Section: .. / papers / general /
| /// File Name: |
022805.txt |
Description:
|
This paper describes several techniques for exposing file contents using the site search functionality. It is assumed that a site contains documents which are not visible/accessible to external users. Such documents are typically future PR items, or future security advisories, uploaded to the website beforehand. However, the site is also searchable via an internal search facility, which does have access to those documents, and as such, they are indexed by it not via web crawling, but rather, via direct access to the files. Therein lies the security breach.
| | Author: | Amit Klein | | Homepage: | http://webappsec.org/ | | File Size: | 25702 | | Last Modified: | Feb 28 19:15:11 2005 |
| MD5 Checksum: | 87eb98b564a55d22d12c7b83e9641965 |
|
| /// File Name: |
041607.html |
Description:
|
The Web Application Security Consortium is proud to present 'The Importance of Application Classification in Secure Application Development'.
| | Author: | Rohit Sethi | | Homepage: | http://www.webappsec.org/ | | File Size: | 44216 | | Last Modified: | Apr 18 20:40:46 2007 |
| MD5 Checksum: | 067f062ee0605f2c9e32f8a6614d533c |
|
| /// File Name: |
050819-securing-mac-os-x-tiger.pdf |
Description:
|
Corsaire (www.corsaire.com/white-papers/) has released a fully updated version of their guide to securing Mac OS X to cover the new security features offered by Mac OS X 10.4 Tiger (such as ACLs) as well as incorporating additional security guidelines that were omitted in the original (10.3) guide.
| | Author: | Stephen de Vries | | Homepage: | http://www.corsaire.com/white-papers/ | | File Size: | 751834 | | Last Modified: | Aug 26 00:55:07 2005 |
| MD5 Checksum: | 021cca9d23a8be3656a5f08e6bc300ec |
|
| /// File Name: |
2004_11.txt |
Description:
|
Electronic Frontier Foundation Media Release - Presidential Votes Miscast on E-voting Machines Across the Country. Voters from at least half a dozen states reported that touch-screen voting machines had incorrectly recorded their choices, including for president.
| | Author: | Cindy Cohn,Matt Zimmerman | | Homepage: | http://www.eff.org/news/archives/2004_11.php#002062 | | File Size: | 3620 | | Last Modified: | Nov 4 22:43:21 2004 |
| MD5 Checksum: | 801f5c3f4e63747cba6eb681b9c7e8f4 |
|
| /// File Name: |
A_Modular_Approach_to_Data_Validati..> |
Description:
|
This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use can be released. The paper begins with an explanation of the vulnerabilities introduced through poor validation and then goes on to discuss the merits of a number of common data validation methodologies. A modular approach is introduced together with practical examples of how to implement such a scheme in a web application. It also provides information on common attack vectors, principles of validation, a modular solution and implementation of that solution.
| | Author: | Stephen de Vries | | Homepage: | http://www.corsaire.com/ | | File Size: | 382808 | | Last Modified: | Apr 12 14:59:25 2006 |
| MD5 Checksum: | a0b2f3ac1b5d56c1eb5b580c14a11f16 |
|
| /// File Name: |
abc.pdf |
Description:
|
This White Paper gives an introduction to computer security and its significance for businesses, followed by an alphabetical guide to common security measures and threats.
| | Author: | Paul Ducklin | | Homepage: | http://www.sophos.com | | File Size: | 99449 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 234140dc38979cbe235a915f9e495f15 |
|
| /// File Name: |
acros.txt |
Description:
|
CaIRA: Computer and Internet-Related Acronyms. 1,725 acronyms and abbreviations with definitions and explanations. Includes a listing of all internet country abbreviations.
| | Author: | Raven | | Homepage: | http://blacksun.box.sk | | File Size: | 119341 | | Last Modified: | Feb 3 11:35:16 2000 |
| MD5 Checksum: | 81861a7a8afc090fb589e09620587a27 |
|
| /// File Name: |
agents.txt |
Description:
|
The Evolution of Malicious Agents. This paper examines the evolution of malicious agents by analyzing features and limitations of popular viruses, worms, and trojans, detailing the possibility of a new breed of malicious agents currently being developed on the Internet.
| | Author: | Lenny Zeltser | | Homepage: | http://www.zeltser.com/agents | | File Size: | 48331 | | Last Modified: | May 3 18:20:38 2000 |
| MD5 Checksum: | badaef580cc6781fc436d7fe02f5cce9 |
|
| /// File Name: |
Altering_ARP_Tables_v_1.00.htm |
Description:
|
Altering ARP Tables v1.00 - This paper is dedicated to ARP tables and how to alter them remotely. Includes a couple of implementations of ARP poisoning in a bridge based segment and a couple of ways to protect yourself.
| | Author: | Data Wizard | | File Size: | 22573 | | Last Modified: | Sep 7 23:03:45 2001 |
| MD5 Checksum: | 2cddda46bc0102cac912313b0b33cd68 |
|
| /// File Name: |
AnonMoney.zip |
Description:
|
An interesting paper on using the TOR network to anonymously collect funds with eGold.
| | Author: | Mr Babs | | File Size: | 27881 | | Last Modified: | Apr 28 12:47:57 2006 |
| MD5 Checksum: | dd9e819d06c9b8ad5e1c6d1b4d87ce5c |
|
| /// File Name: |
asm-1.tbz |
Description:
|
Project Freedocs Volume 4 - A collection of tutorials regarding asm programming.
| | Author: | Bugghy | | Homepage: | http://vaida.bogdan.googlepages.com/ | | File Size: | 876790 | | Last Modified: | Sep 9 04:11:55 2004 |
| MD5 Checksum: | 36dbbc1321d22b50c15c4c125e5e506a |
|
| /// File Name: |
AveOfAttack.pdf |
Description:
|
A New Avenue of Attack: Event-Driven System Vulnerabilities. This paper gives more technical details to security vulnerabilities in event-driven systems and relates it to Information Warfare.
| | Author: | Simos Xenitellis | | Homepage: | http://www.isg.rhul.ac.uk/~simos/event_demo/ | | File Size: | 51408 | | Last Modified: | Aug 11 19:06:53 2002 |
| MD5 Checksum: | f75606876872b209db3c27c173b8f830 |
|
| /// File Name: |
bbpaint.pdf |
Description:
|
Whitepaper describing how ptrace() might be used to build a Control Flow Integrity system.
| | Author: | Sebastian Krahmer | | File Size: | 2150784 | | Last Modified: | Jun 26 23:40:45 2006 |
| MD5 Checksum: | b4fc325a07b02849e37e300fd38f2b7f |
|
| /// File Name: |
Becoming_a_Hacker_-_Part_1.pdf |
Description:
|
An introductory paper for would-be hackers. It could also prove useful for network admins and hackers that want to improve themselves. Chapters include: The OS, Understanding TCP/IP, Becoming a Hacker, WHOIS Databases, Basic Tracerouting and Path Analysis, Mapping with DNS and Geolocation and more.
| | Author: | Elite Nabukadnezar | | File Size: | 937329 | | Last Modified: | Apr 28 19:58:49 2006 |
| MD5 Checksum: | a1f9344215ff0a8ba83d3479fe01d821 |
|
| /// File Name: |
berferd.ps |
Description:
|
An Evening With Berferd: In Which a Cracker is Lured, Endured, and Studied: A description of how the author kept an attacker ``on the line'' for several months in order to learn his methods.
| | File Size: | 81747 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 5cc030611fec89e1f717d00e76688835 |
|
| /// File Name: |
bind9forgery.txt |
Description:
|
A new weakness has been discovered in the BIND 9 DNS server that allows for DNS forgery pharming.
| | Author: | Amit Klein | | File Size: | 2268 | | Last Modified: | Jul 24 23:39:15 2007 |
| MD5 Checksum: | 5fa6300ec5a825d63b978a0cee207a3b |
|
| /// File Name: |
binfmt-en.pdf |
Description:
|
Polluting sys_execve() in kernel space without depending on the sys_call_table[]: A paper discussing design weaknesses in the linux kernel's handling of simply linked lists used to register binary formats. English version.
| | Author: | SHELLCODE Security Research TEAM | | Homepage: | http://www.shellcode.com.ar | | File Size: | 387120 | | Last Modified: | Oct 9 19:47:50 2006 |
| MD5 Checksum: | cbc9e056a14996a9afd144bb757b9ce5 |
|
| /// File Name: |
binfmt-es.pdf |
Description:
|
Polluting sys_execve() in kernel space without depending on the sys_call_table[]: A paper discussing design weaknesses in the linux kernel's handling of simply linked lists used to register binary formats. Spanish Version.
| | Author: | SHELLCODE Security Research TEAM | | Homepage: | http://www.shellcode.com.ar | | File Size: | 392521 | | Last Modified: | Oct 9 19:46:25 2006 |
| MD5 Checksum: | ed63f18b799338c8d20d7f13b9c637fe |
|
| /// File Name: |
blackbox.txt |
Description:
|
Freedom of Information requests at http://www.blackboxvoting.org have unearthed two Ciber certification reports indicating that security and tamperability was NOT TESTED and that several state elections directors, a secretary of state, and computer consultant Dr. Britain Williams signed off on the report anyway, certifying it.
| | Homepage: | http://www.blackboxvoting.org/ | | File Size: | 34214 | | Last Modified: | Nov 10 01:41:32 2004 |
| MD5 Checksum: | 5285a64d546396feed26c988ae5debc3 |
|
| /// File Name: |
blackmagic.txt |
Description:
|
Practical guide to advanced network attack and reconnaissance techniques using Python. Includes topics such as firewalking, port scanning, ARP poisoning, and DNS poisoning.
| | Author: | detach | | Homepage: | http://hackaholic.org/ | | File Size: | 35177 | | Last Modified: | Mar 29 00:14:10 2005 |
| MD5 Checksum: | 97334b9d53d7c7dff332a3214a16bd86 |
|
| /// File Name: |
BlockingSkype-rootn0de2005.pdf |
Description:
|
Whitepaper called Blocking Skype Using Squid And OpenBSD.
| | Author: | vi_cipher | | File Size: | 18212 | | Last Modified: | Nov 15 06:01:59 2005 |
| MD5 Checksum: | 909e63b1e1ea395ba89d9de7898c392f |
|
| /// File Name: |
botnet.tgz |
Description:
|
KYE: Tracking Bots. A whitepaper produced by the German Honeynet Project that looks at the individuals and organization that run botnets.
| | Homepage: | http://www.honeynet.org/ | | File Size: | 50375 | | Last Modified: | Mar 17 02:22:27 2005 |
| MD5 Checksum: | 00408e62b61746075b189692d8332ac7 |
|
| /// File Name: |
browser_insecurity_iceberg_2008.pdf |
Description:
|
Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the "insecurity iceberg".
| | Author: | Stefan Frei,Thomas Duebendorfer,Gunter Ollmann,Martin May | | File Size: | 265522 | | Last Modified: | Jul 1 12:37:48 2008 |
| MD5 Checksum: | af684f84277d52eb31988b9ac44515b2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
