Which security tool is your favorite?

Published: 2015-01-14
Last Updated: 2015-01-14 22:00:14 UTC
by Manuel Humberto Santander Pelaez (Version: 1)
4 comment(s)

Toolswatch published today the best 2014 security tools according to their readers. I like to use From that list I like OWASP ZAP, BeEF, OWASP Xenotix and PeStudio. However, I definitely miss some tools like the one contained in REMnux Distro for malware analysis, DFF and the SANS SIFT 3 distro for forensics, not to mention Wireshark and tcpdump, which I find unique for anomaly detection.

Which security tool is your favorite? Do you agree with the tools listed? Let us know via contact form or comment to this diary.

Manuel Humberto Santander Peláez
SANS Internet Storm Center - Handler
e-mail: msantand at isc dot sans dot org

4 comment(s)


Two of my favorite tools are Moloch (packet capture and analysis tool, https://github.com/aol/moloch) and Dshell, a pcap parser from the U.S. Army Research Labs (https://github.com/USArmyResearchLab/Dshell). I also really like and use REMnux, the malware analysis distro from Lenny Zeltser (https://remnux.org/), tshark and Spondulas, the browser emulation tool by Bart Hopper which is very nice to analyze and monitor malicious web sites (http://sourceforge.net/p/spondulas/wiki/Home/)
So many tools, but if I were to single out just one it would be IPaudit (http://ipaudit.sourceforge.net/). Its old, hasn't been updated in ages and does not support IPV6, but it is great to detecting anomalies and odd patterns in your network. I can easily find local systems beaconing to botnet c&c, illicit IRC relays, etc...
And since the retained data is small, I can keep years of traffic data. That enables me to get the answer to the question "when was the first time we talked to that malicious IP ?"
#1 most valuable? iptables
NMap is probably one of my favorite tools of all time. It’s veristile and very good at what it does. Using some of the available scripts have also proven to be more than useful in the field.

NetCat – This tool is extremely well rounded. Some of my favorite features include tunneling mode which allows also special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface, and the remote host allowed to connect to the tunnel.

While NMap is my go to port scanner, there is built-in port-scanning capabilities, with randomizer, and dvanced usage options, such as buffered send-mode (one line every N seconds), and hexdump (to stderr or to a specified file) of trasmitted and received data.

Wireshark – Sharking the wires is one of my favorite things to do. It allows you to examine data from a live network or from a capture file on disk. You can interactively browse the capture data, delving down into just the level of packet detail you need.

Diary Archives