Security Resources. 
* Packet Storm <http://packetstormsecurity.org/>. Packet Storm Security, a huge collection of software, exploit code, and docs. 
* SecurityFocus <http://www.securityfocus.com/>. SecurityFocus web site (the bugtraq, vuln-dev, and pen-test home). 
* SecurityDocs <http://www.securitydocs.com/>. Directory of Security White Papers, an impressive web repository about security. 
* CVE Project <http://cve.mitre.org/>. The Dictionary of Common Vulnerabilities and Exposures at Mitre. 
* Security Tracker <http://www.securitytracker.com/>. Keep track of the latest vulnerabilities with this free on-line service. 
* OSVDB <http://www.osvdb.org/>. An independent and open-source vulnerability database created by and for the community. 
* Full-Disclosure <http://lists.netsys.com/mailman/listinfo/full-disclosure>. A non-moderated full-disclosure mailing list, for discussion of security issues. 
* Darklab <http://www.darklab.org/>. The intelligence organization of Phenoelit, with an interesting mailing list. 
* Sikurezza.org <http://www.sikurezza.org/>. The first italian mailing list for discussion on computer security, since year 1999. 
* TH-List <http://ecompute.org/th-list/>. This is the official homepage of the Trojan Horses Research mailing list. 
* OWASP <http://www.owasp.org/>. The Open Web Application Security Project. Useful information on application security. 
* Sarca Project <http://sarcaprj.wayreth.eu.org/>. Sarca Rainbow Tables, instant Windows password cracker web interface. 
* Known Goods <http://www.knowngoods.org/>. Big database of checksums, useful for verification of system binaries. 
* Honeynet <http://www.honeynet.org/>. Honeynet Project: a non-profit research organization dedicated to information security. 
* NSRC <http://www.nsrc.org/security/index.html>. Network Startup Resource Center, securing network services and infrastructure. 
* Security Metrics <http://csrc.nist.gov/csspab/june13-15/sec-metrics.html>. The official NIST Security Metrics Workshop homepage. 
* Login Banners <http://ciac.llnl.gov/ciac/bulletins/j-043.shtml>. Detailed guidelines about creating login banners for sensitive computers. 
* SANS <http://www.sans.org/>. Computer security education and information security training. 
* Technical Info <http://www.technicalinfo.net/>. Really interesting computer security papers, tools, and publications. 
* Googledorks <http://johnny.ihackstuff.com/index.php?module=prodreviews>. Noun 1. Slang. An inept or foolish person as revealed by Google. Don't miss it. 
* DOTU <http://www.boerland.com/dotu/>. Project DOTU, undocumented Cisco IOS commands reference. 
* Malware <http://www.malware.com/>. Malicious software: in-depth information about client applications security flaws. 
* Pete Finnigan <http://www.petefinnigan.com/tools.htm>. Oracle and Oracle security information and free tools/scripts. 
* Security.org <http://www.security.org>. Extensive information on the evaluation of physical security systems. 
Security Research. 
* Phrack Archives <http://www.phrack.org/>. Phrack, the hacker magazine by the community, for the community. 
* AT&T labs <http://www.research.att.com/>. AT&T research labs homepage: lots of interesting projects. 
* LSD <http://lsd-pl.net/>. LSD-PLaNET, the Last Stage of Delirium research group homepage. 
* TESO <http://team-teso.net/>. Homepage of the TESO security group: releases, advisories, articles, and projects. 
* THC <http://www.thc.org/>. The Hacker's Choice official web site: software, papers, and much more. 
* Xfocus <http://www.xfocus.org/>. Home of the Xfocus team: documents, programs, exploits, advisories, and forums. 
* w00w00 <http://www.w00w00.org/>. The official homepage of the w00w00 non-profit security research group. 
* Phenoelit <http://www.phenoelit.de/>. Welcome to Phenoelit, the land of packets, brute force, and misuse of trust. 
* S0ftpj <http://www.s0ftpj.org/>. The official web site of my friends at S0ftpr0ject (and home of the BFi e-zine). 
* The Broken <http://www.thebroken.org/>. This is a hacking videozine, a very interesting/artistic project. 
* Lcamtuf <http://lcamtuf.coredump.cx/>. Michal Zalewski (lcamtuf) homepage: very interesting research projects. 
* Solar Eclipse <http://www.phreedom.org/solar/>. Solar's homepage: black hat exploits, documents, and programs. 
* Cr.yp.to <http://cr.yp.to/>. D. J. Bernstein's homepage (qmail, djbdns, daemontools, ucspi-tcp, and crypto). 
* Index of /~silvio <http://www.big.net.au/~silvio/>. Silvio Cesare's homepage, about UNIX viruses and more. 
* Guninski <http://www.guninski.com/>. Georgi Guninski security research homepage: papers, advisories, and exploits. 
* P. Gutmann <http://www.cs.auckland.ac.nz/~pgut001/>. Peter Gutmann's homepage, research from a professional paranoid. 
* M. Kuhn <http://www.cl.cam.ac.uk/~mgk25/>. Markus Kuhn's homepage (computer security, hardware security, and more). 
* P. Biondi <http://www.cartel-securite.fr/pbiondi/>. Philippe Biondi's homepage, some interesting documents, program, and hacks. 
* L. Spitzner <http://www.spitzner.net/>. Lance Spitzner's whitepapers, about honeypots, hardening, and firewalls. 
* JWA <http://www.jammed.com/~jwa/>. An interesting homepage with some old but useful UNIX security tools. 
* Antirez <http://www.kyuzz.org/antirez/>. Salvatore Sanfilippo's homepage (home of hping TCP/IP auditing software). 
* Awgn <http://awgn.antifork.org/>. Bonelli Nicola aka awgn (additive white gaussian noise) homepage. 
* NMRC <http://www.nmrc.org/>. Nomad Mobile Research Centre, the Novell Netware bible and more. 
* X.25 zine <http://www.x25zine.org/>. Russian X.25 zine, interesting (and almost up-to-date) reading. 
* 9x <http://9x.tc/>. 9x security group homepage. Interesting old school information. 
* Hybrid <http://hybrid.dtmf.org/>. Hybrid homepage, useful hacking, phreaking, and old school information. 
* Vorper7 <http://www.mindrape.org/vorper7/>. Home of Doberman Propulsion Laboratories, X.25 and old school stuff. 
Security Technologies. 
* OpenBSD PF <http://www.benzedrine.cx/pf.html>. The new OpenBSD Packet Filter official homepage. 
* IP Filter <http://coombs.anu.edu.au/~avalon/>. IP Filter, stateful TCP/IP Firewall/NAT Software for UNIX systems. 
* VPN HOWTO <http://vpn.shmoo.com/>. VPN implementation details for a large variety of environments. 
* IKE + X.509 <http://hem.passagen.se/hojg/isakmpd/>. How to use X.509v3 certificates for authentication with isakmpd. 
* VPN Hacking <http://www.etla.net/~willey/projects/vpn/>. Useful compendium of VPN resources for the *BSD environment. 
* IPSec HOWTO <http://www.rommel.stw.uni-erlangen.de/~hshoexer/ipsec-howto/HOWTO.html>. How to setup IPSec interoperable for Linux, OpenBSD and PGPNet. 
* Windows VPN <http://vpn.ebootis.de/>. Using Windows 2000/XP as a VPN client for Linux FreeS/WAN. 
* Snort NIDS <http://www.snort.org/>. Snort, the open-source Network Intrusion Detection System. 
* L7 Filter <http://l7-filter.sourceforge.net/>. Homepage of the Application Layer Packet Classifier kernel patch for Linux. 
* Insecure <http://www.insecure.org/>. Nmap free stealth network port scanner, tools, and hacking by Fyodor. 
* Openwall <http://www.openwall.com/>. Information Security software for open environments, by Solar Designer. 
* Papillon <http://www.roqe.org/papillon/>. Security module for Solaris 8 and 9, inspired by Openwall and HAP patches. 
* Systrace <http://www.systrace.org/>. Systrace Policy Generation, the main systrace resource on the Internet. 
* Djohn <http://ktulu.com.ar/en/djohn.php>. Distributed John can crack passwords using John the Ripper on several machines. 
* SELinux <http://www.nsa.gov/selinux/>. Security-Enhanced Linux, Mandatory Access Control (MAC) from NSA. 
* SPIKE <http://www.immunitysec.com/spike.html>. Immunity's network protocol analysis and reverse engineering suite. 
* CHAOS <http://itsecurity.mq.edu.au/chaos/>. A Linux and openMosix cluster distribution: the supercomputer for your wallet. 
* Airtools <http://www.dachb0den.com/projects/bsd-airtools.html>. BSD-Airtools, a suite of programs for wlan auditing, from dachb0den labs. 
* Kismet <http://www.kismetwireless.net/>. Kismet wireless sniffer, one of the best 802.11b auditing tools. 
* 802.11ninja <http://802.11ninja.net/>. Another 802.11 wlan resource (home of airjack slides/code). 
* 802.11 Security <http://www.drizzle.com/~aboba/IEEE/>. The unofficial IEEE 802.11 security web page. A good start place. 
* Securing 802.11 <http://www.klake.org/~jt/tips/80211.html>. Securing 802.11 with OpenBSD, an interesting wlan security resource. 
* WEP FAQ <http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html>. (In)Security of the WEP (Wireless Equivalent Privacy) algorithm. 
Crypto and Privacy. 
* Cryptome <http://cryptome.org/>. Cryptography and Digital Privacy: the best resource on the Internet. 
* Cartome <http://cartome.org/>. Spatial and geographic documents on privacy, cryptography, and intelligence. 
* IACR <http://www.iacr.org/>. International Association for Cryptologic Research official web site. 
* Cypherpunks <http://www.csua.berkeley.edu/cypherpunks/>. Cypherpunks archive at soda.berkeley.edu: PGP, remailers, rants, and tools. 
* Cipherwar <http://www.cipherwar.com/>. Cipherwar information warfare news web site. Interesting stuff. 
* Crypto <http://www.crypto.com/>. Matt Blaze's cryptography resource on the web: very interesting papers. 
* Riot.EU.org <http://riot.eu.org/>. Riot anonymous remailer and pseudonymous service. 
* Rubberhose <http://www.rubberhose.org/>. A cryptographically deniable transparent encryption system for Linux 2.2. 
* PGP Home Site <http://www.pgpi.com/>. Pretty Good Privacy (PGP) international homepage. 
* GNUPG <http://www.gnupg.org/>. The GNU Privacy Guard (a free OpenPGP implementation). 
* B. Jenkins <http://www.burtleburtle.net/bob/index.html>. Bob Jenkin's web site, about math and crypto. Very interesting stuff. 
* Spylife <http://www.spylife.com/>. Spy equipment: cameras, encryption systems, night vision scopes, and more. 
* Spyworld <http://www.spyworld.com/>. Another spy and surveillance equipment site: a very rich catalog. 
Coding. 
* IOCCC <http://www.ioccc.org/>. The International Obfuscated C Code Contest homepage. Voodoo magic. 
* Perlmonks <http://www.perlmonks.org/>. Perlmonks homepage: remember that Perl is a religion and check out Perl Poetry. 
* Secure Programming <http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO.html>. Secure Programming for Linux and UNIX HOWTO (HTML version). 
* Insecure Programming <http://community.core-sdi.com/~gera/InsecureProgramming/>. A nice collection of insecure code for didactical purposes, by gera. 
* MetaSploit <http://www.metasploit.com/>. Win32 shellcode, Perl exploit library (Pex), opcode/jmp/function address search engine. 
* Juliano <http://community.corest.com/~juliano/>. A good collection of security-related documents, mostly about exploitation techniques. 
* 0xbadc0ded <http://0xbadc0ded.org/>. Security research group: advisories, exploits, code, and interesting challenges. 
* Intel 80386 <http://www.online.ee/~andre/i80386/>. Intel 80386 Programmer's Reference 1986 (complete instruction set). 
* Linux ASM <http://linuxassembly.org/>. Information on assembly programming under UNIX-like operating systems. 
* Int 80h <http://www.int80h.org/>. Extensive information about Assembly language in the UNIX environment. 
* NOP list <http://cansecwest.com/noplist-v1-1.txt>. Canonical list of NOP Equivalent opcodes for shellcodes, used by snort:spp_fnord.c. 
* Reversing.net <http://www.reversing.net/board/>. Very interesting forum (in russian!) for the discussion of reversing-related topics. 
* RACL <http://racl.oltrelinux.com/>. Reversing and Assembly Coding for Linux, italian Linux ASM resource. 
* ELF documentation <http://www.muppetlabs.com/~breadbox/software/ELF.txt>. Executable and Linkable Format specification (ASCII version). 
* GDB <http://www.gnu.org/software/gdb/gdb.html>. GNU debugger, allows you to see what is going on inside another program while it executes. 
* Ctags <http://ctags.sourceforge.net/>. Exuberant ctags, an useful multi-language implementation of ctags. 
* Cscope <http://cscope.sourceforge.net/>. Another tool for browsing source code, developed at Bell Labs and now open-sourced. 
* Valgrind <http://valgrind.kde.org/>. An interesting open-source memory debugger for x86-GNU/Linux. 
* The Dude <http://the-dude.sourceforge.net/>. A debugger which resides in kernel memory and provides an alternative to ptrace(2). 
* Bastard <http://bastard.sourceforge.net/>. A disassembler -- or, more appropriately, a disassembly environment. 
* Boomerang <http://boomerang.sourceforge.net/>. An attempt at a general, open-source, retargetable decompiler of binary files. 
* IDA Pro <http://www.datarescue.com/idabase/>. A multi-processor, Windows hosted disassembler and debugger. 
* Testdrive <http://www.testdrive.compaq.com/>. Hewlett-Packard Test Drive: try the latest technologies over the Internet. 
* CC65 <http://www.cc65.org/>. CC65 is a freeware C compiler for 6502 based systems (Commodore, Apple, Atari). 
* QCL <http://tph.tuwien.ac.at/~oemer/qcl.html>. Quantum Computation Language, a programming language for quantum computers. 
* Brainfuck <http://www.muppetlabs.com/~breadbox/bf/>. Brainfuck is an 8-instruction Turing-complete programming language. 
* TLK <http://en.tldp.org/LDP/tlk/tlk-toc.html>. The Linux Kernel, a very well-written document about Linux internals. 
Misc. 
* The BOFH <http://www.iinet.net.au/~bofh/>. The original Bastard Operator From Hell complete, by Simon Travaglia. 
* The Register <http://www.theregister.co.uk/content/30/index.html>. Biting the hand that feds IT, another juicy BOFH resource. 
* The Jargon File <http://www.jargon.org/>. The Jargon File homepage, mantained by Eric S. Raymond. 
* UNIX-Haters <http://www.mindspring.com/~blackhart/>. UNIX-Haters mailing list and handbook official homepage. 
* RFC Editor <http://www.rfc-editor.org/>. RFC (Request For Comments) Editor homepage. The official RFC repository. 
* Rotten <http://www.rotten.com/>. ROTTEN DOT COM: when hell is full, the dead will walk on the earth. 
* BME <http://www.bme.freeq.com/>. Body Modification E-zine, the biggest and best online bod-mod site since 1994. 
* Info Anarchy <http://www.infoanarchy.org/>. Which future do you want to live in? Interesting news for freedom-supporters. 
* Suicide Girls <http://suicidegirls.com/>. Pin-up punk rock and goth girls: pictures, journals, and videos. 
* Philosomatika <http://www.philosomatika.net/>. 100% goa and psychedelic trance mp3 stream (broadband needed). 
* Chaos@UMD <http://www-chaos.umd.edu/>. A very interesting homepage about Chaos Theory at Maryland University. 
* Fuzzy logic FAQ <http://www-2.cs.cmu.edu/Groups/AI/html/faqs/ai/fuzzy/part1/faq.html>. Frequently Asked Questions on fuzzy logic and expert systems. 
* Deathrow <http://deathrow.vistech.net/>. Beave's OpenVMS cluster (DAHMER, MANSON, and RAMIREZ). 
* Textfiles <http://www.textfiles.com/>. A glimpse into the history of writers and artists bound by ASCII's 128 chars. 
* Fucked Company <http://www.fuckedcompany.com/>. Official lubricant of the new economy: rumors and interesting information. 
* ASCII pr0n <http://www.asciipr0n.com/pr0n/>. ASCII pr0n archive, for real last stage maniacs only. 
* Hack Furby <http://www.homestead.com/hackfurby/>. Interesting site devoted to investigating the geek-appeal of the Furby toy. 
* (C)DNE <http://home.c2i.net/nirgendwo/cdne/mainindex.htm>. Copyright Does Not Exist, a remarkable book written by Linus Walleij. 
* TCP/IP drinking <http://www.nmt.edu/~val/tcpip.html>. The homepage of the (in)famous TCP/IP drinking game. Try this at home. 
* CHSP <http://simh.trailing-edge.com/>. The Computer History Simulation Project (the SIMH homepage). 
* Internet Archive <http://www.archive.org/>. The Internet Wayback Machine, universal access to human knowledge. 
* Asterisk <http://www.asterisk.org/>. An open-source Linux-based PBX (Private Branch eXchange). 
* MUSCLE Project <http://www.linuxnet.com/info.html>. Movement for the Use of Smart Cards in a Linux Environment. 
* OpenVMS Documentation <http://h71000.www7.hp.com/doc/>. Official OpenVMS Documentation Pages. 
Local Stuff. 
* Linux Penguin <stuff/linux_penguin.html>. A cool HTML Linux Penguin (257 x 303 @ 250 colors). 
* RTFM <stuff/rtfm.gif>. Hey, you! Don't ask stupid questions, always Read The Fucking Manual. 
* Utah Bengaled Raptor <stuff/raptor.jpg>. An 8 foot tall, 1 ton wooden monster, created by Matt Kron <http://www.kroncompany.com/>. 
* 0xdefaced <stuff/defaced.html>. 0xdeadbeef dot info defacement hoax for April Fool's Day 2004.