Section: .. / papers / general /
| /// File Name: |
httpResponseSmuggle.txt |
Description:
|
Whitepaper entitled "HTTP Response Smuggling". It discusses evasion techniques to bypass anti-HTTP response splitting strategies.
| | Author: | Amit Klein | | File Size: | 23560 | | Last Modified: | Feb 25 17:15:15 2006 |
| MD5 Checksum: | 028a2ccfa04710b1e9b0329c14a9e4ee |
|
| /// File Name: |
InformationSecurity.pdf |
Description:
|
Whitepaper entitled "The Role of Modeling and Simulation in Information Security".
| | Author: | Mohammad Heidari | | File Size: | 414687 | | Last Modified: | Feb 9 00:02:52 2006 |
| MD5 Checksum: | 9a3b07d375e390281e4dc563bbebf6b8 |
|
| /// File Name: |
malware-trends.pdf |
Description:
|
What are the driving forces behind the rise of malware? Who is behind it, and what tactics do they use? How are vendors responding, and what should organizations, researchers, and end users keep in mind for the upcoming future? These and many other questions will be discussed in this article, combining security experience, business logic, a little bit of psychology, market trends, and personal chats with knowledgeable folks from the industry.
| | Author: | Dancho Danchev | | Homepage: | http://ddanchev.blogspot.com/ | | File Size: | 990531 | | Last Modified: | Jan 11 01:05:37 2006 |
| MD5 Checksum: | 3452a22642ccd435f41d3b4b964fec30 |
|
| /// File Name: |
wmf-faq.txt |
Description:
|
A brief faq regarding the recent Microsoft Windows WMF vulnerability.
| | Author: | H D Moore | | File Size: | 3905 | | Last Modified: | Jan 8 00:13:49 2006 |
| MD5 Checksum: | c4aa0fb7f467b7586999221784a46bb7 |
|
| /// File Name: |
UBehavior.zip |
Description:
|
Whitepaper discussing the exploitation of uninitialized data.
| | Author: | mercy | | Homepage: | http://www.felinemenace.org/ | | File Size: | 372833 | | Last Modified: | Jan 4 00:17:44 2006 |
| MD5 Checksum: | d247ac8afbe9033ebea4e8d93a16806b |
|
| /// File Name: |
wiretap.pdf |
Description:
|
Signaling Vulnerabilities In Wiretapping Systems. This white paper discusses vulnerabilities and countermeasures that exist within commonly used wiretapping systems by the government.
| | Author: | Micah Sherr,Eric Cronin,Sandy Clark,Matt Blaze | | Homepage: | http://www.crypto.com/papers/wiretapping/ | | File Size: | 464443 | | Last Modified: | Dec 10 16:37:51 2005 |
| MD5 Checksum: | 60ff9fa476112db51624c46807aa29b8 |
|
| /// File Name: |
perl-format-string.txt |
Description:
|
Format String Vulnerabilities in Perl Programs - Whitepaper discussing all the attack and impact details of recent discussions surrounding format string exploitation in perl. Provides further insight on how these flaws can be manipulated and has examples.
| | Author: | Steven M. Christey | | File Size: | 25936 | | Last Modified: | Dec 3 01:06:52 2005 |
| MD5 Checksum: | ff51ff0694b291ce947b9effb9227978 |
|
| /// File Name: |
BlockingSkype-rootn0de2005.pdf |
Description:
|
Whitepaper called Blocking Skype Using Squid And OpenBSD.
| | Author: | vi_cipher | | File Size: | 18212 | | Last Modified: | Nov 15 06:01:59 2005 |
| MD5 Checksum: | 909e63b1e1ea395ba89d9de7898c392f |
|
| /// File Name: |
neural_networks.txt |
Description:
|
NEURAL NETWORKS and their applicability in security field - Neural networks are widely used for prediction, pattern recognition, and classification. Voice or handwriting recognition problems are very hard to solve using standard programs and algorithms. This paper discusses the applicability of neural networks in security applications.
| | Author: | haker haker | | File Size: | 6384 | | Last Modified: | Oct 25 20:32:23 2005 |
| MD5 Checksum: | 439ec7f50261d19bfc0c477a4b4d0e12 |
|
| /// File Name: |
ewdd.pdf |
Description:
|
Exploiting Windows Device Drivers - this paper introduces device driver exploitation techniques, provides detailed descriptions of techniques used and includes full exploit code with sample vulnerable driver code for testing purposes.
| | Author: | Piotr Bania | | Homepage: | http://pb.specialised.info/ | | File Size: | 232971 | | Last Modified: | Oct 18 19:40:44 2005 |
| MD5 Checksum: | c5eaa08dfb7ca0000e1705388a72e1a3 |
|
| /// File Name: |
WASC-TC-v1_0.txt |
Description:
|
Whitepaper detailing the Threat Classification system for the Web Application Security Consortium. The Web Security Threat Classification is a cooperative effort to clarify and organize the threats to the security of a web site. The members of the Web Application Security Consortium have created this project to develop and promote industry standard terminology for describing these issues. Application developers, security professionals, software vendors, and compliance auditors will have the ability to access a consistent language for web security related issues.
| | Homepage: | http://www.webappsec.org | | File Size: | 118904 | | Last Modified: | Oct 7 00:18:31 2005 |
| MD5 Checksum: | 71a846da8ad5c8d4f051c2340114b530 |
|
| /// File Name: |
Security_Breach_Survey.pdf |
Description:
|
White and Case, a top NYC law firm, posted a survey on Data Security Breach Notifications on September 26, 2005. From the press release: "Victims of personal data security breaches are showing their displeasure by terminating relationships with the companies that maintained their data, according to a new national survey sponsored by global law firm White & Case. The independent survey of nearly 10,000 adults, conducted by the respected privacy research organization Ponemon Institute, reveals that nearly 20 percent of respondents say they have terminated a relationship with a company after being notified of a security breach."
| | Author: | Ponemon Institute | | Homepage: | http://www.whitecase.com/news/news_detail.aspx?newsid=11731&type=News%20Releases | | File Size: | 330889 | | Last Modified: | Oct 4 00:14:13 2005 |
| MD5 Checksum: | 57fc4866bcbc56b61a9f66cfed7993e4 |
|
| /// File Name: |
FiTechSummit_final_paper.pdf |
Description:
|
This presentation was given by the keynote speaker at the FiTech Summit 2005. It is entitled "How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk".
| | Author: | Kenneth F. Belva | | Homepage: | http://www.ftusecurity.com | | File Size: | 436192 | | Last Modified: | Sep 26 01:04:13 2005 |
| MD5 Checksum: | 5131f07bb7a4df687b2eb4106ce4c174 |
|
| /// File Name: |
security-policy.pdf |
Description:
|
This paper outlines the strategies and managing of the processes behind implementing a successful Security Policy. Additionally, it gives recommendations for the creation of a Security Awareness Program, where the main objective would be to provide a staff with a better understanding of the issues stated in a security policy.
| | Author: | Dancho Danchev | | Homepage: | http://www.windowsecurity.com/ | | File Size: | 556798 | | Last Modified: | Sep 20 02:38:36 2005 |
| MD5 Checksum: | b57d540352ef547932a99d43e16c848d |
|
| /// File Name: |
050819-securing-mac-os-x-tiger.pdf |
Description:
|
Corsaire (www.corsaire.com/white-papers/) has released a fully updated version of their guide to securing Mac OS X to cover the new security features offered by Mac OS X 10.4 Tiger (such as ACLs) as well as incorporating additional security guidelines that were omitted in the original (10.3) guide.
| | Author: | Stephen de Vries | | Homepage: | http://www.corsaire.com/white-papers/ | | File Size: | 751834 | | Last Modified: | Aug 26 00:55:07 2005 |
| MD5 Checksum: | 021cca9d23a8be3656a5f08e6bc300ec |
|
| /// File Name: |
OSFingerPrint.pdf |
Description:
|
Chatter on the Wire: A look at excessive network traffic and what it can mean to network security. This paper takes a look at past Active and Passive OS Fingerprinting tools and where to go with them in the future. It is primarily geared towards how to use passive OS identification to its greatest potential using every packet that flows across the network, not just tcp packets.
| | Author: | Eric Kollman aka xnih | | Homepage: | http://myweb.cableone.net/xnih | | File Size: | 271704 | | Last Modified: | Aug 9 04:57:09 2005 |
| MD5 Checksum: | 828d73dffef771e060631997bc7e87a4 |
|
| /// File Name: |
NTLMhttp.txt |
Description:
|
Interesting write up regarding the faulty logic of using NTLM HTTP authentication and how it does not mix well with HTTP proxies.
| | Author: | Amit Klein | | File Size: | 12286 | | Last Modified: | Jul 19 10:43:40 2005 |
| MD5 Checksum: | 0da67587751762cebd0c64d797eaf2ef |
|
| /// File Name: |
kernel-3.tbz |
Description:
|
Project Freedocs Volume 1 - A collection of tutorials regarding kernel programming.
| | Author: | Bugghy,Bugghy | | Homepage: | http://rootshell.be/~vaidab | | Changes: | Added more kernel related tutorials and tools. | | File Size: | 7595495 | | Last Modified: | May 22 14:47:08 2005 |
| MD5 Checksum: | 1b1f4c52eddd173f17806a73e96b2035 |
|
| /// File Name: |
blackmagic.txt |
Description:
|
Practical guide to advanced network attack and reconnaissance techniques using Python. Includes topics such as firewalking, port scanning, ARP poisoning, and DNS poisoning.
| | Author: | detach | | Homepage: | http://hackaholic.org/ | | File Size: | 35177 | | Last Modified: | Mar 29 00:14:10 2005 |
| MD5 Checksum: | 97334b9d53d7c7dff332a3214a16bd86 |
|
| /// File Name: |
WebApp_HTTPMod.pdf |
Description:
|
Web Application Defense At The Gates - Leveraging IHttpModule. Whitepaper describing how the IHttpModule that comes with the .Net framework can be used to man-in-the-middle HTTP transactions in order to help filter against input validation attacks.
| | Author: | Shreeraj Shah | | Homepage: | http://www.net-square.com/ | | File Size: | 199513 | | Last Modified: | Mar 25 00:04:18 2005 |
| MD5 Checksum: | 4b2e7e176a2fc54e80924b01621117e7 |
|
| /// File Name: |
NISR-AntiBruteForce.pdf |
Description:
|
Authentication processes in web-based applications are frequently vulnerable to automated brute force guessing attacks. Whilst commonly proposed solutions make use of escalating time delays and minimum lockout threshold strategies, these tend to prove ineffectual in real attacks and may actually promote additional attack vectors. Resource metering through client-side computationally intensive "electronic payments" can provide an alternative strategy in defending against brute force guessing attacks. This whitepaper discusses how such a solution works and the security advantages it can bring.
| | Author: | Gunter Ollmann | | Homepage: | http://www.nextgenss.com/ | | File Size: | 489812 | | Last Modified: | Mar 22 10:46:18 2005 |
| MD5 Checksum: | 0b4494791f61ecd4804eee34f97360b8 |
|
| /// File Name: |
botnet.tgz |
Description:
|
KYE: Tracking Bots. A whitepaper produced by the German Honeynet Project that looks at the individuals and organization that run botnets.
| | Homepage: | http://www.honeynet.org/ | | File Size: | 50375 | | Last Modified: | Mar 17 02:22:27 2005 |
| MD5 Checksum: | 00408e62b61746075b189692d8332ac7 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
