12/26/2011 3 idiots :-D

Hoy durante un dia agitado despues de una navidad en familia ,decidi ver una pelicula y revisar post en la  dragonjar.org sobre peliculas  podeis mirar en :
http://www.dragonjar.org/las-20-mejores-peliculas-hackers.xhtml/comment-page-2#comment-21975

Lo cierto es que la gran mayoria de peliculas ya las habia visto desde la maravillosa de  pi (genial si te gustan las matematicas ) hasta la que yo diria que mejor por efectos y actores  duro de matar 4.0 que por cierto recomendada :-D "que por cierto me cabe la duda con lo del virus y las fuentes ups ¿verdad o mentira ?" en fin decidí mirar la pelicula 3 idiots una pequeña descripcion :
Cuenta la historia de Rancho. Un chico con una pasión por estudiar y aprender, aunque no vemos una sola consola en la película, nos muestra la verdadera esencia del hacking, poder ver las cosas de otra forma y cuestionarse todo, realmente es una película que no pueden dejar de verse.
en la cual se ve mezclada la esencia de la vida y la passion,las enseñanzas se encuentran ahi,y mas cuando se confrontan con nuestra vida cotidiana.Yo eh decidido poner el link del video asi no teneis que ir hasta duck duck go ó google a buscar,asi que les dejo para que disfruteis.



Digg it StumbleUpon del.icio.us

12/25/2011 Merry Xmas for all and Camp1 Pereira Nighthack

hey,it's december is  a great month for all,you'll be observing easy  thefts in some streets,if you agree with me,please don't trust in anyone that you see for there,no one is secure is this month in fact the people is most confident ...
Since now  merry Xmas for all and remember that the security is something important for survive in this crazy world.



You Remember ccc ? ,well if  you dont  Chaos Computer Club  every year is making a conference similar to Defcon but this is mostly classic,spies and hackers in one only place,mainly i like defcon and C3 the assistants and speaker are so good,C3  is since 28 years  ago:

 The Chaos Computer Club (CCC) is an organization of hackers. The CCC is based in Germany and                  German-speaking countries.
The CCC describes itself as "a galactic community of life forms, independent of age, sex, race or societal orientation, which strives across borders for freedom of information...." In general, the CCC advocates more transparency in government, freedom of information, and thehuman right to communication. Supporting the principles of the hacker ethic, the club also fights for free universal access to computers and technological infrastructure. 
ccc28 

This year i and  some friends will be in a Fall place sin 28-30 december this could be named 'Camp1 Pereira Nighthack ' with retransmision of all conferences of C3-28 so people from uruguay and usa will arrived to giving a good trainings about wirelessSec and Cryptography....i'm excited for this.

More Information about C3 :
wiki
   
Digg it StumbleUpon del.icio.us

12/15/2011 Installing i3 under Debian Gnu/Linux


I3 has been a good option for me,during the last  3 or 4 months ago i've been testing all capacibilities,it was created because wmii didn't provide some features (see the man page or /usr/share/man/man1/i3.1.gz and uncompress), it targeted for advanced users and developers,the documentation is great and it has 2 options for install under debian. The 1 is with apt or aptitude or wathever package manager that you use,and the other is compile,in this blogpost i'm going to use aptitude for install it,this is the easy way :
aptitude update && aptitude install i3
 and i  forget the last this install is under wheezy i really don't know if stable  has it.If you dont install  a session manager you can try with gdm or another,but the better option and useful  is gdm no much dependeces and other bunch stuff's.so on  all work is done,but not  over yet remember check :
  1. i3status
  2. i3clock    
  3. dzen2 
when you finish the firts time that you init you xsession you'll configure your mod key in my case is alt,before after these i3 automatically create ~/.i3 too you can try to  optimize the i3 bar with this command :

exec i3status  |  dzen2  -bg black -fn "-misc-fixed-medium-r-normal--13-120-75-75-C-70-iso10646-1"
and add a wallpaper using feh :-D
feh --bg-scale  /home/user/yourwallpaper.png 

more info:
http://i3wm.org/downloads
http://i3wm.org/docs

I3 under Openbsd 
Digg it StumbleUpon del.icio.us

12/14/2011 Sym Py a math Library for Python

There are a some good libs in python but today we're going to speak about Sym Py a new library for make a usefuls test,reading it in google open source blog i found this excelent lib.

SymPy
 is a computer algebra system (CAS) written in pure Python. The core allows basic manipulation of expressions (like differentiation or expansion) and it contains many modules for common tasks (limits, integrals, differential equations, series, matrices, quantum physics, geometry, plotting, and code generation).

Features

SymPy core capabilities include:
  • basic arithmetics *,/,+,-,**
  • basic simplification (like a*b*b + 2*b*a*b -> 3*a*b**2)
  • expansion (like (a+b)**2 -> a**2 + 2*a*b + b**2)
  • functions (exp, ln, ...)
  • complex numbers (like exp(I*x).expand(complex=True) -> cos(x)+I*sin(x))
  • differentiation
  • taylor (laurent) series
  • substitution (like x -> ln(x), or sin -> cos)
  • arbitrary precision integers, rationals and floats
  • noncommutative symbols
  • pattern matching
Then there are SymPy modules for these tasks:
  • more functions (sin, cos, tan, atan, asin, acos, factorial, zeta, legendre)
  • limits (like limit(x*log(x), x, 0) -> 0)
  • integration using extended Risch-Norman heuristic
  • polynomials (division, gcd, square free decomposition, groebner bases, factorization)
  • solvers (algebraic, difference and differential equations, and systems of equations)
  • symbolic matrices (determinants, LU decomposition...)
  • mpmath (multiprecision floating-point arithmetic)
  • geometric algebra (GA)
  • Pauli and Dirac algebra
  • quantum physics
  • geometry module
  • plotting (2D and 3D)
  • code generation (C, Fortran, LaTeX)
  • Es :

Python Session

>>> from sympy import Symbol, cos
>>> x = Symbol('x')
>>> e = 1/cos(x)
>>> print e.series(x, 0, 10)
1 + (1/2)*x**2 + (5/24)*x**4 + (61/720)*x**6 + (277/8064)*x**8 + O(x**10)

ISymPy Session

In [1]: (1/cos(x)).series(x, 0, 10)
Out[1]: 
     2      4       6        8           
    x    5*x    61*x    277*x            
1 + ── + ──── + ───── + ────── + O(x**10)
    2     24     720     8064            
Digg it StumbleUpon del.icio.us

12/13/2011 BarcampSE v2 Slides



Recientemente en Colombia se llevo a cabo BarcampSE en su 2da version como el año anterior se realiza en diferentes ciudades del pais,y diferentes ciudades como pereira,bogota,barranquilla,medellin,cali este evento solo pretende acercar mas a la comunidad interesada en informatica   y personas interesadas de algun modo en su seguridad y sus cercanos,ademas genera espacios de aprendizaje y compartir experiencias con profesionales de campo.Al igual que el año pasado  este año tuve el placer de asistir en Pereira realizado en Parquesoft y coordinado por @Santiaguf y @Dragonjar  algunas de las desconferencias fueron :
  • Client Side Attacks 
  • Analisis Forense en IOS 
  • Steganografia 
  • Seguridad en Voz ip 
este año al igual que el anterior tuve el placer de presentar una pequeña desconferencia donde la meta era hacer reir y a pesar de la poca asistencia la idea fue percibida por la mayoria de los asistentes tanto asi que los manipule y ni se dieron cuenta( :P ),conoci a muchas personas algunos nuevos en el tema otros ya con experiencia,entre ellos Dragonjar con quien habia intercabiado algunas palabras por gtalk y a su linda esposa,diego g de manizales,pero al final fue un buen rato el que se paso riendo y aprendiendo,asi que esperemos que el otro año organizar con mas tiempo el BarcampSE v3.0 y  realizar combocatoria masiva y dentro de una universidad donde la investigacion,el humor y la seguridad se mezclen. :P

Tambien os queria compartir mis Slides,realizados bajo libreoffice .


Digg it StumbleUpon del.icio.us

11/14/2011 Wallpapers & Muchos Estilos

Recientemente mi  amgio Christopher94 me ah compartido un excelente sitio en el cual podemos encontrar excelentes wallpapers,podria decir que algunos de los mejores creativos se encuentran alli,de hecho el realizador de la infografia de Stuxnet tiene algunos diseños propios alli quienes no lo hallan visto aun aqui esta :


Finalmente decir que wallbase.cc  tiene clasificados sus wallpapers en diferentes categorias.


Star wars 

Matematics


Pirate



Tambien puedes mirar su toplist :

http://wallbase.cc/toplist

Hasta una proxima.
Digg it StumbleUpon del.icio.us

10/31/2011 Portal Cautivo Comcel 3g 1 de 2



Es posible llevar acabo una conexion atravez de 3g atravez de un celular que soporta la caracteristica
resulta logico  decir  que algunos proveedores estan haciendo uso de los captive portals 
o portales cautivos como de aseguramiento  y verificacion si el cliente tiene saldo o no.Recientemente una amiga me a traido su equipo para arreglarlo,la cosa cual iva de reinstalar sistema operativo generar un reporte y hacer unas pruebas sobre hardware en memoria la solucion va de reemplazar la memoria ram,por cosas de la vida ella aun  no ha venido por el equipoy decidido revisar un celular el cual hay en casa que  nadie a usado,resulta ser un lg el tiene la capacidad para 3g.Ya anteriormente miravamos como realizar el bypass de esta medida  de seguridad que se esta implementando en hoteles,en resumen de anteriores post  solo es cambiar nuestra mac address  por una de un cliente el cual se encuentre connectado al ap,pero que pasa en  redes 3g cuando solo tu estas usando simcard o SIM HOLDER! y la conexion es atravez de antenas repetidoras como en la imagen :
En este caso en vez de un ms un oprador de servicios




...Buena pregunta resulta que si nos conectamos atravez del celular y elegimos perfil de
red  seleccionamos nuestro perfil de red en mi caso COMCEL
apn:internet.comcel.com.co
numero de llamada :*99#
usuario :COMCELWEB
password :COMCELWEB

finalmente realizamos nuestra coneccion y quedara establecidad.


aqui es donde viene el bypass de portal cautivo obteniendo la siguiente salida :

observamos que se encuentran usando los opendns !, nuestra tarea para saltar esto es usar iodine, realizar un tunnel dns para no tener que pagar nada :-).Por cuestiones legales con la nueva ley de regulación  telecomunicaciones esto quizás podria tener repercusiones...
Pueden mirar un ejemplo de uso de iodine.


hasta la proxima :)
Digg it StumbleUpon del.icio.us

10/04/2011 Bruce Schneier: The security mirage



This idea  is great from a point of view please take a moment for watch it .
Digg it StumbleUpon del.icio.us

10/03/2011 Defcon Presentations!


Yesterday  i was announcing  the Defcon 19 dvd download in  Dragonjar comunitty,the dvd has all  presentations,specifications for all design about badges and more ....
You can download here
http://defcon.org/ obviously,specificly
https://media.defcon.org/dc-19/defcon-19-dvd-updated.iso (~1.7 GB)
i have seen a little of this presentations in my free time  and until now  i like some presentations


"Deceptive Hacking " by bruce Barnet aka grymoire

Let’s say that a hacker desires to extract large amounts of
intellectual property from a network. However, steganography and
covert channels would take too long. Instead, the hacker desires to
obtain the information as quickly as possible, without alerting the
victims that the information was obtained.


In this presentation he explains a little Se Tips,and interesting concepts techniques about  psychology.

and other interesting presentation was did by Ming show "Abusing Html5 ",his analisys as centre in pricipal flaws in the new Html version and some links :


http://www.html5rocks.com
http://code.google.com/p/html5security
http://html5test.com


as you know  i also attaching the presentations and  a paper from barnet presentation,i hope that you enjoy :-D...feel free for comment .

Download

encrypt with gpg

passwd:defcon19
Digg it StumbleUpon del.icio.us

9/26/2011 Extensiones Utiles Chrome



Las extensiones son  pequeños scripts o plugins que tienen como tarea expandir y mejorar la utilidad de nuestro navegador,por eso aqui presento
algunos que quizas te puedan parecer o no desde mi punto de vista,asi que toma las que creas que necesitas y desecha las demas.


Si tienes alguna extension que crees que falta hazmelo saber...participa !
Digg it StumbleUpon del.icio.us

Chrome y Sus configuraciones



Quizas para algunos chrome o chromium sean uno de los navegadores mas usados hoy os pretendo mostrar quizas algunas extensiones para chrome(talvez en chromium) que quizas no sea muy util en nuestra navegacion segura,explicacion de urls locales que posee el navegador.

Al igual que en firefox Chrome posee una serie de funciones
que nos permiten configurar ciertos parametros si estas en
firefox simplemente realizando un simple

about:config 

podras observar parametros como ssl,proxy,contenidos,entre otros
en chrome como comentaba anteriormente tenemos urls locales

chrome://chrome-urls 

Tratare de explicar las mas importantes .

chrome://appcache-internals
Esta opción nos muestra todos los datos referente a la caché que ocupa nuestro navegador, pudiendo no sólo borrarla
sino además conocer cuánta caché ocupa una determinada aplicación web

chrome://crashes
Ofrece informes de errores producidos, si el envío de información de errores está activado,
esta opcion podria no ser del todo confiable puesto que no se sabria que informes envia a los
servidores de google,sistema operativo,...etc.

chrome://credits
Muy interesante para saber de donde han salido algunas aplicaciones que estan dentro del chrome,tales
como son pyftpdlib,zlib.

chrome://dns
muestra las URLs de las DNS que pre-cargará en el próximo arranque de la aplicación

chrome://extensions
Lista de extensiones instaladas .

chrome://flags
Lista completa de Funciones experimentales,algunas de las que estan en la lista
aun no son completamente estables,por lo que deciden incluirlas pero no habilitarlas en
instalaciones por defecto por eso alli te aparecera:

 "tu seguridad y tu privacidad se podrían ver comprometidas de forma inesperada.
  Cualquier experimento que actives, se activará para todoslos usuarios de este navegador,
  así que te recomendamos que actúes con precaución."

yo recomiendo habilitar:
Bloquear todas las cookies de terceros
El usuario especificó una dirección de servidor DNS.
Composición por GPU en todas las páginas

chrome://flash
Muestra acerca de la versión de Flash instalada, la tarjeta gráfica que disponemos y la versión del controlador.

chrome://gpu-internals
Muestra datos acerca  aceleración por hardware, driver instalado, características de la GPU/display y de soporte.

chrome://net-internals
Ofrece informaciones acerca de las conectividades del navegador, como las conexiones a los servidores de Google SPDY,
la caché http del navegador, soporte http throttling,quizas esta sea una de las mejores opciones que podamos encontrar
mas utiles puesto que permite hacer pruebas...

chrome://quota-internals/
Tambien muy importante.

chrome://tcmalloc
Estadísticas de la recarga de la página más reciente,muestra ademas cierta informacion sobre los pid(proccess identification)corridos,como
memoria consumida de la pagina reciente !...

chrome://sandbox
Muestra si se encuentra habilitado  los entornos de pruueba.


Visto en
Algunos problemas conocidos :
http://www.google.com/support/chrome/bin/static.py?page=known_issues.cs&&hl=en

Digg it StumbleUpon del.icio.us

9/11/2011 Los virus en Unix/Linux



Es comun escuchar entre charlas de Informáticos el lio con los virus  sobre  Unix/Linux,pero  lo mas comun que escuchamos  quizas pueda ser :

*"No tenemos virus,estamos completamente libres "
*"Tienes Antivirus...Para que ?"
*"Quizas tenga eso virus ejecutables,pero son de windows...que pasa con las maquinas que  quizas esten en tu red,un servidor samba!!! "

Si hay algo que es muy cierto es que  en Unix /Linux  la administración de procesos y la identificación de malware es quizas mucho mas sencilla puesto que los procesos  son mas transparentes al usuario,esta cuestion depende tambien del expertise  y  habilidades tecnicas de cada uno,asi que la mayoria de los que usamos esta plataforma no nos encontramos exentos de los riesgos de infección.Algunos de los tipos de infeccion que podriamos encontrar seria de Tipo :
Elf
ShellScripts ...entre otros quizas este video sea mas claro



Quizas podria Interesarte:

Unix ELF parasites and virus


http://vxheavens.com/lib/vsc01.html

Asi que tomar algunas medidas de prevención  no estaría mal, podrias usar herramientas tales como :
*Clamav,u otro antivirus de mercado como avast,eset,...etc
*TigerSecurity Auditor
*Chkrootkit
*CheckSecurity
*Lynis
*logcheck
*Selinux o Bastille

que minimizaran el impacto de una infección u otro problema,aprender a usar cada herramienta y optimizar las tareas en el sistema también es una tarea vital que requiere paciencia y tiempo.



















Digg it StumbleUpon del.icio.us

7/25/2011 NSE:Another good Videos :-D

Hi,recently i was searching for anothers videos and resources and i found this good videos ! from the good post from aegis security :

http://vimeo.com/channels/nmap << Nmap channel in Vimeo with update,blackhat,schmoocon !! conferences

http://vimeo.com/16291301 << David Shaw in the

so also in the previous post we were seeing about NSE

i hope that like it :-D

you can see this interesting and wicked script :-D ....
Digg it StumbleUpon del.icio.us

6/26/2011 Aprendiendo Criptografia como si fueramos niños

Durante esta semana revisando el foro me encuentro que se acaba de gestionar la primera defcon para niños,si asi como lo haz leido defcon para niños,es interesante ver como en otros paises se mueve nuestra cultura desde temprana edad  ...(por eso son las maquinas en esos ctf )mirando la seccion de links me encontre con algo muy chistoso pero a la vez interesante un link que dice http://www.nsa.gov/kids/ ! un excelente portal donde el centro principal es una historia o grupo de animales dedicados a defender el pais,alli los niños tendran la posibilidad de aprender cosas como criptografia basica,intermedia,avanzada codigo morse entre otros ....interesante forma de enseñar criptografia  .

Digg it StumbleUpon del.icio.us

6/12/2011 Distribucion OpenBsd Colombiana



OpenBsd Adj es una de las primeras distribuciones colombianas de este hermoso Sistema Operativo con el que muchos trabajamos y hacemos pruebas,como ustedes  saben OpenBSD no ha sido diseñado como sistema operativo de escritorio, sino para manejar un servidor conectado a Internet de forma extra-segura, sin embargo diversos desarrolladores han buscado mejorar su usabilidad en el escritorio,Openbsd Adj(Aprendiendo de Jesus) pretende ser mas usable como entorno de escritorio para personas que desean  tener seguridad al 100%  puesto que openbsd tiene un modo de Instalacion  por default  seguro,Vladimir Tamara  uno de los creadores ,esta realizando una serie de Cursos en p2pUniversity para todos aquellos que tengan las nociones basicas de Uso en Gnu/Linux .

Asi que les dejo el link para la documentacion que hasta ahora hay :

http://structio.sourceforge.net/guias/usuario_OpenBSD/index.html#introduccion

El curso :

http://new.p2pu.org/es/groups/openbsd-adj-como-sistema-de-escritorio/
Digg it StumbleUpon del.icio.us

Vulnerabilidades de Seguridad



Antes ya habiamos  compartido aqui un post hecho por G0tm1lk,En el cual se hacia un listado de algunas herramientas las cuales nos permiten aprender acerca de vulnerabilidades  e incrementar nuestras habilidades ,hoy quiero compartir con ustedes la entra de Felipe Martin  a si que dejo el enlace para que mireis  otro buen post :

http://www.felipemartins.info/2011/05/pentesting-vulnerable-study-frameworks-complete-list/

 
Digg it StumbleUpon del.icio.us

5/03/2011 i3 en Openbsd

Durante esta semana un compañero de estudio me a pedido que organize su sistema,diciendo que simplemente era para hacer una instalacion de Openbsd y Organizar los servicios comunes para desarrollar web(Servidor Apache+Mysql..)yo creyendo en pablo decidio hoy martes ir a su casa a revisar y hacerle el favor de una vez.Cuando el me dijo realmente parecia sencillo y era realizar configuraciones de rutina:

  • Configuracion de Usuarios

  • Configuracion Packet Filter

  • Configuracion de Apps

  • Configuracion Grsecurity (Aunque ya no tan necesario)

  • Configuracion de X11

  • SSH

  • Pkg


entre otras tareitas que quizas cualquiera con capacidad lectora pudiece ;-D hacerlo Llegando a su casa me encuentro con esta sorpresa :


Dentro de mi (Realmente este man tiene excelentes maquinas :-( ),en fin comence y me di a la tarea de configurar y organizar toda el particionado de los 8 Tb que me habia  dejando para la tarea, un disco de un 1 Tb por aparte para la instalacion de dos linux,quedando asi lo que organize :

  • Power Edge :OpenBsd 4.9
    Torre Tower Multiple : particion /var/log
    Y dos Desktops normales :Otros linux
    Y algunos otros discos sin particionar


La cuestion es que todo tenia que verse en dos monitores lo cual no sabia hacer asi que encontre este articulo
http://www.ibm.com/developerworks/library/os-mltihed/ muy interesante por cierto.

Realizando todo con normalidad me tope con un problema con el pkg y era que no salia internet ....habiendo olvidado reiniciar decidi hacerlo por que parecia un error en  un archivo en perl

/usr/libdata/perl5/site_perl/i386-openbsd/rpc/types.ph


quedandome con la duda ?.ahora si simplemente haciendo :
#echo 'export PKG_PAHT=ftp://ftp.openbsd.org/pub/OpenBSD/4.9/packages/xx/'>> ~.profile
me quite el problema de estar exportando la ruta de los paquetes asi cada vez que reinicie no voy a tener 
ese problema
instalando I3
Para los que no sepais que es I3 dejo su definicion :

i3 is a tiling window manager, completely written from scratch.

i3 was created because wmii, our favorite window manager at the time, didn’t provide some features we wanted (multi-monitor done right, for example), had some bugs, didn’t progress since quite some time and wasn’t easy to hack at all (source code comments/documentation completely lacking). Still, we think the wmii developers and contributors did a great job. Thank you for inspiring us to create i3.

Please be aware that i3 is primarily targeted at advanced users and developers.

Lo primero que se hace es descargar el packete ya sea desde los ports o paquetes en este caso :

#pkg_check

#pkg_add i3
# pkg_info i3
Information for inst:i3-3.5.1p2

Comment:
improved dynamic tiling window manager

Description:
i3 is an improved dynamic, tiling window manager originally inspired
by wmii.

Maintainer: David Coppa <dcoppa@openbsd.org>

WWW: http://i3.zekjur.net/

una vez tenemos i3 instalado podemos ver que en nuestro usuario sin permiso no puede iniciar las x de i3 si
no las de Fvwn.para ello solo hacemos en nuestro archivo .xinitrc la llamada a i3
$mkdir ~/.i3
$cp /etc/i3/config ~/.i3/config
$ vi ~/.xinitrc

añadimos las siguientes lineas
#!/bin/sh
xsetroot -solid black
exec /usr/local/bin/i3
$ln -s ~/.xinitrc ~/.Xsession
Y eso fue todo por hoy :-d
Digg it StumbleUpon del.icio.us

4/11/2011 Gamification of Information Security ...Pauldotcom(mailist )



Gamification has been the buzz for the past few years. Game design concepts are appearing in everyday interactions like education, physical fitness/wellness, automotive design and even personal finances [and]. I am thinking about ways to use gameplay mechanics to reward employees for completing otherwise mundane tasks. I want to unlock that achievement "Making Work Fun".

Typical gaming techniques include:

achievement "badges"

achievement levels

"leader boards"

a progress bar or other visual meter to indicate how close people are to completing a task a company is trying to encourage, such as completing a social networking profile or earning a frequent shopper loyalty award.

virtual currency

systems for awarding, redeeming, trading, gifting, and otherwise exchanging points

challenges between users

embedding small casual games within other activities

There are hacker challenges and competitions that encourage youth into the field of information security (or used as a recruiting ground by government agencies or companies)

What could day-to-day gamification of Information Security in the workplace look like? I want to brainstorm a few ideas first without thinking about the specific implementation (as this may put constraints or limits on the mechanics of the awards).

For example, awards could be something like:

"Security First": # of days without violating security policy or acceptable use (30 days, 90 days, 6 months, 1 year, 2 years, 5 years)

"Security Smarts": # of hours of security awareness training completed (users could also get credits for reading security bulletins).

"Security Star": based on the score an employee receives on security awareness quiz (bronze: >80%, silver: >90%, gold: 100%)

"Strong Passwords": employee uses strong passwords

"Memory Like an Elephant" - # days without a password reset (30 days, 90 days, 6 months, 1 year, 2 years, 5 years)

"Security Points": some form of currency or experience points for completing security related tasks or activities

For IT staff there are other things I can think of regarding service management, system management, patch management, change management and risk management (this can apply to most employees).

Maybe these are tracked and displayed individually or as a department to foster friendly competition and encourage better security practices. Maybe these are used as part of an annual performance review.

Basically, informatio security departments tends to get a bad reputation because they are the stick enforcing security policies. I'm trying to think of ways to be the carrot. I would rather provide a wall of fame for the superstars rather than a wall of shame (though I remember in one organization we had a giant screw mounted on a piece of wood... "screw up award"... it was the hot potato... we were always quick to pass it along to the next deserving coworker).

Any examples of gamification you've experienced in the workplace? Or, can you think of any ways to gamify information security?



.b

taken from :http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom


Digg it StumbleUpon del.icio.us

3/20/2011 Vulnerable by Design by g0tm1lk blog's

Hi again folks,reading my feeds i found a interesting post with the most important enviroments for practice your skills hacking, i wait that you like :
Pentest lab. "Hacker" training. Deliberately insecure applications challenge thingys.
Call it what you will, but what happens when you want to try out your new set of skills? Do you want to be compare results from a tool when it's used in different environments? What if you want to explore a system (that is legal to do so!) that you have no knowledge about (because you didn't set it up!)...
If any of that sounds helpful, below is a small collection of different environments, so if you want to go from "boot to root", "capture the flag" or just to dig around as much as you want to try out the odd thing here and there. These will allow you to do so and without getting in trouble for doing it!
The idea isn't to cheat, the aim is to learn a thing or two ;)
I'm sure there are a lot more out there, if you want to recommend any others - please so do! =)
Complete Operating System. The idea of going from boot to root via any which way you can. Most of them have multiple entry points (some are easier than others) so you can keep using it ;)  They are all Linux OS (either in ISO or VM form) with vulnerable/configured software installed. (If you haven't got any VM software, VMware Playeris free and will do the trick)
(Offline) Web based. Most of them you'll need to download, copy and load the files yourself on your own web server (if you haven't already got one, xampp is great). A few of them are VM images that can be loaded in to Virtual machines as they come with all the software & settings needed.
(Online) Web based. Same as above, however if you don't want the hassle of setting it all up or to be able to do it where ever you have a Internet connection...
Complete Operating System
Name: Damn Vulnerable Linux
Homepagehttp://www.damnvulnerablelinux.org/
Brief descriptionDamn Vulnerable Linux (DVL) is everything a good Linux distribution isn’t. Its developers have spent hours stuffing it with broken, ill-configured, outdated, and exploitable software that makes it vulnerable to attacks. DVL isn’t built to run on your desktop – it’s a learning tool for security students.
Version/Levels: 1
Support/Walk-throughBrochure
Name: De-ICE
Homepagehttp://heorot.net/livecds/ or http://www.de-ice.net
Brief descriptionThe PenTest LiveCDs are the creation of Thomas Wilhelm, who was transferred to a penetration test team at the company he worked for. Needing to learn as much about penetration testing as quickly as possible, Thomas began looking for both tools and targets. He found a number of tools, but no usable targets to practice against. Eventually, in an attempt to narrow the learning gap, Thomas created PenTest scenarios using LiveCDs.
Version/LevelsLevel 1 - Disk 1Level 1 - Disk 2Level 2 - Disk 1
Support/Walk-throughForumsWiki,  Level 1 - Disk 1Level 1 - Disk 2Level 2 - Disk 1
Name: Holynix
Homepagehttp://pynstrom.net/holynix.php
Brief descriptionHolynix is a Linux distribution that was deliberately built to have security holes for the purposes of penetration testing.
Version/Levels:2
Support/Walk-throughForumSourceForge
Name: Kioptrix
Homepagehttp://www.kioptrix.com
Brief descriptionThis Kioptrix VM Image are easy challenges. The object of the game is to acquire
root access via any means possible (except actually hacking the VM server or player).
The purpose of these games are to learn the basic tools and techniques in vulnerability
assessment and exploitation. There are more ways then one to successfully complete the challenges.

Version/Levels: 2
Support/Walk-throughBlogLevel 1 - mod_sslLevel 2 - Injection
Name: Metasploitable
Homepagehttp://blog.metasploit.com/2010/05/introducing-metasploitable.html
Brief descriptionOne of the questions that we often hear is "What systems can i use to test against?" Based on this, we thought it would be a good idea throw together an exploitable VM that you can use for testing purposes.
Version/Levels: 1
Support/Walk-throughBlogDistCCMySQLPostgreSQLTikiWikiTomCat
Name: NETinVM
Homepagehttp://informatica.uv.es/~carlos/docencia/netinvm/#id7
Brief descriptionNETinVM is a single VMware virtual machine image that contains, ready to run, a series ofUser-mode Linux (UML) virtual machines which, when started, conform a whole computer network inside theVMware virtual machine. Hence the name NETinVM, an acronym for NETwork in Virtual Machine. NETinVM has been conceived mainly as an educational tool for teaching and learning about operating systems, computer networks and system and network security, but other uses are certainly possible.
Version/Levels: 3 (2010-12-01)
Support/Walk-throughBlog
Name: pWnOS
Homepagehttp://forums.heorot.net/viewtopic.php?f=21&t=149
Brief descriptionIt's a linux virtual machine intentionally configured with exploitable services to provide you with a path to r00t. :) Currently, the virtual machine NIC is configured in bridged networking, so it will obtain a normal IP address on the network you are connected to. You can easily change this to NAT or Host Only if you desire. A quick ping sweep will show the IP address of the virtual machine.
Version/Levels: 1
Support/Walk-throughForumsLevel 1
(Offline) Web Based
Name: BadStore
Homepagehttp://www.badstore.net/
Brief descriptionBadstore.net is dedicated to helping you understand how hackers prey on Web application vulnerabilities, and to showing you how to reduce your exposure. Our Badstore demonstration software is designed to show you common hacking techniques.
Version/Levels: 1 (v1.2)
Support/Walk-throughPDF
Name: Damn Vulnerable Web App
Homepagehttp://www.dvwa.co.uk/
Brief descriptionDamn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
Version/Levels: 1 (v1.0.7)
Support/Walk-throughPDF
Name: Hacking-Lab
Homepagehttp://www.hacking-lab.com/
Brief descriptionThis ist the LiveCD project of Hacking-Lab (www.hacking-lab.com). It gives you OpenVPN access into Hacking-Labs Remote Security Lab. The LiveCD iso image runs very good natively on a host OS, or within a virtual environment (VMware, VirtualBox).
The LiveCD gives you OpenVPN access into Hacking-Lab Remote.You will gain VPN access if both of the two pre-requirements are fulfilled.
Version/Levels: 1 (v5.30)
Support/Walk-throughDownload
Name: HackUS HackFest Web CTF
Homepagehttp://hackus.org/en/media/training/
Brief descriptionThe Hackfest is an annual event held in Quebec city. For each event, a competition is held where participants competed at solving challenges related to security. For the 2010 edition, I got involved in the competition by creating the web portion of the competition.
Version/Levels: 1 (2010)
Support/Walk-throughBlogSolutionnaire (English)
Name: Hacme
Homepagehttp://www.mcafee.com/us/downloads/free-tools/index.aspx
Brief descriptionFoundstone Hacme Casino™ is a learning platform for secure software development and is targeted at software developers, application penetration testers, software architects, and anyone with an interest in application security.
Version/Levels: 5 (2006)
Support/Walk-throughBankBookCasinoShippingTravel
Name: LAMPSecurity
Homepagehttp://sourceforge.net/projects/lampsecurity/
Brief descriptionFoundstone Hacme Casino™ is a learning platform for secure software development and is targeted at software developers, application penetration testers, software architects, and anyone with an interest in application security.
Version/Levels: v6 (4x)
Support/Walk-throughSourceForge
Name: Moth
Homepagehttp://www.bonsai-sec.com/en/research/moth.php
Brief descriptionMoth is a VMware image with a set of vulnerable Web Applications and scripts, that you may use for:
  1. Testing Web Application Security Scanners
  2. Testing Static Code Analysis tools (SCA)
  3. Giving an introductory course to Web Application Security
Version/Levels: v6
Support/Walk-throughSourceForge
Name: Mutillidae
Homepagehttp://www.irongeek.com/i.php?page=security/mutillidae-deliberately-vulnerable-php-owasp-top-10
Brief descriptionMutillidae: A Deliberately Vulnerable Set Of PHP Scripts That Implement The OWASP Top 10
Version/Levels: v1.5
Support/Walk-through: N/A
Name: Open Web Application Security Project (OWASP) Broken Web Applications Project
Homepagehttps://code.google.com/p/owaspbwa/
Brief descriptionThis project includes applications from various sources (listed in no particular order).
Intentionally Vulnerable Applications:
Old Versions of Real Applications:
  • WordPress 2.0.0 (PHP, released December 31, 2005, downloaded from www.oldapps.com)
  • phpBB 2.0.0 (PHP, released April 4, 2002, downloaded from www.oldapps.com)
  • Yazd version 1.0 (Java, released February 20, 2002)
  • gtd-php version 0.7 (PHP, released September 30, 2006)
  • OrangeHRM version 2.4.2 (PHP, released May 7, 2009)
  • GetBoo version 1.04 (PHP, released April 7, 2008)
Version/Levels: v0.92rc1
Support/Walk-through: N/A
Name: SecuriBench
Homepagehttp://suif.stanford.edu/~livshits/securibench/
Brief descriptionStanford SecuriBench is a set of open source real-life programs to be used as a testing ground for static and dynamic security tools. Release .91a focuses on Web-based applications written in Java.
These applications suffer from a variety of vulnerabilities including
  • SQL injection attacks
  • Cross-site scripting attacks
  • HTTP splitting attacks
  • Path traversal attacks
Version/Levels: v0.91a
Support/Walk-through: N/A
Name: UltimateLAMP
Homepagehttp://ronaldbradford.com/blog/ultimatelamp-2006-05-19/
Brief descriptionUltimateLAMP is a fully functional environment allowing you to easily try and evaluate a number of LAMP stack software products without requiring any specific setup or configuration of these products. UltimateLAMP runs as a Virtual Machine with VMware Player (FREE). This demonstration package also enables the recording of all user entered information for later reference, indeed you will find a wealth of information already available within a number of the Product Recommendations starting with the supplied Documentation.
Version/Levels: v0.2
Support/Walk-throughPasswords
Name: Virtual Hacking Lab
Homepagehttp://virtualhacking.sourceforge.net/
Brief descriptionA mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats
Version/Levels: 1 (2009)
Support/Walk-throughSourceForge
Name: WackoPicko
Homepagehttps://github.com/adamdoupe/WackoPicko
Brief descriptionWackoPicko is a vulnerable web application used to test web application vulnerability scanners.
Version/Levels: 1
Support/Walk-through: N/A
Name: WebGoat
Homepagehttp://www.owasp.org/index.php/Category:OWASP_WebGoat_Project
Brief descriptionWebGoat is a deliberately insecure J2EE web application maintained by OWASP designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application.
Version/Levels: 1
Support/Walk-throughUser GuideGoogleCodeSourceForge
Name: WebMaven
Homepagehttp://www.mavensecurity.com/WebMaven/
Brief descriptionWebMaven (better known as Buggy Bank) was an interactive learning environment for web application security. It emulated various security flaws for the user to find. This enabled users to safely & legally practice web application vulnerability assessment techniques. In addition, users could benchmark their security audit tools to ensure they perform as advertised.
Version/Levels: 1.0.1
Support/Walk-throughDownload
Name: Web Security Dojo
Homepagehttp://www.mavensecurity.com/web_security_dojo/
Brief descriptionA free open-source self-contained training environment for Web Application Security penetration testing. Tools + Targets = Dojo
Various web application security testing tools and vulnerable web applications were added to a clean install of Ubuntu v10.04.1, which is patched with the appropriate updates and VM additions for easy use.
Version 1.1 includes an exclusive speed-enhanced version of Burp Suite Free. Special thanks to PortSwigger .
Version/Levels: 1
Support/Walk-throughSourceForge
(Online) Web Based
Name: Gruyere / jarlsberg
Homepagehttp://google-gruyere.appspot.com/
Brief descriptionThis codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks. The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually exploiting a real application
Version/Levels: 1 (v1.0.7)
Support/Walk-throughPDFDownload offline
Name: HackThis
Homepagehttp://www.hackthis.co.uk/
Brief descriptionWelcome to HackThis!!, this site was set up over 2 years ago as a safe place for internet users to learn the art of hacking in a controlled environment, teaching the most common flaws in internet security.
Version/Levels: 32 (40?)
Support/Walk-through: N/A
Name: HackThisSite
Homepagehttp://www.hackthissite.org/
Brief descriptionHack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. More than just another hacker wargames site, we are a living, breathing community with many active projects in development, with a vast selection of hacking articles and a huge forum where users can discuss hacking, network security, and just about everything. Tune in to the hacker underground and get involved with the project.
Version/Levels: Lots
Support/Walk-through: N/A
Name: Vicnum
Homepagehttp://vicnum.ciphertechs.com/
Brief descriptionA mirror of deliberately insecure applications and old softwares with known vulnerabilities. Used for proof-of-concept /security training/learning purposes. Available in either virtual images or live iso or standalone formats
Version/Levels: 1.4 (2009)
Support/Walk-throughSourceForge (Download)
Taken from :http://g0tmi1k.blogspot.com ©
Digg it StumbleUpon del.icio.us

3/14/2011 Conociendo Nmap Scripting Engine (NSE)

Desde Hace Mucho tiempo Nmap es una de las herramientas favoritas que e tenido para realizar mis pentest y mis experimentos en redes,Nmap es sencillo y  es muy modular a la hora de practicar con el,la facilidad con reportes y mezcla con otras herramientas (metasploit...)en fin una herramienta que no debe faltar en nuestro garage ,Algunas personas se preguntara me da mucha pereza escribir ese sin fin de opciones que tiene nmap,pues os tengo la solucion Nmap Scripting Engine
The Nmap Scripting Engine (NSE) is one of Nmap's most powerful and flexible features. It allows users to write (and share) simple scripts to automate a wide variety of networking tasks. Those scripts are then executed in parallel with the speed and efficiency you expect from Nmap. Users can rely on the growing and diverse set of scripts distributed with Nmap, or write their own to meet custom needs.

Basicamente con nse podras escribir todos tus scripts...pero eso si tendras que empezar desde el principio como todo buen cerrajero !Practicando ! asi que os dejo los siguientes links :

http://nmap.org/book/nse.html

[vimeo http://www.vimeo.com/15655756 w=400&h=200]

Mastering the Nmap Scripting Engine - Fyodor & David Fifield - Defcon 18 from Gordon Fyodor Lyon on Vimeo.









 

 
Digg it StumbleUpon del.icio.us

2/05/2011 Debian Squeezy Release Party and Live Microblogging


Hi again Folks!

During the last months the Team of Security and Developers of Debian proyect have been working in a Squeezy the next release of Debian Stable,in the maintime in around the world is doing a parties today 5 and 6 of february ,for these today i share the next links ,there you will found all information about the party and your town here,also  is starting  a party line in the account of Identi.ca/debian  .The Debian Party Line is a distributed release celebration. Using mumble we can all voice chat together, on a virtual party line.

Some Details :

who


Debian users and developers.

when


February 5th and 6th.

We will follow the events leading up to the release of Squeeze. Developers who have a view into the process are invited to provide play-by-play commentary. And then we will ring in the new release.

Schedule

February 5th



  • 1:00 GMT - party line officially opens, but this may be a quiet time (check if your sound setup works, etc)

  • 14:00-23:59 GMT - Joey plans to be on the party line during much of this time period, to welcome guests and provide play-by-play of the release process.


February 6th



  • 14:00 GMT - Joey resumes play-by-play if release hasn't happened yet

  • 23:59 GMT - party line probably closes


where


Everywhere there's bandwidth. Mumble needs 10-40 kbit/s outgoing bandwidth, and the same amount incoming for each user who's talking. We hope any reasonable broadband connection will do.

The mumble server is mumble.debian.net. It is located in the UK.

how


See instructions for using mumble.

In Colombia :

Colombia Chaparral-Tolima



  • When: El 5 o 6 febrero (el día será cuando se pueda descargar la versión estable de la página oficial)

  • Where: en mi casa :) (en las profundidades inexorables de mi habitación)

  • What: pos no se... zurumba, chicha lo que sea... se descargará la versión estable y se procederá a la instalación del sistema operativo y subsecuentemente a la instalación y configuración de algunos programas

  • Bring: pos upe turupe que tampoco se... ahí verán


nota: como al parecer y hasta donde me he enterado en donde habito soy el único que utiliza Gnu-Linux entonces realizaré la fiesta de lanzamiento sólo... esto con el objetivo primero de disfrutar de la instalación de la nueva versión estable de Debian y también con el objetivo tal vez de incentivar a que en un futuro sean más las personas que realicemos y participemos de esta fiesta de lanzamiento




Colombia: Bogotá



 

Participants



  1. oscar3425

  2. AndresVia





Colombia: Medellin






Colombia: Pereira



  • When: February 5, 2011 - 19:00

  • Where: Parnaso Bar - Cr6 23-35

  • What: Beer, food, talk, meet debian users

  • Bring: Whatever you want

  • More info: diegomad(at)gmail(dot)com - webchat



 

 

 

 
Digg it StumbleUpon del.icio.us

1/28/2011 El Poder de Google Dorks

Mucho tiempo atras algunos especialistas de seguridad decidieron hacer uso de los operadores avanzados para realizar busquedas y permitir una mejor indexacion en sus busquedas claro estar que esto existe desde cuando estaba mosaic usar a otro compañia para no tener que ensuciarnos nosotros las manos y no tener que romper las leyes,pues si es la maravilla de google dorks o google hacking ese poder que nos da los buscadores y hacer uso de opciones avanzadas hoy mientras discutia con mis compañeros sobre google y por que evitar el file sharing
"Que va ramon vamos por el,a que soy capaz de encontrarte una pequeña lista de hashes y archivos shadow de algunas de las empresas locales "
"Puede que si pero estas seguro de que tendras el permiso para verlos !"

Esta duda rondaba mi cabeza pero al final lo e conseguido una de las empresas de software contable tenia linkeado su sitio web con redes internas...Y todo ello haciendo uso de google y bing ;-) con un simple ext:shadow,shadow~ os muestra todo ! ejemplillo de ello los errores de stanford publicando todos sus hash
ext:shadow site:.edu

y os aseguro que te llevaras una gran sorpresa
http://md5.stanford.edu/hashlist.md5.shadow

Os podria decir que google tiene algunas de las verdades ....podes practicar y lo unico que e usado yo es google and bing
googleguide
googledorks
johnylong
johnylong offensive actualizado !
Espero os sirva y alli esta google con sus millones de sitios indexados a la espera de nuevos amos !
Digg it StumbleUpon del.icio.us

1/25/2011 Free Shell Accounts

Durante esta semana me la e pasado buscando servidores que me permite interactuar con diferentes sistemas operativos y llevar acabo algunos proyecticos que tengo,algunas de las que listare te permitiran crear una cuenta en sus servidores algunos te permitiran cifrar tus archivos otros no pero son muy valiosos eso si todo desde una terminal al estilo minimalista y claro por que es mejor asi al estilo antiguo

http://freeshell.org 80 MB ssh,telnet,DSO/PPP/diauluo acces,email,usenet,chat,webspace,python..... NetBSD.
Modo de uso ssh freeshell.org -l

http://sdf.org/?signup 2MB ssh and telnet, email. OpenBSD
Modo de uso ssh new@sdf.org

http://www.nyx.net/ the oldest free public access ISP offers a text-based newsfeed, email, web access, lynx, webspace hosting SunOS(nyx)
Modo de uso telnet nyx.nyx.net no soporta ssh !dont support ssh

http://www.bshellz.net/ GNU tools, gcc, g++, make,Perl, Tcl, Python, Ruby, Bash Subversion Irssi ,ademas :(FiSH, OTR, SILC, XMPP),finch / pidgin,centerim,ekg,BitchX,Bitlbee server (MSN, ICQ, YAHOO, etc...),Jabber y otras cosas mas 50MB Debian,lo malo es que cada semana debes estar recordando que estas vivo para que tu cuenta no se borre a la semana."The very bad is that you remember one week for the account dont delete of servers how go to the irc.freenode.org #bshellz and type !keep"

Espero les sirva la informacion,estas son las que e usado , conoces otras ?
Digg it StumbleUpon del.icio.us

1/07/2011 Unix, Linux, and BSD: Command Line Cheat Sheet

The following command line cheat sheet for Unix, Linux, and BSD systems is from my new book Introduction to the Command Line (available now a Amazon.com).

Help Commands

man - Online manual
whatis - Displays manual descriptions

File and Directory Commands

ls - Lists directory contents
pwd - Prints the current directory
cd - Change directories
mv - Move files
cp - Copy files
rm - Delete files
mkdir - Create directories
rmdir - Remove directories
find - Search for files (slow)
locate - Search for files (faster)
whereis - Display binary file location
which - Display binary file location
file - Display file type
size - Display file size
stat - Display file statistics
fuser - Identify open files
touch - Update file timestamps
lsof - List open files
cksum - Calculate checksum
md5sum - Calculate md5sum
ln - Create a link
alias - Display/edit command aliases
gzip - Compress files
gunzip - Uncompress files
shred - Securely delete files
head - Display the head of a file
tail - Display the tail of a file
tee - Display and redirect output
sort - Sort input files/streams
grep - Display matching results
tree - Display directory tree
more - Display files one page at a time
less - Display files one page at a time
wc - Count words/lines/letters
cat - Display files
zcat - Display compressed files
diff - Show differences between files
strings - Display printable characters
sed - Text editing utility
awk - Text processing utility
dos2unix - Convert DOS files to Unix
unix2dos - Convert Unix files to DOS

Editors

nano - Simple text editor
vi - Advanced text editor
emacs - Ultimate text editor

Other Utilities

clear - Clear terminal screen
date - Display the date
cal - Display a calendar
watch - Monitor a command
env - Display environment variables
history - Display command history
logout - Logout of the shell
exit - Exit the shell

Users and Groups

su - Switch user
sudo - Run a program as another user
id - Display user identity
ulimit - Display user limits
who - Display who is logged in
w - Display what users are doing
users - Display active user accounts
last - Display last user logins
lastlog - Display all user’s last login
wall - Send a message to all users
whoami - Display current user id
finger - Display information about a user
chown - Change file/directory ownership
chgrp - Change file/directory group
chmod - Change file/directory permissions
umask - Display or set umask settings
passwd - Set/change password
useradd - Create user accounts
userdel - Delete user accounts
usermod - Modify user accounts
groupadd - Create group accounts
groupdel - Delete group accounts
groupmod - Modify group accounts

Process Control

ps - Display running processes
pgrep - Search for running processes
pidof - Search for PID by name
pstree - Displays process in tree view
kill - Terminate a process by PID
killall - Terminal a process by name
nice - Run a program with a modified priority
renice - Adjust a program's priority
nohup - Run a program immune to hang-ups
& - Run a program in the background
bg - Move a job to the background
jobs - Display running jobs
fg - Move a job to the foreground

Startup and Shutdown

shutdown - Shutdown the computer
poweroff - Poweroff the computer
halt - Halt the computer
runlevel - Display the current runlevel
telinit - Change runlevel
service - Stop and stop services
sysv-rc-conf - Runlevel configuration editor
update-rc.d - Debian runlevel editor
chkconfig - Red Hat runlevel editor
rc-update - Gentoo runlevel editor
rc-status - Gentoo service monitor

Networking Commands

hostname - Display the system hostname
domainname - Display the system domain
ifconfig - Manage network interfaces
ifup - Start network interfaces
ifdown - Stop network interfaces
iwconfig - Manage wireless interfaces
iwlist - Display wireless information
ethtool - Display network card info
arp - Display the ARP cache
ping - Send ICMP echo requests
traceroute - Trace network paths
tracepath - Trace network paths
nslookup - Query DNS servers
dig - Query DNS servers
host - Query DNS servers
whois - Query the whois database
dhclient - Linux DHCP client
netstat - Display network status
route - Manage network routes
tcpdump - Capture network packets
nmap - Scan remote computers
wavemon - Monitor wireless connections
smbtree - Display SMB servers/shares
nmblookup - Look up NetBIOS information
mount - Mount file systems
showmount - Show mounted file systems
umount - Unmount file systems
ssh - SSH client
telnet - Telnet client
ftp - FTP client
ncftp - Scriptable FTP client
mail - Email client
rsync - Rsync client

Hardware Commands

lspci - List PCI devices
pcidump - List PCI devices
lsusb - List USB devices
lshw - List hardware devices
lspcmcia - List PCMCIA devices
lshal - Display all system hardware
hdparm - Configure hard drives
eject - Eject removable media

Scheduling

batch - Run processes when the CPU is free
at - Run processes at a specific time
atq - Display the at queue
atrm - Remove jobs from the at queue
crontab - Display/edit cron jobs

File System Commands

fdisk - Partition editor
parted - Partition editor
mkfs - Create file systems
fsck - Check file systems
mkswap - Create swap space
swapon - Activate swap space
swapoff - Deactivate swap space
sync - Flush disk cache

Backup Commands

tar - Archive utility
dd - File copy utility
dump - Incremental backup utility
restore - Restore dump backups
mt - Tape device utility
cpio - Archive utility

Monitoring Commands

top - Performance monitor
mpstat - Performance monitor
vmstat - Virtual memory monitor
iostat - I/O performance monitor
nfsstat - NFS performance monitor
free - Display memory usage
df - Display disk usage
du - Display disk usage
uname - Display system information
uptime - Display system uptime
lsmod - List kernel modules
modinfo - Display module information
dmesg - Display kernel messages
strace - System trace debugger
ltrace -Library trace debugger
ipcs - IPC monitor
sysctl - Configure kernel parameters

Printing Commands

lp - Print files
lpstat - Display printer status
lpq - Display print queue
lprm - Remove print jobs
cancel - Cancel print jobs
enable - Enable a printer
disable - Disable a printer

Software Commands

dpkg - Debian package manager
apt-get - Debian package utility
rpm - Red Hat package manager
yum - Red Hat package utility
emerge - Gentoo package utility
pkg_add - BSD installation utility
pkg_delete - BSD uninstallation utility
make - Compile software from source
Digg it StumbleUpon del.icio.us