Cатсн²² (in)sесuяitу / ChrisJohnRiley

tl;dr : I’m searching for your suggestions for the unsung heroes of security tools (not the usual things we talk about every day). Please send your entries via the form HERE… there will be a random prize for people taking part.

Have you ever stumbled on a tool and wondered “Why didn’t I know this existed!” or “If only I’d had this last week on that test”… if you’re anything like me then it happens all to often. As an industry we have more ideas, methods and tiny tools/scripts than we know what to do with. Every time a conference rolls around (which is almost daily now it seems - Is the answer more InfoSec Conferences?) people are eager to pimp their wares (I’m no different), and sometimes it’s needed to show proof of concept, new technique or something else equally mind-blowing. Some (and only some) of those new techniques, methods, attacks, … will make the jump from niche tool into a framework (such as Metasploit or nmap). Some others will live on in individual tools/scripts. Projects like Backtrack Linux try to gather the most well-known of these tools into a central distribution, but inevitably there’s always the one or two real gems that fall between the gaps. You can’t cram everything into any single framework or distribution, otherwise it becomes unusable.

So where does that leave us? It’s leaves us with Google (or Bing, if you’re really hard up) as the only hope for finding those niche solutions for testing that funky web app that you didn’t even know would run on AIX 5.2.

Previously some very nice people have gone out of their way to document and bring these niche tools together, lest they be lost to the annuls of time. A few years back @mubix took the time to catalogue the tools released at just one conference. The Defcon Tools page shows the tools that could be catalogued after the Defcon 18 conference. That’s a lot of tools for a 3 day period! No wonder we skip over some of the ones we should be paying attention to… and there I finally get to the point of this blog post.

I’m attempting to (and I say attempting, as it relies on you the readers to help out) gather suggestions for your “unsung hero” of the tools world. As we work in Infosec I’m looking specifically to gather a list of tools that aren’t on ever penetration tester, or forensic investigators list, but that you have respect for. We all love Metasploit, nmap and the other popular tools voted for on the SecTool TOP 125 list. However I’m looking for something a bit different here, something off the beat and track.

So, if you’ve got a favourite tool (or 2) that you think are your unsung heroes, I want to hear about it. Don’t wait, don’t even think… you’ve got one in mind right now… just fill in that form and click submit!

Oh, did I forget to mention! I’ll be doing a random draw of 1 of the entries and sending you a book. Not sure what just yet, but I’m sure you’ll like it You’ve gotta be in it to win it!

Please share this link with your friends, work colleagues, drinking buddies, or hobos… the more the merrier!

Short link –> http://c22.cc/heroes

* Why do I request your email address… simple, at some point (if this goes to plan) there will be a vote. I’m happy to email out links to the vote as and when… then again, if you don’t want to give me your email address, that’s fine too. Not like I’m gonna sell it