Section: .. / papers / general /
| /// File Name: |
ENG_in_a_nutshell.pdf |
Description:
|
Exploit Creation - The Random Approach. A paper about using Encore Next Generation techniques to create exploits.
| | Author: | Nelson Brito | | File Size: | 165713 | | Last Modified: | Oct 6 22:24:31 2008 |
| MD5 Checksum: | dd9d916dd9cd088ebacdbac525cd7a78 |
|
| /// File Name: |
wasc_wass_2007.pdf |
Description:
|
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. The overall statistics includes analysis results of 32,717 sites and 69,476 vulnerabilities of different degrees of severity.
| | Homepage: | http://www.webappsec.org/ | | File Size: | 173892 | | Last Modified: | Sep 8 18:38:56 2008 |
| MD5 Checksum: | 86567ab3f61b08ab7690e05b87500656 |
|
| /// File Name: |
draft-gont-opsec-ip-security-01.txt |
Description:
|
This is the IETF Internet-Draft entitled "Security Assessment of the Internet Protocol version 4", which is heavily based on the "Security Assessment of the Internet Protocol".
| | Author: | Fernando Gont | | Homepage: | http://www.ietf.org/ | | File Size: | 166263 | | Last Modified: | Sep 2 23:30:05 2008 |
| MD5 Checksum: | 8df28368bfb0390ab4b35fd2f97b23a2 |
|
| /// File Name: |
draft-ietf-tsvwg-port-randomization..> |
Description:
|
This document describes a simple and efficient method for random selection of a client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead. The mechanisms described in this document are a local modification that may be incrementally deployed, and that does not violate the specifications of any of the transport protocols that may benefit from it, such as TCP, UDP, SCTP, DCCP, and RTP.
| | Author: | Michael Vittrup Larsen,Fernando Gont | | Homepage: | http://www.ietf.org/ | | Changes: | This new revision of the document addresses the feedback we got from Amit Klein, Matthias Bethke, and Alfred Hoenes. | | File Size: | 49484 | | Last Modified: | Sep 2 23:27:10 2008 |
| MD5 Checksum: | 7148e6b60b79983dd6d3afc806fb28d5 |
|
| /// File Name: |
seh-paper.txt |
Description:
|
Playing around with SEH (the Structured Exception Handler).
| | Author: | suN8Hclf | | Homepage: | http://www.dark-coders.pl/ | | File Size: | 41425 | | Last Modified: | Aug 18 20:00:12 2008 |
| MD5 Checksum: | 679821c48bb8441a75d5ed76b003bd45 |
|
| /// File Name: |
InternetProtocol.pdf |
Description:
|
This document aims to raise awareness about the many security threats based on the IP protocol, those that we are currently facing, and those we may still have to deal with in the future. It provides advice for the secure implementation of the IP, and also insights about the security aspects of the IP that may be of help to the Internet operations community.
| | Author: | Fernando Gont | | Homepage: | http://www.cpni.gov.uk/ | | File Size: | 675316 | | Last Modified: | Aug 14 20:12:10 2008 |
| MD5 Checksum: | 8621c729eab84344f70a70121b88b710 |
|
| /// File Name: |
webhack.pdf |
Description:
|
Whitepaper discussing simple web hacking techniques.
| | Author: | Nikolaos Rangos | | File Size: | 193580 | | Last Modified: | Jul 28 11:18:01 2008 |
| MD5 Checksum: | 4d69db9891c1fa3cd11b93d5e1c50d34 |
|
| /// File Name: |
html5whitepaper.pdf |
Description:
|
Abusing HTML 5 Structured Client-Side Storage - A whitepaper analyzing security implications of this technology and how showing how different attacks can be conducted.
| | Author: | Alberto Trivero | | Homepage: | http://www.codebug.org | | File Size: | 572736 | | Last Modified: | Jul 21 17:56:20 2008 |
| MD5 Checksum: | cd342087438c5a1b591b57870b770d41 |
|
| /// File Name: |
Software.Distribution.Malware.Infec..> |
Description:
|
This paper presents an efficient mechanism as well as the corresponding reference implementation for on-the-fly infecting of executable code with malicious software. Their algorithm deploys virus infection routines and network redirection attacks, without requiring the modification of the application itself. This allows infection of executables with an embedded signature when the signature is not automatically verified before execution. They briefly discuss countermeasures such as secure channels, code authentication as well as trusted virtualization that enables the isolation of untrusted downloads from other applications running in trusted domains or compartments.
| | Author: | Felix Groebert | | Homepage: | http://groebert.org/felix | | File Size: | 223713 | | Last Modified: | Jul 18 17:30:01 2008 |
| MD5 Checksum: | f0295501b1659600e2481f6a2cb082cb |
|
| /// File Name: |
HomeSecurityMethodologyVacationGuid..> |
Description:
|
This is the Home Security Methodology Vacation Guide, written to help secure your home before you go on holiday.
| | Homepage: | http://www.isecom.org/ | | File Size: | 1986916 | | Last Modified: | Jul 18 17:26:27 2008 |
| MD5 Checksum: | 346bf0939e1448e386c2e17f4862ea61 |
|
| /// File Name: |
draft-ietf-tsvwg-port-randomization..> |
Description:
|
This document describes a simple and efficient method for random selection of a client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead. The mechanisms described in this document are a local modification that may be incrementally deployed, and that does not violate the specifications of any of the transport protocols that may benefit from it, such as TCP, UDP, SCTP, DCCP, and RTP.
| | Author: | Michael Vittrup Larsen,Fernando Gont | | Homepage: | http://www.ietf.org/ | | File Size: | 43889 | | Last Modified: | Jul 16 20:13:04 2008 |
| MD5 Checksum: | 3169ae2876e24bcbe919b97c4fecdeb4 |
|
| /// File Name: |
securing_a_webserver.txt |
Description:
|
Whitepaper discussing a lockdown methodology for a Cent OS 5 server with Apache and Cpanel installed.
| | Author: | QKrun1x | | File Size: | 21682 | | Last Modified: | Jul 16 20:03:24 2008 |
| MD5 Checksum: | c48568dcf8bbd3abcdfa1033ce6b1f2c |
|
| /// File Name: |
ICI.TXT |
Description:
|
Whitepaper discussing security problems and solutions in wireless cafes. Lots of good general info on security, attacks, tools, encryption, etc.
| | Homepage: | http://www.rootshell.be/~ad/ | | File Size: | 154750 | | Last Modified: | Jul 9 17:40:58 2008 |
| MD5 Checksum: | 980651f5ff630c6a7b0fcd306147967d |
|
| /// File Name: |
browser_insecurity_iceberg_2008.pdf |
Description:
|
Understanding the Web browser threat: Examination of vulnerable online Web browser populations and the "insecurity iceberg".
| | Author: | Stefan Frei,Thomas Duebendorfer,Gunter Ollmann,Martin May | | File Size: | 265522 | | Last Modified: | Jul 1 12:37:48 2008 |
| MD5 Checksum: | af684f84277d52eb31988b9ac44515b2 |
|
| /// File Name: |
tempest.pdf |
Description:
|
The story regarding how the United States first learned about the fundamental security vulnerability called "compromising emanations" is revealed for the first time in this 1972 paper called TEMPEST: A Signal Problem.
| | Homepage: | http://www.nsa.gov/ | | File Size: | 284750 | | Last Modified: | Apr 29 21:06:17 2008 |
| MD5 Checksum: | 6930f3cfa80a029f63102875a3947dcc |
|
| /// File Name: |
ngreptut.txt |
Description:
|
Simple network grep (ngrep) tutorial that gives a basic overview of some use cases.
| | Author: | d3hydr8 | | Homepage: | http://www.darkc0de.com/ | | File Size: | 12537 | | Last Modified: | Dec 24 18:59:36 2007 |
| MD5 Checksum: | 094f7c35c7872b9e2ffe74ef2b0b9eda |
|
| /// File Name: |
draft-ietf-tsvwg-port-randomization..> |
Description:
|
This document describes a simple and efficient method for random selection of a client port number, such that the possibility of an attacker guessing the exact value is reduced. While this is not a replacement for cryptographic methods, the described port number randomization algorithms provide improved security/obfuscation with very little effort and without any key management overhead. The mechanisms described in this document are a local modification that may be incrementally deployed, and that does not violate the specifications of any of the transport protocols that may benefit from it, such as TCP, UDP, SCTP, DCCP, and RTP.
| | Author: | Michael Vittrup Larsen,Fernando Gont | | Homepage: | http://www.ietf.org/ | | File Size: | 38321 | | Last Modified: | Dec 7 19:38:08 2007 |
| MD5 Checksum: | a6d891234260fe58cfc46cda8aea2f7c |
|
| /// File Name: |
Inf_Pr_Ldap_Gar_Dumps.pdf |
Description:
|
The LDAP garbage dump that remains on web server results in information disclosure. Security of LDAP may be compromised, if for instance a search engine crawls through untamed directories on the web server and finds information through the ldap.xml file.
| | Author: | Aditya K Sood | | Homepage: | http://www.secniche.org/ | | File Size: | 436128 | | Last Modified: | Dec 4 00:27:02 2007 |
| MD5 Checksum: | 16a4b1bd047ad43f4255dac007b0a1f8 |
|
| /// File Name: |
reverseeng.pdf |
Description:
|
This paper aims to present a methodical framework for high-level reverse engineering. The methodology is a culmination of existing tools and techniques within the IT security research community, which presents ways to identify process operation at a higher-level of abstraction than traditional binary reversing.
| | Author: | Matthew Lewis | | Homepage: | http://www.irmplc.com/ | | File Size: | 1276878 | | Last Modified: | Oct 2 00:31:35 2007 |
| MD5 Checksum: | ad6255431165e52467be53fd14fa775b |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
