The Web is a dangerous place, and is getting more dangerous as attackers develop increasingly sophisticated techniques to compromise systems.
In this article I have put together a random collection of links that contain useful penetration testing tools and resources for the Windows environment. This list is current as of August 2013, but I’m sure it will quickly change as industry adapts to the ever growing number of attacks.
Running penetration tests is an art form as well as a science. It is a field that is constantly evolving as malware and intrusions grow more sophisticated.
Here I will attempt to put together a collection of useful resources that will help in securing Windows-based systems from viruses and hacking attempts. Naturally this is just a list of tools, so properly securing a system will rely on your skills and expertise.
General Info
For starters, check out this article on the types of viruses out there and how to put together your own anti-virus toolkit to deal with each type. It was written some time ago, but much of the information is still valid. If you are interested in putting together an anti-virus toolkit then you should know that a large part of it is personal preference for tools that suite your style of hunting viruses and that you feel most comfortable using.
WireShark
The first tool that you install should naturally be WireShark. This tool will help you monitor and analyze network traffic. Here is a good tutorial on how to start using WireShark.
The simplest idea behind hunting a virus or intrusion with WireShark is to set up a Network Tap on a machine running WireShark that will monitor traffic from a suspect machine. Check out this Wikipedia article for more details. It’s best not to try running WireShark on the infected system itself since the infection may detect and try to circumvent the tool.
Random Lists of Tools
I found a site that contains a recent List of Windows Tools for Penetration Testing from January 2013. Most Penetration testing tools are Linux based, but this article reviews some useful Windows based tools that can be used to gather useful system information.
Next is a site that hosts hand-coded downloadable freeware tools for Windows security testing. There are some very useful options here like WInfo that you can use to list detailed user account information for machines on your network.
The Network Tools category from freewarefiles.com is always a useful resource for finding freeware utilities.
Finally, SecurityXploded.com offers a large database of freeware utilities for both antivirus and penetration testing. In particular I recommend installing the following collections of tools:
- SX Network Suite: A collection of freeware network utilities
- SX System Suite: A collection of freeware PC utilities that in particular include a downloaded file hash checker, a heuristic-based DLL checker, a Service checker,, and a process checker connected to the VirusTotal online database.
A Short Note About Linux-Based Penetration Testing
I found an interesting Linux-variant called Kali which is specific to Penetration testing.
Kali is based on the BackTrack Linux Penetration testing tool. If you are interested in discussions around Linux penetration testing tools, then the Kali forums are a great resource to check out.
Justin Cooney 