DNR's Suggested Readings

lonewolf · Post by **lonewolf** » 20 Dec 2010, 22:39

Man DNR that is a lot of information I take it you have been collecting it for a little while.

Broken Angel · Post by **Broken Angel** » 20 Dec 2010, 22:59

$\:D/$ Well.... will take me ages to read and then understand and then might as well apply some of it somewhere

but then this is the best of the best... fanks sire...! m honoured to be with u guys...

Post by **DNR** » 21 Dec 2010, 18:00

I don't expect everyone to understand some of the topics now, but at least the Suck-o Archive will protect it from being removed from the internet. A lot of it is the truth, what they don't want you to know. Several of these documents were taken down or redacted in the 'interest of public safety and national security'. You should have a right to know the truth, and make your own safety choices.

I have more stuff on memory sticks, I know someday they will make a wiki-leak of sorts themselves, - you can count on finding them here someday.

@cashier - my man from China!

DNR

lonewolf · Post by **lonewolf** » 21 Dec 2010, 23:02

DNR wrote:I don't expect everyone to understand some of the topics now, but at least the Suck-o Archive will protect it from being removed from the internet. A lot of it is the truth, what they don't want you to know. Several of these documents were taken down or redacted in the 'interest of public safety and national security'. You should have a right to know the truth, and make your own safety choices.

I have more stuff on memory sticks, I know someday they will make a wiki-leak of sorts themselves, - you can count on finding them here someday.

@cashier - my man from China!

DNR

I agree with you, I have noticed just in the past couple of years information that was widely available is now becoming hard to find.

Thanks again for the information.

Post by **DNR** » 22 Dec 2010, 09:00

The United States Army’s
Concept of Operations
LandWarNet 2015 3.59mb 76pgs
http://digitalnomad.suck-o.net/DNR/red/ ... warnet.pdf" onclick="window.open(this.href);return false;

US Army Concept Capability Plan for Unit Protection
for the Modular Force 2012-2024 116pgs -
http://digitalnomad.suck-o.net/DNR/red/p525-7-1.pdf" onclick="window.open(this.href);return false;

NET-CENTRIC OPERATIONAL
ENVIRONMENT
JOINT INTEGRATING CONCEPT
Version 1.0
31 OCTOBER 2005
JOINT STAFF 1.1mb 144pgs
http://digitalnomad.suck-o.net/DNR/red/ ... ic_jic.pdf" onclick="window.open(this.href);return false;

Post by **DNR** » 08 Jan 2011, 01:00

Insertion, Evasion, Denial of Service:
Eluding Network Intrusion DetectionPtacek Newsham 1998 63pgs

http://digitalnomad.suck-o.net/DNR/red/ ... sham98.pdf" onclick="window.open(this.href);return false;

Post by **DNR** » 16 Jan 2011, 14:49

Control Systems Security Assestments2008 Automation Summit
Power Point (on PDF)
Presenters: Marty Edwards
Idaho National Laboratory (read on Suxnet Story to see link between INL and ICS security- DNR)
Todd Stauffer
Siemens
ID#: 2481
Title: Control System
Security Assessments 62 pages 6.7mb
http://digitalnomad.suck-o.net/DNR/red/NSTB.pdf" onclick="window.open(this.href);return false;

GUIDE TO INDUSTRIAL CONTROL SYSTEMS (ICS) SECURITY156 pgs 2.2mb
http://digitalnomad.suck-o.net/DNR/red/sp800-82-fpd.pdf" onclick="window.open(this.href);return false;

Post by **DNR** » 27 Jan 2011, 21:10

Malicious USB Devices
Adrian Crenshaw Presented at Shmoocon 2011 41pgs >1mb
http://digitalnomad.suck-o.net/DNR/red/ ... evices.pdf" onclick="window.open(this.href);return false;

Post by **DNR** » 24 Feb 2011, 16:50

STUXNET Raw Data and Notes
"Attached is the raw data and notes for stuxnet. There is a great deal of data in a Responder project file as well, ... In the raw notes I think you will find the
timeline interesting. The encryption routines might be new information but I'm not sure. Martin told me that one of the rootkits had a project-name of 'guava' if I remember correctly, he didn't write that down in the notes. Some other things
I learned that aren't written in the notes - the thing has robust RPC wrapping for all the functions - we reversed about 3/4ths of the Command/Control functions, these are called via RPC and spawned as a separate process before being called. The things has very robust exception handling around everything (overkill, you might say). We have found that it trojans one of the DLL's included in the step-7 controller package - it wraps this and redirects a bunch of calls that are made through this DLL. .. As for
attribution, everything looks like it was developed on an English version of the dev studio platform."

7.11mb zipped
http://digitalnomad.suck-o.net/DNR/red/ ... et-Raw.zip" onclick="window.open(this.href);return false;
Make sure to view the stuxnet.docx - start here.

UPDATE:
Twelve Norton AV quick scans during the period failed to spot the intruder; a full scan on 28 February 2011 found it inside a HBGary Zipped file which was inside a Cryptome Zipped file. No other of the 33 HBGary files posted to Cryptome have been reported by Norton AV as a risk -- so far. Some intruders are designed to remain out of sight until a particular time or circumstance, or never revealed, quietly doing their job like Stuxnet and its kin in malware, copyright policing, cyberspying and cyberwar, all HBGary and its kin specialization in trickery.

While the warning may be due to the illicit characteristics of Stuxnet, there has been speculation that HBGary salted its files with hidden bait and markers for tracking thieves and invaders. The "Stuxnet" in this file may be bait for a trap or a phony virus-warning generator to scare off transgressors. HBGary researched, designed and deployed bait to test security risks as well as covertly installed security breachers using common deception techniques such as giving files popular names. HBGary emails describe measures taken when examining illicit programs on isolated machines with tools designed to avoid contamination, knowing that invaders themselves often set bait for outsmarting and entrapping researchers. "

DNR

Post by **DNR** » 03 Apr 2011, 00:19

The Fukushima Daiichi Incident – Dr. Matthias Braun - 01 April 2011 - 33pgs

http://digitalnomad.suck-o.net/DNR/red/ ... -areva.zip" onclick="window.open(this.href);return false;

Post by **maboroshi** » 04 Apr 2011, 10:19

DNR wrote:The Fukushima Daiichi Incident – Dr. Matthias Braun - 01 April 2011 - 33pgs

http://digitalnomad.suck-o.net/DNR/red/ ... -areva.zip;" onclick="window.open(this.href);return false;

Nice one DNR

Post by **DNR** » 11 Apr 2011, 17:32

Darknets and hidden servers: Identifying the true IP/network identity of I2P service hosts 23 pgs Adrian Crenshaw
http://digitalnomad.suck-o.net/DNR/red/ ... psites.pdf" onclick="window.open(this.href);return false;

"Many services can be hosted inside of the I2P overlay network (IRC, Bittorent, eDonkey, Email, etc.), and the I2P team has provided an API for creating new applications that ride on top of the I2P overlay network. As the developers note on their page, many standard Internet applications are not designed with anonymity in mind, so caution should be taken when adapting an existing application to run on top of I2P."
"Many I2P services are hosted on nodes/routers that also act as the owner’s client node so client based attacks may also be fruitful in revealing their identity. People regularly make mistakes in how they configure web servers and applications that cause too much information to be leaked out to an attacker, information that can make finding a workable vulnerability much easier."
"I2P automatically changes the browser agent string when an HTTP tunnel is used to “User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.6)” for outproxy, and “MYOB/6.66 (AN/ON)” for internal I2P sites. This makes putting an XSS attack in the logs of an eepSite, and hoping to get information back when the administrator checks them via an HTML based report close to nil. Many HTTP headers are filtered or normalized by I2P"

and see - Zed Attack Proxy http://www.owasp.org/index.php/OWASP_Ze ... xy_Project" onclick="window.open(this.href);return false;

DNR

Post by **DNR** » 10 May 2011, 06:24

FBI Tracking Device Teardown
http://digitalnomad.suck-o.net/DNR/red/fbi-tracking.pdf" onclick="window.open(this.href);return false;

Own a Cop Car
Hacking audio and video, comms on LEO vehicles (third party device and service)
http://digitalnomad.suck-o.net/DNR/red/OwningCopCar.pdf" onclick="window.open(this.href);return false;

Post by **DNR** » 26 May 2011, 20:45

UAV Company Operations 74pgs
http://digitalnomad.suck-o.net/DNR/red/ ... arines.pdf" onclick="window.open(this.href);return false;

UAV Swarm Mission Planning and Routing using Multi-Objective Evolutionary Algorithms 11pgs
http://digitalnomad.suck-o.net/DNR/red/ ... rithms.pdf" onclick="window.open(this.href);return false;

Applications for mini VTOL UAV for law enforcement 9pgs
http://digitalnomad.suck-o.net/DNR/red/ ... cement.pdf" onclick="window.open(this.href);return false;

IT 0606 US Army Interrogation Operations 80pgs
http://digitalnomad.suck-o.net/DNR/red/ ... ations.pdf" onclick="window.open(this.href);return false;

X26E TASER Electro-Muscular Disruptor Manual 135pgs with illustrations
http://digitalnomad.suck-o.net/DNR/red/ ... 62805a.pdf" onclick="window.open(this.href);return false;

enjoy
DNR

Post by **DNR** » 26 May 2011, 21:21

Footprinting and Recon Adrian Crenshaw slideshow PDF 60pgs
http://digitalnomad.suck-o.net/DNR/red/footprinting.pdf" onclick="window.open(this.href);return false;

DNR

suck-o.com

DNR's Suggested Readings

Re: DNR's Suggested Readings

Re: DNR's Suggested Readings

Re: DNR's Suggested Readings

Re: DNR's Suggested Readings

Re: DNR's Suggested Readings

Re: DNR's Suggested Readings

Re: DNR's Suggested Readings

Re: DNR's Suggested Readings

DNR's Suggested Readings

Re: DNR's Suggested Readings

Re: DNR's Suggested Readings

Re: DNR's Suggested Readings

Re: DNR's Suggested Readings

Re: DNR's Suggested Readings

Re: DNR's Suggested Readings