Section: .. / papers / general /
| /// File Name: |
hacking_unix_2nd-us.pdf |
Description:
|
Hacking Unix is a new beginners guide to hacking. The first part covers basic fundamental knowledge one should know regarding the Internet, security, and Unix. The second half covers network profiling, compromises, and backdooring.
| | Author: | detach | | Homepage: | http://hackaholic.org/Hacking_Unix_2/ | | File Size: | 652094 | | Last Modified: | Jul 7 11:21:00 2004 |
| MD5 Checksum: | e056c69db9850f54b0a53b6c9c42fd41 |
|
| /// File Name: |
osvdblive.txt |
Description:
|
OSVDB has announced that they have reached 3,000 stable entries. This Go-Live update discusses new features the site has along with a request for help from the community. Please help support them in any way possible.
| | Homepage: | http://www.osvdb.org/ | | File Size: | 2620 | | Last Modified: | Jun 2 04:00:47 2004 |
| MD5 Checksum: | a3d5199f54323b925961616b81309b1c |
|
| /// File Name: |
SecureDevelopmentv06.pdf |
Description:
|
Corsaire White Paper: Secure Development Framework. This paper addresses the need for an infrastructure to exist in which things are securely developed to help mitigate the high costs incurred when vulnerable software is released into the wild.
| | Author: | Glyn Geoghegan | | Homepage: | http://www.corsaire.com | | File Size: | 343216 | | Last Modified: | May 19 21:19:44 2004 |
| MD5 Checksum: | 7155cf428ccb06b0b9b83af4dbfd755f |
|
| /// File Name: |
reverse_backdoored_binaries.txt |
Description:
|
Well written whitepaper about reverse engineering backdoored binaries. It is meant for the beginner reverse engineer with some knowledge of ELF, C, x86 ASM, and Linux.
| | Author: | Chris | | Homepage: | http://www.cr-secure.net/ | | File Size: | 28027 | | Last Modified: | Apr 19 09:49:00 2004 |
| MD5 Checksum: | 44254a0ab92d356cf69959d3c8060f44 |
|
| /// File Name: |
enterprise_specific_security.sxw.pd..> |
Description:
|
White-paper that discusses how large enterprises use a different class of software than small companies. This software and the environment it is purchased in is subject to particular constraints that often require a different strategy. This paper presents the problems with concrete and current examples and suggests some solutions.
| | Author: | Dave Aitel | | Homepage: | http://www.immunitysec.com/ | | File Size: | 292287 | | Last Modified: | Apr 2 05:54:00 2004 |
| MD5 Checksum: | f08fdd20ce1f278a7a74b4d4494b495b |
|
| /// File Name: |
whitepaper_httpresponse.pdf |
Description:
|
Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics. This whitepaper discusses a new application attack technique and provides use cases.
| | Author: | Amit Klein | | File Size: | 297302 | | Last Modified: | Mar 4 18:07:00 2004 |
| MD5 Checksum: | a88cdaabfffc1297b09a899e0cadf9c1 |
|
| /// File Name: |
MySQL.fingerprint.txt |
Description:
|
Small write-up discussing methodology for fingerprint the type of MySQL database being used when exploiting SQL injection vulnerabilities.
| | Author: | Tonu Samuel | | File Size: | 4317 | | Last Modified: | Feb 23 18:16:00 2004 |
| MD5 Checksum: | c8504f82b10ed47a972f6bbc43dd339e |
|
| /// File Name: |
linux_kernel_do_brk.pdf |
Description:
|
Whitepaper discussing the do_brk() bug found in the Linux kernel versions 2.4.22 and below.
| | Author: | Paul Starzetz | | Homepage: | http://isec.pl | | File Size: | 60395 | | Last Modified: | Dec 5 07:22:00 2003 |
| MD5 Checksum: | 15510d93f5459f12cff4614494ae9be9 |
|
| /// File Name: |
diebold-lists.tgz |
Description:
|
More Diebold Electronic Voting System Flaws - These mailing list archives contain information and discussion on flaws in the Diebold electronic voting machines. Diebold has been attempting to use the DMCA to suppress this knowledge, even though this sort of information exchange is essential to the proper functioning of a democracy.
| | File Size: | 11551681 | | Last Modified: | Nov 3 22:32:26 2003 |
| MD5 Checksum: | a4dc85ddb6ad4d8f8337dd887ac93d3b |
|
| /// File Name: |
vote.pdf |
Description:
|
Analysis of an Electronic Voting System - This paper describes several security flaws in Diebold electronic voting machines. Voters may be able to cast multiple ballots with little built in traceability, administrative functions can be performed by regular voters, and inside poll workers, software developers, and janitors can rig the vote. The smart card system is insecure and uses plaintext passwords. The code appears unaudited and there is no ability to do a paper recount.
| | Author: | Adam Stubblefield,Tadayoshi Kohno,Dan S. Wallach,Aviel D. Rubin | | File Size: | 244831 | | Last Modified: | Oct 31 14:21:22 2003 |
| MD5 Checksum: | 3b6981806063c69b646d789f3f009136 |
|
| /// File Name: |
juggle.txt |
Description:
|
Juggling with packets: floating data storage - White paper discussing the use of network traffic as a storage medium for data and how this could be utilized to not leave an audit trail.
| | Author: | Wojciech Purczynski,Michal Zalewski | | Homepage: | http://isec.pl/ | | File Size: | 18363 | | Last Modified: | Oct 6 15:25:23 2003 |
| MD5 Checksum: | 2994c468e5e7ed30279735e471c26c4e |
|
| /// File Name: |
heap_off_by_one.txt |
Description:
|
A short paper discussing exploitation of vulnerabilities consisting of a null byte written passed the end of a dynamically allocated buffer.
| | Author: | qitest1 | | Homepage: | http://bespin.org/~qitest1/ | | File Size: | 13050 | | Last Modified: | Jun 24 23:48:01 2003 |
| MD5 Checksum: | 34476d3f8b558ed26ed7286d96e42509 |
|
| /// File Name: |
bufferpaper.txt |
Description:
|
This paper goes into great detail describing how to utilize format string attacks with limited buffer space.
| | Author: | Xpl017Elz | | Homepage: | http://x82.inetcop.org | | File Size: | 16969 | | Last Modified: | Jun 11 02:32:02 2003 |
| MD5 Checksum: | c533bdbebb1fc4a96cf43dbff879cdc5 |
|
| /// File Name: |
cracking-basics.pdf |
Description:
|
Whitepaper discussing cracking basics.
| | Author: | Livewire | | File Size: | 200830 | | Last Modified: | May 5 13:33:01 2003 |
| MD5 Checksum: | c047480900a4fcaa4e6bf2a4629e2440 |
|
| /// File Name: |
mk.pdf |
Description:
|
Rights Amplification in Master-Keyed Mechanical Locks - This paper describes a relatively unknown procedure for obtaining a master key if given access to a tumbler based master keyed lock and any low level key in the system. No special skill or equipment beyond a small number of blank keys and a file is needed, and the attacker does not need to engage in any suspicious behavior at the locks location. Countermeasures are described with provide limited protection under certain circumstances.
| | Author: | Matt Blaze | | Homepage: | http://www.crypto.com | | File Size: | 4039567 | | Last Modified: | Jan 24 03:10:56 2003 |
| MD5 Checksum: | 203c6fc8532d603649f8a707002650ee |
|
| /// File Name: |
SecurityIPTelephonyNetworks.pdf |
Description:
|
IP Telephony based networks, which might be a core part of our Telephony infrastructure in the near future, introduce caveats and security concerns which traditional telephony based networks do not have to deal with, have long forgotten about, or have learned to cope with. The security risk is usually overshadowed by the technological hype and the way IP Telephony equipment manufacturers push the technology to the masses. This paper highlights the different security risk factors with IP Telephony based networks.
| | Author: | Ofir Arkin | | File Size: | 459385 | | Last Modified: | Nov 24 22:50:16 2002 |
| MD5 Checksum: | e013b1ffa4ad1861992a3a2038e98d7b |
|
| /// File Name: |
IISUnicodeExplained.doc |
Description:
|
This paper goes into detail on Unicode exploitation with how it works and how to actually perform attacks against IIS servers that are vulnerable to this bug.
| | Author: | Gary Brooks | | File Size: | 167936 | | Last Modified: | Nov 17 12:47:34 2002 |
| MD5 Checksum: | ab7336660866d82a2bb7998a13278186 |
|
| /// File Name: |
core_vulnerabilities.pdf |
Description:
|
Vulnerabilities in your code and Advanced Buffer Overflows - A paper by CoreSecurity that underlines some of the most common mistakes made by programmers, presented as ten examples. Paper shows the exact location of vulnerabilities in codes, providing detailed explanations and exploits for each one found.
| | Author: | gera | | Homepage: | http://www.core-sec.com/ | | File Size: | 522303 | | Last Modified: | Nov 17 01:50:53 2002 |
| MD5 Checksum: | 500b253d035fcffa897c6bfe277aed28 |
|
| /// File Name: |
openbsdacl.html |
Description:
|
OpenBSD Network ACLs for i386 - This paper discusses how to utilize a kernel patch to create local ACLs to restrict local users from using network services. It allows an administrator to deny network access for a user by restricting bind() and connect() to allowed accounts.
| | Author: | Andi | | Homepage: | http://segfault.net/~andi/openbsdacl/ | | File Size: | 2720 | | Last Modified: | Sep 24 00:00:04 2002 |
| MD5 Checksum: | ef934ad372b0f3fae157cfe3995a344c |
|
| /// File Name: |
AveOfAttack.pdf |
Description:
|
A New Avenue of Attack: Event-Driven System Vulnerabilities. This paper gives more technical details to security vulnerabilities in event-driven systems and relates it to Information Warfare.
| | Author: | Simos Xenitellis | | Homepage: | http://www.isg.rhul.ac.uk/~simos/event_demo/ | | File Size: | 51408 | | Last Modified: | Aug 11 19:06:53 2002 |
| MD5 Checksum: | f75606876872b209db3c27c173b8f830 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
