Section: .. / papers / general /
| /// File Name: |
linux_kernel_do_brk.pdf |
Description:
|
Whitepaper discussing the do_brk() bug found in the Linux kernel versions 2.4.22 and below.
| | Author: | Paul Starzetz | | Homepage: | http://isec.pl | | File Size: | 60395 | | Last Modified: | Dec 5 07:22:00 2003 |
| MD5 Checksum: | 15510d93f5459f12cff4614494ae9be9 |
|
| /// File Name: |
diebold-lists.tgz |
Description:
|
More Diebold Electronic Voting System Flaws - These mailing list archives contain information and discussion on flaws in the Diebold electronic voting machines. Diebold has been attempting to use the DMCA to suppress this knowledge, even though this sort of information exchange is essential to the proper functioning of a democracy.
| | File Size: | 11551681 | | Last Modified: | Nov 3 22:32:26 2003 |
| MD5 Checksum: | a4dc85ddb6ad4d8f8337dd887ac93d3b |
|
| /// File Name: |
vote.pdf |
Description:
|
Analysis of an Electronic Voting System - This paper describes several security flaws in Diebold electronic voting machines. Voters may be able to cast multiple ballots with little built in traceability, administrative functions can be performed by regular voters, and inside poll workers, software developers, and janitors can rig the vote. The smart card system is insecure and uses plaintext passwords. The code appears unaudited and there is no ability to do a paper recount.
| | Author: | Adam Stubblefield,Tadayoshi Kohno,Dan S. Wallach,Aviel D. Rubin | | File Size: | 244831 | | Last Modified: | Oct 31 14:21:22 2003 |
| MD5 Checksum: | 3b6981806063c69b646d789f3f009136 |
|
| /// File Name: |
juggle.txt |
Description:
|
Juggling with packets: floating data storage - White paper discussing the use of network traffic as a storage medium for data and how this could be utilized to not leave an audit trail.
| | Author: | Wojciech Purczynski,Michal Zalewski | | Homepage: | http://isec.pl/ | | File Size: | 18363 | | Last Modified: | Oct 6 15:25:23 2003 |
| MD5 Checksum: | 2994c468e5e7ed30279735e471c26c4e |
|
| /// File Name: |
heap_off_by_one.txt |
Description:
|
A short paper discussing exploitation of vulnerabilities consisting of a null byte written passed the end of a dynamically allocated buffer.
| | Author: | qitest1 | | Homepage: | http://bespin.org/~qitest1/ | | File Size: | 13050 | | Last Modified: | Jun 24 23:48:01 2003 |
| MD5 Checksum: | 34476d3f8b558ed26ed7286d96e42509 |
|
| /// File Name: |
bufferpaper.txt |
Description:
|
This paper goes into great detail describing how to utilize format string attacks with limited buffer space.
| | Author: | Xpl017Elz | | Homepage: | http://x82.inetcop.org | | File Size: | 16969 | | Last Modified: | Jun 11 02:32:02 2003 |
| MD5 Checksum: | c533bdbebb1fc4a96cf43dbff879cdc5 |
|
| /// File Name: |
cracking-basics.pdf |
Description:
|
Whitepaper discussing cracking basics.
| | Author: | Livewire | | File Size: | 200830 | | Last Modified: | May 5 13:33:01 2003 |
| MD5 Checksum: | c047480900a4fcaa4e6bf2a4629e2440 |
|
| /// File Name: |
mk.pdf |
Description:
|
Rights Amplification in Master-Keyed Mechanical Locks - This paper describes a relatively unknown procedure for obtaining a master key if given access to a tumbler based master keyed lock and any low level key in the system. No special skill or equipment beyond a small number of blank keys and a file is needed, and the attacker does not need to engage in any suspicious behavior at the locks location. Countermeasures are described with provide limited protection under certain circumstances.
| | Author: | Matt Blaze | | Homepage: | http://www.crypto.com | | File Size: | 4039567 | | Last Modified: | Jan 24 03:10:56 2003 |
| MD5 Checksum: | 203c6fc8532d603649f8a707002650ee |
|
| /// File Name: |
SecurityIPTelephonyNetworks.pdf |
Description:
|
IP Telephony based networks, which might be a core part of our Telephony infrastructure in the near future, introduce caveats and security concerns which traditional telephony based networks do not have to deal with, have long forgotten about, or have learned to cope with. The security risk is usually overshadowed by the technological hype and the way IP Telephony equipment manufacturers push the technology to the masses. This paper highlights the different security risk factors with IP Telephony based networks.
| | Author: | Ofir Arkin | | File Size: | 459385 | | Last Modified: | Nov 24 22:50:16 2002 |
| MD5 Checksum: | e013b1ffa4ad1861992a3a2038e98d7b |
|
| /// File Name: |
IISUnicodeExplained.doc |
Description:
|
This paper goes into detail on Unicode exploitation with how it works and how to actually perform attacks against IIS servers that are vulnerable to this bug.
| | Author: | Gary Brooks | | File Size: | 167936 | | Last Modified: | Nov 17 12:47:34 2002 |
| MD5 Checksum: | ab7336660866d82a2bb7998a13278186 |
|
| /// File Name: |
core_vulnerabilities.pdf |
Description:
|
Vulnerabilities in your code and Advanced Buffer Overflows - A paper by CoreSecurity that underlines some of the most common mistakes made by programmers, presented as ten examples. Paper shows the exact location of vulnerabilities in codes, providing detailed explanations and exploits for each one found.
| | Author: | gera | | Homepage: | http://www.core-sec.com/ | | File Size: | 522303 | | Last Modified: | Nov 17 01:50:53 2002 |
| MD5 Checksum: | 500b253d035fcffa897c6bfe277aed28 |
|
| /// File Name: |
openbsdacl.html |
Description:
|
OpenBSD Network ACLs for i386 - This paper discusses how to utilize a kernel patch to create local ACLs to restrict local users from using network services. It allows an administrator to deny network access for a user by restricting bind() and connect() to allowed accounts.
| | Author: | Andi | | Homepage: | http://segfault.net/~andi/openbsdacl/ | | File Size: | 2720 | | Last Modified: | Sep 24 00:00:04 2002 |
| MD5 Checksum: | ef934ad372b0f3fae157cfe3995a344c |
|
| /// File Name: |
AveOfAttack.pdf |
Description:
|
A New Avenue of Attack: Event-Driven System Vulnerabilities. This paper gives more technical details to security vulnerabilities in event-driven systems and relates it to Information Warfare.
| | Author: | Simos Xenitellis | | Homepage: | http://www.isg.rhul.ac.uk/~simos/event_demo/ | | File Size: | 51408 | | Last Modified: | Aug 11 19:06:53 2002 |
| MD5 Checksum: | f75606876872b209db3c27c173b8f830 |
|
| /// File Name: |
monitoring-Mar-25-2002.tar.gz |
Description:
|
Monitoring Network Traffic with Dsniff - This is a practical step by step guide showing how to use Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep, and others. It also provides a discussion of how and why we should monitor network traffic. Updated version, sgml format.
| | Author: | Patrick Duane Dunston | | File Size: | 27895 | | Last Modified: | Mar 27 12:45:09 2002 |
| MD5 Checksum: | a88382cebd4c76a5098472547a4353ac |
|
| /// File Name: |
SQLInjectionWhitePaper.pdf |
Description:
|
SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping illegal characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this paper is to educate the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection as well as make clear the correct mechanisms that should be put in place to protect against SQL injection, as well as input validations problems in general.
| | Author: | SPI Labs | | Homepage: | http://www.spidynamics.com | | File Size: | 816899 | | Last Modified: | Feb 2 03:20:35 2002 |
| MD5 Checksum: | e67624e3913f0dd2dea2ddbae0a5f3dd |
|
| /// File Name: |
hackingguide3.1.pdf |
Description:
|
A guide for breaking into computer networks from the Internet v3.1 - Includes host enumeration, scanners, custom tools, protocols, windows information, and much more. PDF format.
| | Author: | Roelof Temmingh | | Homepage: | http://www.sensepost.com | | File Size: | 1246523 | | Last Modified: | Oct 4 01:06:38 2001 |
| MD5 Checksum: | 184a6d6e97615dce942ead3a603062d0 |
|
| /// File Name: |
Altering_ARP_Tables_v_1.00.htm |
Description:
|
Altering ARP Tables v1.00 - This paper is dedicated to ARP tables and how to alter them remotely. Includes a couple of implementations of ARP poisoning in a bridge based segment and a couple of ways to protect yourself.
| | Author: | Data Wizard | | File Size: | 22573 | | Last Modified: | Sep 7 23:03:45 2001 |
| MD5 Checksum: | 2cddda46bc0102cac912313b0b33cd68 |
|
| /// File Name: |
dsniff_netmon.txt |
Description:
|
Network Monitoring with Dsniff - This is a practical step by step guide showing how to use Dsniff, MRTG, IP Flow Meter, Tcpdump, NTOP, and Ngrep, and others. It also provides a discussion of how and why we should monitor network traffic.
| | Author: | Duane Dunston | | Homepage: | http://www.linuxsecurity.com | | File Size: | 35792 | | Last Modified: | May 30 19:31:31 2001 |
| MD5 Checksum: | 7aef6c3ab9be70806f9c0895d74a0a5d |
|
| /// File Name: |
ssh_tunnels.txt |
Description:
|
Encrypted Tunnels using SSH and MindTerm - This paper will discuss using Secure Shell (SSH) and MindTerm to secure organizational communication across the Internet. Easy to setup and reliable software need to be used in order to allow the inexperienced users the ability to quickly establish secure communication channels.
| | Author: | Duane Dunston | | Homepage: | http://www.linuxsecurity.com | | File Size: | 34275 | | Last Modified: | May 30 19:25:25 2001 |
| MD5 Checksum: | c6f772e94054386472ab1a226d50571d |
|
| /// File Name: |
ccla5.zip |
Description:
|
Computer Crime Law Archive Volume 5 - Tutorial on state computer crime laws for South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, Washington, Wisconsin, West Virginia, and Wyoming.
| | Author: | Yavo Slavenski | | Homepage: | http://www.acst.org | | File Size: | 1090277 | | Last Modified: | Feb 11 21:56:13 2001 |
| MD5 Checksum: | 62ba619a718bde513314efc679d36221 |
|
| /// File Name: |
cgisec.txt |
Description:
|
PERL/CGI Hacking - What makes CGI scripts insecure and how to exploit them.
| | Author: | Tonec | | File Size: | 37250 | | Last Modified: | Jan 15 00:50:21 2001 |
| MD5 Checksum: | 5649ad7dce8adccef9699054adbc31c0 |
|
| /// File Name: |
Footprinting-faq-v0_1.txt |
Description:
|
Footprinting FAQ - How to remotely determine the network addresses of a company.
| | Author: | Tag | | Homepage: | http://liun.hektik.org | | File Size: | 9292 | | Last Modified: | Jan 8 20:03:42 2001 |
| MD5 Checksum: | 4799e7a486e8e33828020f8e4a3c0a40 |
|
| /// File Name: |
freebsd.org-report.txt |
Description:
|
How Freebsd.org was hacked - By combining insecurities in two CGI scripts, www.freebsd.org was taken over by Nohican and Frank Van Vliet.
| | Author: | Joost Pol aka Nohican,Karin | | File Size: | 8658 | | Last Modified: | Dec 16 22:07:56 2000 |
| MD5 Checksum: | abb904a3dc90dec5904922b683308e4e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
