activeresponse.org Discussion base for active response to computer attacks

stripesnoop.sourceforge.netan excellent source on magnetic stripe information

www.hammerofgod.com Timothy Mullen's website

Forensic Focus - computer forensics and data recovery news and discussion: Join our lively computer forensics community today and stay current with other forensic computing professionals through our forum, email discussion list and monthly newsletter.

www.nessus.org has a great vulnerability tool.  Full assessment reporting with fix actions.  Leaves huge foot print on IDSs. Windows version is available here.

The Metasploit Framework is the best point-click-exploit to shell available. It takes Nessus to the next level. This is basic training for security/pen test labs.

microsoft command line reference.for a "man" of what can be done at the CLI.

www.securityfocus.com is another mainstream site.  There are lots of tools and information here.  Not a beginner site, but essential for any system administrator. Symantec bought them, but so far so good.

www.honeynet.org  Tools to set up honey pots. We play here a lot

www.loganalysis.org  A whole website dedicated to log files and analyzing all sorts of events, including security events. Go here before an intrusion takes place. This is one of those sites that must be in your security toolbox.

rain forest puppy is a talented programmer who finds several security issues with MS-IIS.  Also has perl scripts to test the new vulnerabilities. He kept his site, but stopped posting updates. Hmmm.

www.infowar.com Use to be useful, but I guess Winn got too lame on us. It is just another forum site. All his old IW-IP content is gone. Too bad too because it was usefull and still applicable.

Help-Net Security Recent change in site's url. Good, current security news and articles. Great newsletter.

netscan.org also touches the underground as well as mainstream. Hope you do not see your organization listed here :-0

www.l0pht.com has lots of NT security tools too. Yes, it is still around. 

Packet Storm More mainstream IP/Sec consulting.  Recent change in site's url and look, but has the same resources.

milw0rm.  Best chance of finding "zero-day" exploits.

eEye™ Digital Security  Makers of Retina IIS hacking tool.  Has some tools, but is a good site for keeping up with news and advisories.

SecuriTeam.com  Links, news and a good library of scripts.

www.phrack.com mixes hacking and phreaking, with news, codes, etc. old school to say the least

Netstumbler.com offers a very usable tool to survey wireless lans.  This is also used by war drivers, and includes a GPS interface and database upload.

dnsstuff.com is a great place to start recon/research. Many uses for this one including a spam research engine

INFO-WAR Sites
(Mostly academic)

Federation of American Scientists Information Warfare and Information Security on the Web Number two on the ugly/poor web sites in this list, it has very comprehensive sources on IW and is full of hyper linked references.  Probably a good place to start an academic research project on the subject of IW.

Institute for the Advanced Study of Information Warfare Possibly the ugliest, most poorly laid out site in this list, it has some seriously high-level thoughts on I-W and has an interesting take on how the Chinese view IW.  That's right, other countries are playing these reindeer games!

The Terrorism Research Centre Information warfare Has a great scenario of what could happen.