhain, AIDE, tripwire, etc.)
National Institute of Standards and Technology Computer Security (http://csrc.nist.gov/)
"security enhanced linux" from NSA (http://www.nsa.gov/selinux/)
Stackguard (http://www.cse.ogi.edu/DISC/projects/immunix/StackGuard/) (older)
Nolo Press (legal books. Do it yourself legal books) (http://www.nolo.com/)
Crazy, weird, odd, lame, fun, stupid, fringe books (http://www.loompanics.com/) Many of these titles have been found at DefCon for sale.
Locksmithing Forum (http://www.clearstar.com/) Everyone there is supposed prove themselves to be locksmiths, so you don't get the kind of responses like you get on USENET, "trade secret. If you were a locksmith, then we could tell you the answer." (this costs money)

Content above this point added to increase value within thread without creating a new post.

Previous content left here for others to see my mistake in making an assumption: (See noid's reply below)

I was thinking it may be an good idea to start a thread like e-books... for good security URLs for those who want to share their a little of their resources ...

This was a good idea suggested earlier. In this "Security" (http://forum.defcon.org/forumdisplay.php?f=5) section (look at the top of the security section for the thread titles) and locate "ebooks" (http://forum.defcon.org/showthread.php?t=3094).

If not there, then there is one under the "Got questions" (http://forum.defcon.org/forumdisplay.php?f=13) section called
what website can't you live without (http://forum.defcon.org/showthread.php?t=2418).

And as another source, there is Recommendations (http://forum.defcon.org/showthread.php?t=1203) also under "Got questions" (http://forum.defcon.org/forumdisplay.php?f=13), which includes url and suggestions for where newbies should start.

It would have been better to choose one of the existing threads.

Good luck, even if it is too late (http://forum.defcon.org/showthread.php?t=4758).

I think he was refering to the ebooks section as a reference for doing something similar, i dont think he was trying to do another ebooks section. I like the idea of folks posting their 5 favorite securty/hacker web sites. The 'what websites can you not live without' isnt security focused. Heck, people post links in there to thier blogs and stuff like that.

I was thinking it maybe an good idea to start a thread like e-books... for good security URLs for those who want to share a little of their resources ...

Here's a begin:

http://www.securityfocus.com
http://phrack.org/
http://www.linuxsecurity.com
http://packetstormsecurity.com/
http://www.attrition.org/
http://www.securiteam.com/
http://www.hackerheaven.org/
http://www.bofh.net/

Grtz, M4db33 ...

:cry: No mention of C4I.org (http://www.c4i.org) or InfoSec News (http://www.c4i.org/isn.html). Guess I have to start marketing again.

Oh well, a few more for the list...

http://www.hert.org/
http://www.hackinthebox.org
http://www.hushmail.com (friends don't let friends send unencrypted mail)
http://www.csm.ornl.gov/~dunigan/vpn.html
http://www.emergentchaos.com/
http://www.treachery.net/
http://www.cs.auckland.ac.nz/~pgut001/links.html

That should keep you busy for awhile. :cool:

:cry: No mention of C4I.org (http://www.c4i.org) or InfoSec News (http://www.c4i.org/isn.html). Guess I have to start marketing again.

Updating the site might be a step in the right direction also slim ;)

Updating the site might be a step in the right direction also slim ;)

Yeah, yeah, yeah...

Through some backchannel communications with North Korea, I have a deal in the works to have some of Kim Jong-Il eleet cyberwarfare teams to work on redesigning C4I.org's website in exchange for monkey butlers, midget hookers, and DVD copies of whoever wins the 2005 AVN awards.

I think its a fair trade. :biggrin:

Add three more URL's to this growing list...
http://www.michiganwireless.org
http://www.netstumbler.com/
http://www.wigle.net/ (More good ol' boys from Chicago!)

http://isc.sans.org //To know what's going down today
http://www.arin.net //To know where they are coming from without telling them your looking
http://www.snort.org //The sig list is AMAZING great resource for learning how signatures work in IDS world
http://www.zone-h.com //Pretty up to date with new exploit warnings
http://www.osvdb.org //Open Source Vul dB

Of course mailing lists are important too, ask your local security buff about some, there are just sooo many out there. You should really pick something more exact into what your doing.

A growing list for exploits would also be nice, for education only ofcourse....

http://www.k-otik.com/

and packetstorm but that one is already there ...

A growing list for exploits would also be nice, for education only ofcourse....

http://www.k-otik.com/

and packetstorm but that one is already there ...

Try my homepage, if youre able to get in ...





-- Knowledge is power --