Same for fb. 

keshrakh5...  gm






atabaccess@gmail.com da..0



http://bit.ly/tioccforx1  forex

RECUVA RECOVER DELETED FILES https://www.piriform.com/recuva

military deep scanning url freeware









Open Source Threat Intelligence


Harvest and analyze IOCs.

  • AbuseHelper - An open-source framework for receiving and redistributing abuse feeds and threat intel.
  • AlienVault Open Threat Exchange - Share and collaborate in developing Threat Intelligence.
  • Combine - Tool to gather Threat Intelligence indicators from publicly available sources.
  • Fileintel - Pull intelligence per file hash.
  • Hostintel - Pull intelligence per host.
  • IntelMQ - A tool for CERTs for processing incident data using a message queue.
  • IOC Editor - A free editor for XML IOC files.
  • ioc_writer - Python library for working with OpenIOC objects, from Mandiant.
  • Massive Octo Spice - Previously known as CIF (Collective Intelligence Framework). Aggregates IOCs from various lists. Curated by the CSIRT Gadgets Foundation.
  • MISP - Malware Information Sharing Platform curated by The MISP Project.
  • PassiveTotal - Research, connect, tag and share IPs and domains.
  • PyIOCe - A Python OpenIOC editor.
  • threataggregator - Aggregates security threats from a number of sources, including some of those listed below in other resources.
  • ThreatCrowd - A search engine for threats, with graphical visualization.
  • ThreatTracker - A Python script to monitor and generate alerts based on IOCs indexed by a set of Google Custom Search Engines.
  • TIQ-test - Data visualization and statistical analysis of Threat Intelligence feeds.

Awesome Malware Analysis

Awesome Link Status

A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php.


Other Resources

Threat intelligence and IOC resources.

chrome://flags/  http://www.returnflights.net/  https://logomakr.com/




get.snoopza.com/fdn  http://viraliq.com/most-terrifying-creatures-ever-found/2


do how-to-hck







INDEX-AR  admin/da...0 ; rakhi/deb..; army/hqecfw ; vksingh/rang.. ;

perspectives 4 ind army  admin da..

fb:- isrs..0

WAR COLLEGE admin komb..5820



 atabacc...gmail.com  d...0



ke....    d...20 




CFETR SITE komba...0

fbook  isrs...0

skype mil.int...gmail.com  d...0



  1. G-PLAY==Once you find the "Cellphone Spy App" app, choose "Install" and follow the instructions
  2. mespiy  http://www.hongkiat.com/blog/free-android-spy-apps/

  3.  qrcode  2






SITEINTEL https://news.siteintelgroup.com/tag/24.html




<span class="muted">http://</span>hw.cab/a53nn  




Yahoo Security Notice December 14, 2016


Yahoo has identified data security issues concerning certain Yahoo user accounts. Yahoo has taken steps to secure user accounts and is working closely with law enforcement.

Below are FAQs containing details about these issues and steps users can take to help protect their accounts.

For information about the data security issue the company disclosed on September 22, 2016, click here.


What happened?

Was my account affected by the August 2013 incident?

Was my account affected by the cookie forging activity?

What information was taken in the August 2013 incident?

What is a "hashed" password?

What information was affected by the cookie forging activity?

What is a “cookie”?

Are these incidents related to the data theft that Yahoo announced on September 22, 2016?

I think I received one or more emails about these issue. How do I know that they're really from Yahoo?

What is Yahoo doing to protect my account?

How do I change my password or disable security questions and answers?

Is there anything I can do to protect myself?

What additional steps can I take to protect my information?

Are Tumblr accounts affected?

How can I get help with my account?


http://sendvid.com/4exxhi3g  KNIFE

WISE STAMP MY PAGE LOGIN https://webapp.wisestamp.com/login?r=aHR0cHM6Ly93aXNlaW50cm8uY28vZWRpdG9yP3V0bV9jYW1wYWlnbj1pbnRyb19sYXVuY2gmdXRtX21lZGl1bT1ub3RpZmljYXRpb24mdXRtX3NvdXJjZT1nbWFpbA==



rieas website as book https://www.yumpu.com/en/document/view/28322807/rieas165/5

 ADWARE MALWARE BEST 5 https://www.techsupportall.com/top-best-free-adware-removal-tools/


EXACTSEEK https://store.exactseek.com/featured_listings.html  DO IT!!!TELL KEITH.


Cloudular Network Tasks - Identify, Map & Monitor

Ultrascan have extensive experience with identifying, locating, mapping, monitoring, analysing and predicting perpetrators of cross border fraud, money laundering and the planning, funding, communications and support of terrorism for local or international religious extremists as fast growing component of ideological struggle, as well as geopolitical.

Intelligence professionals that 'task network', determine and eliminate 'valued' targets by integrating OSINT and HACKING with HUMINT and TECHINT into a 'Cloudular Network'.

Not linear but cloudular, which means one asset will lead to others quickly and efficiently as we pull the various threads of information allowing clients to move in many directions at the same time or follow one specific aspect if required.

Five Level Ultrascan

Five level ultrascans are used for the intelligence gathering phase of all security related work and to determine the relationships and real world links

People, Groups of people (social networks)

Companies, Organizations

Web sites, Internet infrastructure such as: Domains, DNS names, Netblocks, IP addresses, Email

Phone, Phrases, Affiliations, Documents and files

But also hidden or confidential information can be revealed;

Family ties, Health status;

Financial networks, Foreign sales, Financial resources;

Media sources, Disgruntled employees, Imminent threats, Homeland plots, Trade craft, Recruiting tactics.

Level one ultrascan

A general first wide search for the entities as given by client, the outcome differs a lot depending on how common the names of entities are.

If the entity is named "john smith" the outcome will be a lot of information containing "john smith" - "john" and "smith"

When the entity is johnsmith@hotmail.com the outcome will be information containing or connected to johnsmith@hotmail.com

With a combination of entities, for example johnsmith@hotmail.com, XYZ company, London, Cairo,  Washington, phone and green energy, the outcome will be information containing or connected to all entities and links between the entities.

Level two ultrascan

The outcome of the first level scan will value the new found entities in relation to the given one, depending on the value new entities can be scanned for deeper connections to determine relationships with the original given entity.

For example, documents with co-signatures, university records, photographs with location and time stamp, logins and passwords of (email) accounts, additional (email) addresses, company websites, twitter accounts, can link to new entities that have connections with the given entities. Even though some entities are removed of the internet or data set, traces can still lead to new entities (evidence).

Level three, four and five include Humint and are focussed on the desired results


Imminent High Profile Terror Attack ! ...... How Do We Know ?


Al Qaeda Communications in days leading up to an attack

Narrative of a genuine 3 months counter-terror operations

The threat of an attack by multiple gunmen on a location packed with civilians remains the second biggest fears of counter terrorism chiefs. The ambition of violent Islamists to stage a Mumbai-style atrocity is undiminished.

Primitive militia holed up in the wilderness or jungle

Terror attacks are often portrayed as an incident with little preparations or coordination, the image of the Islamist group as a primitive militia, disenfranchised, marginalized, and estranged from society, holed up in the wilderness,  jungle or backstreets of the cosmopolitan cities. Dreaming about the mission and vision but lacking the capabilities and skills to plan attacks that fulfil the demands of a strategy and military doctrine.

Or professionals executing international plot

Only when more attackers seem to be able to cause carnage that claims the attention of international media for days in a row and murder people in plain sight. Only then one starts to wonder about the level and coordinated planning those attacks have, and if such scale of preparation  can be detected and/or prevented.

Al Qaeda "The Base",  detected but never eradicated

Al Qaeda "The Base", as in connections that go back to the 90’s and developed into the past decade. Informal relationships and human networks, one of the most important of which was formed around bin Laden in the 1980s and 1990s.

Counter terrorism operations launched after 9/11 show that detection takes an immense investment in Techint and deep cycle undercover operations. Traditional mechanics of terror groups proved no longer effective due to the advanced monitoring possibilities of the intelligence services (NSA, Echelon) and widely infiltrated Mosques. The operations were quite successful but did not go unnoticed, forcing “The Base” to change methods, minimize their use of infrastructure and move their leadership from Europe to less technologically advanced countries, thus staying under the radar of government agencies.

Al Qaeda "The Base" is “seen as” currently led by Ayman al Zawahiri and was never eradicated because the WOT actually was the WOTF "War On Terror Figureheads" with a focus on thought leaders like Usama bin Laden and the AfPak region. Allowing unhindered growth of the international funding and support network.

Complexity of cross continent high profile attacks by Al Qaeda Affiliates

Anti money laundering investigations (Ultrascan-AGI, 2007-2013) links, the initial funding to the support for more complex cross continent attacks by Al Qaeda's  affiliates. The new (re-) acquired organisations like LeT, Al Shabab , Al Nusra, Boko Haram, ISIS and groups that have not yet (re-) captured the eye of the global media today. For example the Mumbai attacks ending at the Taj Mahal hotel, the UN building in Abuja, the US embassy in Benghazi and the Westgate shopping mall in Nairobi.

The complexity is then defined by (preparatory and coordinating) acts abroad, participation by foreigners and professional knowledge of security measures at the target.

What does that look like .... let’s have a view to a kill and map the international communications in the days leading up to such a high profile terror attack.

Narrative of a genuine 3 months counter-terror operation

The information listed is declassified (for now). Merely an anonymized example of transnational criminal  cooperation and coordination for a high profile terror attack. Every year there are hundreds of similar cases where threats are disrupted by the Intelligence Services and Counter Terrorism efforts, but no one will ever know.

Month one

Day 20 - The National Security Agency (NSA) has intercepted encrypted messages between members of the Al Qaida network mentioning the premises of an NGO in North Africa as well as its affiliates and personnel as a possible target.

Month two

Day 1 – We tasked an AML and risk assessment operation in Egypt and other parts of the Middle East. Discovering an imminent threat to a meeting in a hotel resort in Africa, as a prime target for the Al Qaeda network, reason for a 60-days terror alert.

Day 19 - Ongoing humint and analysis, regarding the above mentioned Terror Alert, yielded that the target is hosting an international event in month three, catering to thousands of guests mainly government officials and suspicion about possible Mumbai style operations scenario’s in West Africa.

Day 20 - Ongoing Humint, whispers of a terror cell from Al Qaeda launched and on the move in Algeria.

Day 25 - 5 suspects in vehicle arrived in border town with Mali and Humint reveals that two of the suspects meet with local criminal elements. Reason to launch a tactical team from Mali to intercept if/when suspects cross the border, identify and disrupt.

Day 26 - The armed group was arrested after crossing in to Mali.

Day 27 - No evidence was found to establish a link with a planned terror attack nor our 60-days terror alert. It’s not unusual for Al Qaeda to launch diversions.

Back to square one  

Map Al Qaeda International Communications


Month three

Day 1 in Egypt

Day 1 -  We identified mobile numbers, linked to the messages between members of the Al Qaida network as intercepted by the NSA on day 20 of month one, using Mobile phone transmission towers in Mansoura and Saeed, Cairo, Egypt.

The user of one phone/number revealed tradecraft, sufficient reason to initiate a low level of monitoring, collecting phone numbers, IMEI’s, IMSI’s, locations, time and duration of the call.


That phone A is in Egypt and makes calls to:

Day 1 -   8:57 |  67s   The Netherlands Eindhoven

Day 1 -   9:18 |  202s The Netherlands Eindhoven

Day 1 - 15:26 |  13s   Nigeria Port Harcourt

Day 1   15:35 |  517s Nigeria Port Harcourt


Day 2 the phone A is in Libya and calls with:

Day 2 -  11:07 | 426s  Nigeria Abuja

Day 2 -  14:24 | 84s    Senegal Dakar (Ouest Foire)

Day 2 -  15:44 | 156s  Senegal Dakar (Ouest Foire)

Day 2 -  22:25 | 0s       Receives SMS from Luxembourg Orange Internet SMS Service


Day 3 the phone A is still in Libya and calls with:

Day 3 -  9:27 | 347s  Nigeria Port Harcourt

Day 3 -  9:34 | 322s  Nigeria Abuja

Day 3  21:51 |  268s  Senegal Dakar Grande Mosquée (Nord Foire)


Day 4 the phone A is in Algeria and calls with:

Day 4 -  17:32 | 11s  Senegal Dakar Marche Artisanal de Soumbedioune


Day 5 the phone A still is in Algeria and calls with:

Day 5 -   9:58 | 124s   Monaco

Day 5 - 11:08 | 19s     Serbia Kosovo Pristina

Day 5 - 12:23 | 150s   Senegal Dakar (Ouest Foire)

Day 5 - 12:27 | 45s     Received a call from Senegal Dakar (Mauritanian subscription)

Day 5 - 14:57 | 83s    Senegal Dakar Marche Artisanal de Soumbedioune

Day 5 - The combination of calls to subscribers in Monaco and Kosovo signals a possible connection to our terror alert and is reason to switch to real-time monitoring and launch a special operations team to identify and disrupt. The first and only incoming call from a Mauritanian subscriber in Senegal reveals a connection to a “Hotel resort in Africa” mentioned in the 60-day terror alert on day one of month two.


Day 6 the phone A is in Mali  and calls with:

Day 6 -   3:27 | 38s   Australia Brisbane

Day 6 -   9:20 | 169s Australia Brisbane

Day 6 - 12:35 | 38s   voicemail Senegal Dakar Marche Artisanal de Soumbedioune

Day 6 - 12:35 | 24s   Senegal Dakar Marche Artisanal de Soumbedioune

Day 6 - 14:37 | 216s Senegal Dakar

Day 6  - The heavily armed terror cell composed of four nationalities was disrupted in a remote desert area of Mali which is a haven for all kinds of traffickers of Tuareg rebels and Islamist militants.

Strike one and target confirmed

Day 6 - Evidence immediately established intent and preparation for an imminent terror attack. The first analysis of the collected pocket litter traced one of the terrorist to the beachside at a Hotel resort as mentioned in our 60-days terror alert. It’s not unusual for Al Qaeda to launch more cells. Reason to upgrade the security measures at the target and surrounding areas.

Day 6 – Further analysis identified another phone B possible from an insider and calls with:

Day 6 - 22:10 | 104s Nigeria Lagos

Day 7 – This threat by Al Qaeda was alive, with the scope of the organisation, scale, timetable and targets identified. Reason to launch one of the largest secret security operations ever on the African continent. 


Map of the locations of the phone A and its connections: on Google map.









Data mining

From Wikipedia, the free encyclopedia
Not to be confused with analytics, information extraction, or data analysis.

Data mining is an interdisciplinary subfield of computer science.[1][2][3] It is the computational process of discovering patterns in large data sets involving methods at the intersection of artificial intelligence, machine learning, statistics, and database systems.[1] The overall goal of the data mining process is to extract information from a data set and transform it into an understandable structure for further use.[1] Aside from the raw analysis step, it involves database and data management aspects, data pre-processing, model andinference considerations, interestingness metrics, complexity considerations, post-processing of discovered structures, visualization, and online updating.[1]Data mining is the analysis step of the "knowledge discovery in databases" process, or KDD.[4]

The term is a misnomer, because the goal is the extraction of patterns and knowledge from large amounts of data, not the extraction (mining) of data itself.[5] It also is a buzzword[6] and is frequently applied to any form of large-scale data or information processing (collection, extraction, warehousing,analysis, and statistics) as well as any application of computer decision support system, including artificial intelligence, machine learning, and business intelligence. The book Data mining: Practical machine learning tools and techniques with Java[7] (which covers mostly machine learning material) was originally to be named just Practical machine learning, and the term data mining was only added for marketing reasons.[8] Often the more general terms (large scale) data analysis and analytics – or, when referring to actual methods, artificial intelligence and machine learning – are more appropriate.

The actual data mining task is the automatic or semi-automatic analysis of large quantities of data to extract previously unknown, interesting patterns such as groups of data records (cluster analysis), unusual records (anomaly detection), and dependencies (association rule mining). This usually involves using database techniques such as spatial indices. These patterns can then be seen as a kind of summary of the input data, and may be used in further analysis or, for example, in machine learning and predictive analytics. For example, the data mining step might identify multiple groups in the data, which can then be used to obtain more accurate prediction results by a decision support system. Neither the data collection, data preparation, nor result interpretation and reporting is part of the data mining step, but do belong to the overall KDD process as additional steps.

The related terms data dredging, data fishing, and data snooping refer to the use of data mining methods to sample parts of a larger population data set that are (or may be) too small for reliable statistical inferences to be made about the validity of any patterns discovered. These methods can, however, be used in creating new hypotheses to test against the larger data populations.





ReVerb is a program that automatically identifies and extracts binary relationships from English sentences. ReVerb is designed for Web-scale information extraction, where the target relations cannot be specified in advance and speed is important.

To get a better idea of what ReVerb does:


ReVerb is released under an academic license. For instructions on how to run ReVerb or use it in your own code, please see theREADME file (also included in the download).


A collection of 15 million ReVerb extractions is available for academic use. The extractions are the result of running ReVerb on the ClueWeb09 dataset. Please review the information in theREADME_data.txt. Also, consider downloading the smaller sample of Wikipedia-only extractions before downloading the full set.

Labeled data from the experiments in the EMNLP 2011 paper is available here.


ReVerb was developed by the following people at the University of Washington's Turing Center as part of the KnowItAll Project:

ReVerb uses the following code and data, which are included in the release:


Please send all questions, comments, and bugs to the the ReVerb mailing list.




Log in Help

Home 〉 ie

GATE Information Extraction

If information is power and riches, then it is not the amount that gives the value, but access at the right time and in the most suitable form.

Information Extraction (IE) systems analyse unrestricted text in order to extract information about pre-specified types of events, entities or relationships.

GATE has been used for many IE projects in many languages and problem domain, and has competed in the MUC and ACE evaluations. GATE has a built-in IE component set called ANNIE. Below is a short introduction to IE; for a longer introduction see this IE User Guide.

For more information about GATE and IE, contact the GATE team. See also the new edition of the Encyclopaedia of Language and Linguisics survey article on IE. Sheffield and others may be able to provide services to customise GATE to your needs. See also:

(Note: chunks of these pages are derived from a previous version written by Malcolm Crawford.)



Information Extraction is not Information Retrieval: Information Extraction differs from traditional techniques in that it does not recover from a collection a subset of documents which are hopefully relevant to a query, based on key-word searching (perhaps augmented by a thesaurus). Instead, the goal is to extract from the documents (which may be in a variety of languages) salient facts about prespecified types of events, entities or relationships. These facts are then usually entered automatically into a database, which may then be used to analyse the data for trends, to give a natural language summary, or simply to serve for on-line access.

  • Information Retrieval gets sets of relevant documents --

you analyse the documents

Information Extraction gets facts out of documents --

you analyse the facts

Here are some example applications of IE.

Why is Information Extraction difficult?

There are many ways of expressing the same fact:

  • BNC Holdings Inc named Ms G Torretta as its new chairman.
  • Nicholas Andrews was succeeded by Gina Torretta as chairman of BNC Holdings Inc.
  • Ms. Gina Torretta took the helm at BNC Holdings Inc.

Information may need to be combined across several sentences:

  • After a long boardroom struggle, Mr Andrews stepped down as chairman of BNC Holdings Inc. He was succeeded by Ms Torretta.

You might want to try an Information Extraction task yourself.

From Wikipedia, the free encyclopedia






Open-source intelligence (OSINT) is intelligence collected from publicly available sources.[1] In the intelligence community(IC), the term "open" refers to overt, publicly available sources (as opposed to covert or clandestine sources); it is not related to open-source software or public intelligence.



http://nationalairarms.com/ProductDetails.aspx?pi=10  BLANCA AIR PISTOL

TDJ http://thedailyjournalist.com/wc-n5/

leonardo111reborn same ahja pwd


News & Information

Rss Feed


INTellingence: Open Source Intelligence

The president and policymakers rely on insights from the Central Intelligence Agency to inform their foreign policy decisions. CIA officers use a variety of sources in formulating their assessments. The following article is the first in a series that will explore different sources and collection disciplines, which are the building blocks of what we call “finished intelligence.” This article will focus on open source intelligence.

*     *     *     *     *

Information does not have to be secret to be valuable. Whether in the blogs we browse, the broadcasts we watch, or the specialized journals we read, there is an endless supply of information that contributes to our understanding of the world. The Intelligence Community generally refers to this information as Open Source Intelligence (OSINT). OSINT plays an essential role in giving the national security community as a whole insight and context at a relatively low cost.

OSINT is drawn from publicly available material, including:

  • The Internet
  • Traditional mass media (e.g. television, radio, newspapers, magazines)
  • Specialized journals, conference proceedings, and think tank studies
  • Photos
  • Geospatial information (e.g. maps and commercial imagery products)


The DNI Open Source Center

CIA is responsible for collecting, producing, and promoting open source intelligence through its management of the DNI Open Source Center (OSC). OSC was established on November 1, 2005 in response to recommendations by the Robb-Silberman Commission, and is charged with a unique, Community-wide responsibility.

OSC and its worldwide network of partners have the skills, tools, and access necessary to produce high-quality open source intelligence. These capabilities include translations in over 80 languages; source, trends, and media analyses; specialized video and geospatial services; and rare cultural and subject matter expertise.

To OSC Director Douglas Naquin strong partnerships are absolutely essential.

“Given the variety and scope of the questions we can address through publicly available information, I believe it is incumbent on us to work across organizations — inside and outside government — to make the most effective use of available expertise and capability. We in OSC focus on comparative advantage: If we find an organization or company that can do something particularly well — for example, translations — we will leverage that advantage to the extent we can, allowing us then to focus our resources on what we do best.”


Answering New Questions

OSINT has always been an important part of all-source analysis, b


9 Free Vulnerability Scanners + 1 Useful GPO Tool

Enjoy these tools to help automate the detection and remediation of vulnerabilities concerning NIST, PCI, HIPAA and many other federal regulatory requirements.

So, you like to scan for security vulnerabilities… right? Even though you may know and follow basic security measures on your own when installing and managing your network and websites, you'll never be able to keep up with and catch all the vulnerabilities by yourself. That’s why you should also have qualified people you can count on and a variety of tools to compare.

“Well beyond scanners, there’s not likely to be a replacement for the human-factor concerns Web, Application and Network penetration testing or analysis in any foreseeable future, says Jonathan Goetsch, CEO of US ProTech. “Therefore be sure to incorporate the use of a legitimate security services provider and tools that have been 3rd party validated, preferably by NIST and division of the U.S. Department of Commerce. Otherwise, you may unknowingly fall victim or worse, end up on the headlines of television stations, newspapers and blogs.”

Here’s some good news…. vulnerability scanners can help you automate security auditing and can play a crucial part in your IT security. They can scan your network and websites for up to thousands of different security risks, producing a prioritized list of those you should patch, describe the vulnerabilities, and give steps on how to remediate them. “Some can even automate the patching process.” said Mr. Geier, who has also contributed to some findings.

So, let’s jump right into scanners. Though vulnerability scanners and security auditing tools can cost a fortune, there are free options as well. Some only look at specific vulnerabilities, but there are also those that offer broad IT security scanning. Here is the list - one (1) end-point scanner and seven (7) network scanners and you really must see:

  1. US ProScan / Free real time End-Point vulnerability scanning

Imagine… scan any user, any endpoint, anywhere and at any time… and know the security profile. Now you can! US ProTech, offers a free scan of any endpoint device using their Endpoint Vulnerability scanner. All you do is fill out a simple form and within minutes you’ll know where employees are storing unprotected personal health information, credit card, social security and other data. This mobile security analysis provides visualization of the security landscape for Android, Apple iOS smartphones and other tablets. The report is intended to provide meaningful metrics about vulnerabilities and threat vectors to organizations who allow BYOD and mobile workers. Benefits are nearly endless and exceeds PCI – Compliance with data discovery of PAN data, HIPAA and Compliance with data discovery of PII data. Use this application for BYOD, Mobile Security and Endpoint Vulnerability Management with tools to locate, lock and wipe… built-in. The free scanner is unlimited for single device assessments – enterprise-wide solutions are also very affordable for just a few dollars per device.

This offer can be found at http://www.usprotech.com/us-proscan-web-based-security-scanning/

  1. Qualys FreeScan

Qualys FreeScan provides up to 10 free scans of URLs or IPs of Internet facing or local servers or machines. You initially access it via their web portal and then download their virtual machine software if running scans on your internal network.

Qualys FreeScan supports a few different scan types; vulnerability checks for hidden malware, SSL issues, and other network-related vulnerabilities. OWASP is for auditing vulnerabilities of web applications. Patch Tuesday scans for and helps install missing software patches. SCAP checks computer settings compliance against the SCAP (Security Content Automation Protocol) benchmark provided by National Institute of Standards and Technology (NIST).

Even though at first you just see an online tool that appears to do scanning via the Internet, if you enter a local IP or scan, it will prompt you to download a virtual scanner via a VMware or VirtualBox image. This allows you to do scanning of your local network. Once a scan is complete you can view interactive reports by threat or by patch.

Since Qualys FreeScan only provides 10 free scans, it’s not something you can use regularly. Consider using another solution for day-to-day use and periodically run Qualys FreeScan for a double-check.


3. US ProSecure / Free Trial includes trend analysis & remediation steps

What’s “hot” in security today? Answer: Military grade, US DOC validated security processes! Data breaches are the number one cause of identity theft (ref. JP Morgan Chase, Home Depot, Target, etc.). US ProSecure's data discovery scan (SCAP Approved) identifies security vulnerabilities in granular detail. This product will identify what systems, applications and devices at risk, simple, fast, and is affordable for desktops, servers and mobile devices.

As leaders in the market, US ProTech is not the newest “kid on the block” in the vulnerability scanning arena. US ProSecure is already a standard for major businesses in five nations including the USA, Mexico, Canada, Germany and the United Kingdom. If your organization concerns itself with NIST, PCI, HIPAA or the like, this processes is validated by the U.S. Department of Commerce. Their scanning criteria exceed military standards and the High-Impact Baseline Standards of the US Department of Defense, the US Department of Energy, OWASP and many others including security thresholds under NIST 800-53 r4.

US ProTech’s scanning and configuration auditing capabilities are an approved SCAP and SCADA solution, as well as an FDCC Scanner, Authenticated Configuration Scanner, Authenticated Vulnerability and Patch Scanner, and Unauthenticated Vulnerability Scanner. US ProSecure has been approved for use in support of risk management and compliance under FISMA and FedRAMP for its vulnerability scanning and CyberScope reporting capabilities.

US ProTech offers a free trial of their US ProSecure external vulnerability assessment service on up to three external IP addresses. They will scan the external IP addresses 3 times over a 60 day window to produce a detailed assessment complete with a Trend-Analysis report over that same period.

This offer can be found at http://www.usprotech.com/free-security-scan/

4. Core Insight & Impact Pro

Core Insight consolidates, normalizes, and prioritizes vulnerability management initiatives enterprise-wide. Consolidating multiple vulnerability scans across vendors, while matching known exploits and simulating attacks enables you to focus on the most vulnerable points of your network. Core Impact Pro is the most comprehensive multi-vector solution for assessing and testing security vulnerabilities throughout your organization. Leveraging commercial-grade exploits, users can take security testing to the next level when assessing and validating security vulnerabilities.

This offer can be found at http://ws.coresecurity.com/core-impact-trial-usprotech.html

5. Retina CS Community

Retina CS Community provides vulnerability scanning and patching for Microsoft and common third-party applications, such as Adobe and Firefox, for up to 256 IPs free. Plus it supports vulnerabilities within mobile devices, web applications, virtualized applications, servers, and private clouds. It looks for network vulnerabilities, configuration issues, and missing patches.

The Retina CS Community software essentially provides just the patching functionality.Retina Network Community is the software that provides the vulnerability scanning, which must be separately installed before the Retina CS Community software.

Retina CS Community installs on Windows Server 2008 or later, requires the .Net Framework 3.5 to be installed, IIS server enabled, and Microsoft SQL 2008 or later to be installed. Keep in mind, installation on Domain Controllers or Small Business Servers is not supported.

Once the software is installed you’re provided with a GUI program for Retina Network Community component and a web-based GUI for the Retina CS Community component. It supports different user profiles so you can align the assessment to your job function.

To scan you can choose from a variety of scan and report templates and specify IP range to scan or use the smart selection function. You can provide any necessary credentials for scanned assets that require them and choose how you want the report delivered, including email delivery or alerts.

Retina CS Community is a great free offering by a commercial vendor, providing scanning and patching for up to 256 IPs free and supporting a variety of assets. However, some small businesses may find the system requirements too stringent, as it requires a Windows Server.

This offer can be found at http://go.beyondtrust.com/cscommunity

6. Microsoft Baseline Security Analyzer (MBSA)

Microsoft Baseline Security Analyzer (MBSA) can perform local or remote scans on Windows desktops and servers, identifying any missing service packs, security patches, and common security misconfigurations. The 2.3 release adds support for Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012, while also supporting previous versions down to Windows XP.

MBSA is relatively straightforward to understand and use. When you open it you can select a single Windows machine to scan by choosing a computer name from the list or specifying an IP address or when scanning multiple machines you can choose an entire domain or specify an IP address range. You can then choose what you want to scan for, including Windows, IIS and SQL administrative vulnerabilities, weak passwords, and Windows updates.

Once the scan is complete you’ll find a separate report for each Windows machine scanned with an overall security classification and categorized details of the results. For each item you can click a link to read details on what was scanned and how to correct it, if a vulnerability were found, and for some you can click to see more result details. The reports are automatically saved for future reference, but you can also print and/or copy the report to the clipboard.

Although free and user-friendly, keep in mind that MBSA lacks scanning of advanced Windows settings, drivers, non-Microsoft software, and network-specific vulnerabilities. Nevertheless, it’s a great tool to help you find and minimize general security risks.

This offer can be found at http://www.microsoft.com/en-us/download/details.aspx?id=7558

7. Nexpose Community Edition

Nexpose Community Edition can scan networks, operating systems, web applications, databases, and virtual environments. The Community Edition, however, limits you to scanning up to 32 IPs at a time. It’s also limited to one-year of use until you must apply for a new license. They also offer a seven-day free trial of their commercial editions.

Nexpose installs on Windows, Linux, or virtual machines and provides a web-based GUI. Through the web portal you can create sites to define the IPs or URLs you’d like to scan, select the scanning preferences, scanning schedule, and provide any necessary credentials for scanned assets.

Once a site is scanned you’ll see a list of assets and vulnerabilities. You can see asset details including OS and software information and details on vulnerabilities and how to fix them. You can optionally set policies to define and track your desired compliance standards. You can also generate and export reports on a variety of aspects.

Nexpose Community Edition is a solid full-featured vulnerability scanner that’s easy to setup but the 32 IP limit may make it impractical for larger networks.

This offer can be found at http://www.rapid7.com/products/nexpose/nexpose-community.jsp

8. SecureCheq

SecureCheq can perform local scans on Windows desktops and servers, identifying various insecure advanced Windows settings like defined by CIS, ISO or COBIT standards. It concentrates on common configuration errors related to OS hardening, data protection, communication security, user account activity and audit logging. The free version, however, is limited to scanning less than two dozen settings, about a quarter of what the full version supports. SecureCheq is a simple tool. After scanning the PC you’ll see a list of all the checked settings and a Passed or Failed result.

Click a setting and you’ll find links to references about the vulnerability, summary of the vulnerability, and how to fix it. Though you can’t save the results for later viewing in the application, you can print them or view/save the OVAL XML file.

Although SecureCheq is easy-to-use and scans for advanced configuration settings, it actually misses some of the more general Windows vulnerabilities and network-based threats. However, it complements the Microsoft Baseline Security Analyzer (MBSA) well; scan for basic threats and then follow up with SecureCheq for advanced vulnerabilities.

This offer can be found at http://www.tripwire.com/securecheq/

9. OpenVAS

The Open Vulnerability Assessment System (OpenVAS) is a free network security scanner platform, with most components licensed under the GNU General Public License (GNU GPL). The main component is available via several Linux packages or as a downloadable Virtual Appliance for testing/evaluation purposes. Though the scanner itself doesn’t work on Windows machines, they offer clients for Windows.

The main component of the OpenVAS is the security scanner, which only can run in Linux. It does the actual work of scanning and receives a feed updated daily of Network Vulnerability Tests (NVT), more than 33,000 in total.

The OpenVAS Manager controls the scanner and provides the intelligence. The OpenVAS Administrator provides a command-line interface and can act as full service daemon, providing user management and feed management.

There are a couple clients to serve as the GUI or CLI. The Greenbone Security Assistant (GSA) offers a web-based GUI. The Greenbone Security Desktop (GSD) is a Qt-based desktop client that runs on various OSs, including Linux and Windows. And the OpenVAS CLI offers a command-line interface.

OpenVAS isn’t the easiest and quickest scanner to install and use, but it’s one of the most feature-rich, broad IT security scanners that you can find for free. It scans for thousands of vulnerabilities, supports concurrent scan tasks, and scheduled scans. It also offers note and false positive management of the scan results. However, it does require Linux at least for the main component.

This offer can be found at http://www.openvas.org/

  1. Security Compliance Manager (SCM)

New! Version 3.0 of the Security Compliance Manager (SCM) tool is now available for download! In addition to key features from the previous version, SCM 3.0 offers new baselines for Internet Explorer 10, Windows 8, and Windows Server 2012. SCM enables you to quickly configure and manage computers and your private cloud using Group Policy and Microsoft System Center Configuration Manager.

SCM 3.0 provides ready-to-deploy policies and DCM configuration packs based on Microsoft Security Guide recommendations and industry best practices, allowing you to easily manage configuration drift, and address compliance requirements for Windows operating systems and Microsoft applications.

Key features in SCM 3.0 include:

  • Support for Windows Server 2012, Windows 8, and Internet Explorer 10 product baselines: Secure your environment with new baselines for the latest software releases
  • Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project.
  • Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature.
  • Updated security guides: Take advantage of the deep security expertise and best practices in the updated security guides, and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important.
  • Comparisons against industry best practices: Analyze your configurations against prebuilt baselines for the latest Windows client and server operating systems.

This offer can be found at http://technet.microsoft.com/en-us/solutionaccelerators/cc835245.aspx

For a comprehensive evaluation of the above tools, how they deploy, what your expectations should be and what the differences are among the tools, US ProTech is offering a complimentary consultation to assist you with selecting the appropriate set of tools to achieve your vulnerability assessment requirements. Call us today to schedule time with one of our security engineers; we look forward to connecting with you soon!