There are a lot of IT security certificates out there.

But I believe one of the best you can get is:

http://www.ces-approved.org/

Check it out.

Cheers,

Matti

It might be worth to test your applications for SQL Injection.
Here a list of tools:

Sqlninja ( http://sqlninja.sourceforge.net/ )
sqlmap ( http://sqlmap.sourceforge.net/ )
Pangolin 3.2.3 free edition ( http://down3.nosec.org/pangolin_free_edition_3.2.3.1105.zip )
Havij v1.14 Advanced SQL Injection – free version ( http://www.itsecteam.com/files/havij/Havij1.14Free.rar )
SQL Power Injector ( http://www.sqlpowerinjector.com/ )
Marathon Tool ( http://www.codeplex.com/marathontool )
Absinthe ( http://www.0×90.org/…inthe/index.php )
pysqlin ( http://code.google.c…source/checkout )
BSQL Hacker ( http://labs.portcull…on/bsql-hacker/ )
SQL Injection digger (SQLID) ( http://sqid.rubyforge.org/#download)
WITOOL ( http://witool.sourceforge.nSQL, Oracle, Microsoft SQL Server and Microsoft Access.et/ )
sqlus ( http://sqlsus.sourceforge.net/ )
DarkMySQLi16.py ( http://vmw4r3.blogspot.com/ )
mySQLenum ( http://sourceforge.n…ects/mysqlenum/ )
PRIAMOS ( http://www.priamos-project.com/ )
FJ-Injector Framework ( http://sourceforge.net/projects/injection-fwk/files/)
Bobcat SQL Injection Tool ( http://www.northern-…pub/bobcat.html )
SQLIer 0.8.2b  ( http://bcable.net/releases.php?sqlier )
bsqlbf-v2 ( http://code.google.com/p/bsqlbf-v2/ )
Safe3 Sql Injector ( http://sourceforge.net/projects/safe3si/)
ExploitMyUnion ( http://sourceforge.n…exploitmyunion/ )Laudanum ( http://sourceforge.n…jects/laudanum/ )
WebRaider ( http://code.google.com/p/webraider/ )
Toolza 1.0 ( http://bug-track.ru/prog/toolza1.0.rar )
SCRT Mini-MySqlat0r (http://www.scrt.ch/attaque/telechargements/mini-mysqlat0r)
SFX-SQLi ( http://www.kachakil.com/ )
DarkMySQL ( http://vmw4r3.blogspot.com/ )
ProMSiD Premium ( http://forum.web-def…02&postcount=15 )
yInjector ( http://y-osirys.com/…-softwares/id10 )
Hexjector ( http://sourceforge.n…ects/hexjector/ )

Happy hacking…

Cheers,
Matti

Live CDs

Avira AntiVir Rescue System
http://www.avira.com/de/support-download-avira-antivir-rescue-system

F-secure Rescue-cd
http://www.f-secure.com/en/web/labs_global/removal/rescue-cd

BitDefender Rescue CD
http://www.heise.de/software/download/bitdefender_rescue_cd/56298dl_7469f31745ca2bd873d8a959cd9bf6ef_1328034493

Kaspersky Rescue Disk
http://rescuedisk.kaspersky-labs.com/rescuedisk/updatable/

G Data BootCD
http://www.gdata.de/support/downloads/tools.html

Dr.Web LiveCD
http://www.freedrweb.com/livecd/

Trinity Rescue Kit
http://trinityhome.org/Home/index.php?content=TRINITY_RESCUE_KIT_DOWNLOAD&front_id=12&lang=en&locale=en

Tools

Malwarebytes
http://www.malwarebytes.org/

Spybot - Search & Destroy 2.0
http://www.safer-networking.org/de/spybotsd2/index.html

Hijackthis
http://www.trendsecure.com/portal/de/tools/security_tools/hijackthis

Keep it clean…
Cheers,
Matti

1. Provide the fastest means of training novices about complex social engineering concepts.
2. Provide penetration testers with a methodology that minimizes their effort while increasing their chance of success.

The truth is far from this, and the detail is unnecessary - I started writing references and in the end realised I was referencing at least every page, if not every paragraph.

In summary, the document is an “eighties text file” style rant about the author’s personal irritants; it doesn’t really detail a methodology at all, and concentrates on how to attack a single person rather than an organisation or other goal.  For example as part of a Social Engineering engagement the author appears to advocate the exploitation of phobias, use of lighting to induce migraines in the target, gaining rapport with the target through mutual use of illegal drugs, and torture.  I strongly suggest reading for entertainment purposes only.

In stating the above I’m presuming that Penetration Testers all obey the law, their job being to simulate the effect of criminal acts rather than commit them; also their intention is to show the customer that they are can be trusted with the information and access they’ve been granted. Also that as part of the engagement a Penetration Tester is not permitted nor willing to cause permanent physical and/or psychological damage to their client’s employees. The legal liability incurred by trying out many of the techniques listed would be “interesting.”

We did it!!!
We are now an official hacking site.
You do not believe us? … Well, see for yourself

Yea baby

Cheers,
Matti

Here is such an example of a really cool tool written by guy from London Royal Holloway University, Anastasios Laskos:

http://arachni.segfault.gr

Really impressed by the high rate and accuracy of issues it discovers…

So thanks for that tool

Cheers,
Matti

Not for stalking but for Social Engineering.

Here are some of which I thought where quite useful….

Social Network Search Sites:

http://www.keotag.com/

http://www.howsociable.com/

http://monitter.com/

http://www.samepoint.com/

http://topsy.com/

http://attentio.com/products

http://tweetpsych.com/

http://tweetscan.com/

http://twitrratr.com/

http://www.neoformix.com/Projects/TwitterStreamGraphs/view.php

http://twendz.waggeneredstrom.com/

http://twittermap.appspot.com/

http://spy.appspot.com/

http://socialmention.com/

http://whostalkin.com/

Those might be good as well:

http://twittercounter.com/ (needs twitter account)
http://www.ubervu.com/ (demo must be requested)
http://www.alterian.com/socialmedia/products/sm2/ (demo must be requested)

People Search Sites:

http://namechk.com/

http://www.peekyou.com/

http://com.lullar.com/

http://www.google.de

People Search Tools

http://www.paterva.com/web5/

http://ilektrojohn.github.com/creepy/

http://code.google.com/p/fbpwn/

Exploiting

http://www.social-engineer.org/framework/Computer_Based_Social_Engineering_Tools:_Social_Engineer_Toolkit_%28SET%29

http://www.sptoolkit.com/documentation/001-the-spt-framework/

Cheers,

Matti

When discussing the ubiquitous and nebulous “Best Practice”, it’s handy to have an actual list of what that is - and this is a great start.

http://www.revision-online.info/index.php/Hauptseite

http://www.sans.org/score/checklists/ISO_17799_checklist.pdf

http://www.auditnet.org/docs/ITAuditCL.pdf

and http://www.t2pa.com/

But users still have to be able to remember passwords.
So we do mutations and other things:

http://www.randomstorm.com/rsmangler-security-tool.php

http://www.remote-exploit.org/Wyd/

http://awlg.org/index.gen

So if you want to check your own password:

http://www.passwordmeter.com/