Section: .. / papers / general /
| /// File Name: |
ewdd.pdf |
Description:
|
Exploiting Windows Device Drivers - this paper introduces device driver exploitation techniques, provides detailed descriptions of techniques used and includes full exploit code with sample vulnerable driver code for testing purposes.
| | Author: | Piotr Bania | | Homepage: | http://pb.specialised.info/ | | File Size: | 232971 | | Last Modified: | Oct 18 19:40:44 2005 |
| MD5 Checksum: | c5eaa08dfb7ca0000e1705388a72e1a3 |
|
| /// File Name: |
Software.Distribution.Malware.Infec..> |
Description:
|
This paper presents an efficient mechanism as well as the corresponding reference implementation for on-the-fly infecting of executable code with malicious software. Their algorithm deploys virus infection routines and network redirection attacks, without requiring the modification of the application itself. This allows infection of executables with an embedded signature when the signature is not automatically verified before execution. They briefly discuss countermeasures such as secure channels, code authentication as well as trusted virtualization that enables the isolation of untrusted downloads from other applications running in trusted domains or compartments.
| | Author: | Felix Groebert | | Homepage: | http://groebert.org/felix | | File Size: | 223713 | | Last Modified: | Jul 18 17:30:01 2008 |
| MD5 Checksum: | f0295501b1659600e2481f6a2cb082cb |
|
| /// File Name: |
RogueXMLSpecific.pdf |
Description:
|
Whitepaper entitled Rogue XML Specifications. It discusses insecurities that relate to XML schema.
| | Author: | Aditya Sood | | Homepage: | http://zeroknock.metaeye.org/ | | File Size: | 222734 | | Last Modified: | Feb 27 19:38:50 2007 |
| MD5 Checksum: | f09a65b98a3e2e12185cf646d3e793ae |
|
| /// File Name: |
cracking-basics.pdf |
Description:
|
Whitepaper discussing cracking basics.
| | Author: | Livewire | | File Size: | 200830 | | Last Modified: | May 5 13:33:01 2003 |
| MD5 Checksum: | c047480900a4fcaa4e6bf2a4629e2440 |
|
| /// File Name: |
WebApp_HTTPMod.pdf |
Description:
|
Web Application Defense At The Gates - Leveraging IHttpModule. Whitepaper describing how the IHttpModule that comes with the .Net framework can be used to man-in-the-middle HTTP transactions in order to help filter against input validation attacks.
| | Author: | Shreeraj Shah | | Homepage: | http://www.net-square.com/ | | File Size: | 199513 | | Last Modified: | Mar 25 00:04:18 2005 |
| MD5 Checksum: | 4b2e7e176a2fc54e80924b01621117e7 |
|
| /// File Name: |
netcash2.ps |
Description:
|
NetCash: A Design for Practical Electronic Currency on the Internet: A framework for electronic currency for the Internet that provides a real-time electronic payment system
| | File Size: | 197412 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | b4ca5073105cc5c662f6ae7c979c6a7b |
|
| /// File Name: |
webhack.pdf |
Description:
|
Whitepaper discussing simple web hacking techniques.
| | Author: | Nikolaos Rangos | | File Size: | 193580 | | Last Modified: | Jul 28 11:18:01 2008 |
| MD5 Checksum: | 4d69db9891c1fa3cd11b93d5e1c50d34 |
|
| /// File Name: |
VT-belva-dekay-final.pdf |
Description:
|
Whitepaper titled "Creating Business Through Virtual Trust: How to Gain and Sustain a Competitive Advantage Using Information Security".
| | Author: | Kenneth F. Belva,Sam H. Dekay | | Homepage: | http://www.ftusecurity.com/ | | File Size: | 187709 | | Last Modified: | Aug 28 23:09:56 2006 |
| MD5 Checksum: | 7f6b399cf8ffbbe96ca5477648dc7c60 |
|
| /// File Name: |
dragons.ps |
Description:
|
There Be Dragons: A description of the wide variety of attacks attempted on the AT&T Internet firewall
| | File Size: | 185040 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 8371b4bd6f034127760bcbf6aeb3f12a |
|
| /// File Name: |
WebApp_Footprints_Disco.pdf |
Description:
|
White paper discussing web application footprints and discovery methodology for web servers hosting multiple web applications.
| | Author: | Shreeraj Shah | | Homepage: | http://www.net-square.com/ | | File Size: | 176061 | | Last Modified: | Feb 22 22:08:59 2005 |
| MD5 Checksum: | 82336e368c3d8dab95146586a8ffda39 |
|
| /// File Name: |
wasc_wass_2007.pdf |
Description:
|
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. The overall statistics includes analysis results of 32,717 sites and 69,476 vulnerabilities of different degrees of severity.
| | Homepage: | http://www.webappsec.org/ | | File Size: | 173892 | | Last Modified: | Sep 8 18:38:56 2008 |
| MD5 Checksum: | 86567ab3f61b08ab7690e05b87500656 |
|
| /// File Name: |
IISUnicodeExplained.doc |
Description:
|
This paper goes into detail on Unicode exploitation with how it works and how to actually perform attacks against IIS servers that are vulnerable to this bug.
| | Author: | Gary Brooks | | File Size: | 167936 | | Last Modified: | Nov 17 12:47:34 2002 |
| MD5 Checksum: | ab7336660866d82a2bb7998a13278186 |
|
| /// File Name: |
xenfb-adventures-10.pdf |
Description:
|
Whitepaper entitled Adventures with a certain Xen vulnerability (in the PVFB backend).
| | Author: | Rafal Wojtczuk | | File Size: | 167544 | | Related CVE(s): | CVE-2008-1943 | | Last Modified: | Oct 15 20:14:18 2008 |
| MD5 Checksum: | d001b568f3f249e6ebedb390b57fe7dc |
|
| /// File Name: |
draft-gont-opsec-ip-security-01.txt |
Description:
|
This is the IETF Internet-Draft entitled "Security Assessment of the Internet Protocol version 4", which is heavily based on the "Security Assessment of the Internet Protocol".
| | Author: | Fernando Gont | | Homepage: | http://www.ietf.org/ | | File Size: | 166263 | | Last Modified: | Sep 2 23:30:05 2008 |
| MD5 Checksum: | 8df28368bfb0390ab4b35fd2f97b23a2 |
|
| /// File Name: |
HS-P005_ReflectiveDllInjection.pdf |
Description:
|
Whitepaper on reflective DLL injection. Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) loader.
| | Author: | Stephen Fewer | | Homepage: | http://www.harmonysecurity.com/ | | File Size: | 165921 | | Last Modified: | Oct 31 14:53:30 2008 |
| MD5 Checksum: | 9dcfe4b1a13f2b6430c44bf6ea224287 |
|
| /// File Name: |
ENG_in_a_nutshell.pdf |
Description:
|
Exploit Creation - The Random Approach. A paper about using Encore Next Generation techniques to create exploits.
| | Author: | Nelson Brito | | File Size: | 165713 | | Last Modified: | Oct 6 22:24:31 2008 |
| MD5 Checksum: | dd9d916dd9cd088ebacdbac525cd7a78 |
|
| /// File Name: |
stakkato.pdf |
Description:
|
Paper discussing the Stakkato intrusions which ultimately resulted in the theft of IOS source code released by one of the affected sites detailing how they caught stakkato.
| | Author: | Micheal Turner | | Homepage: | http://www.nsc.liu.se/~nixon/stakkato.pdf | | File Size: | 163111 | | Last Modified: | May 25 21:30:34 2006 |
| MD5 Checksum: | 3a6f5bc541aea4bfd352fdd6d8431aeb |
|
| /// File Name: |
certresp.ps |
Description:
|
Computer Emergency Response - An International Problem: A call for international cooperation between computer emergency response teams, and suggested methods for achieving it
| | File Size: | 160110 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 4fb655583be744d965875773c852aafb |
|
| /// File Name: |
pbaa.ps |
Description:
|
Proxy-Based Authorization and Accounting for Distributed Systems: A method to support both authorization and accounting in a distributed environment
| | File Size: | 157835 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | d686f2e6bec01eb6f2b4befc8714f272 |
|
| /// File Name: |
ICI.TXT |
Description:
|
Whitepaper discussing security problems and solutions in wireless cafes. Lots of good general info on security, attacks, tools, encryption, etc.
| | Homepage: | http://www.rootshell.be/~ad/ | | File Size: | 154750 | | Last Modified: | Jul 9 17:40:58 2008 |
| MD5 Checksum: | 980651f5ff630c6a7b0fcd306147967d |
|
| /// File Name: |
digital.voodoo.zip |
Description:
|
PSS gets "texts for newbies" by the bucketload. However, this is quite different. It has the "newbie hacking basics" presented in a tasteful and useful manner. Later, it goes into "novice/intermediate" tactics that many as piring (though not yet leet) hackers will find usefull. And finally, in sections such as Firewall Penetration experienced hackers will find valuable theroritical and practical tactics and techniques. All in all, Digital Voodoo is a great reference and resource for hacker and security specialist alike.
| | Author: | Kurruppt2k | | File Size: | 151747 | | Last Modified: | Nov 19 13:29:55 1999 |
| MD5 Checksum: | a9c5600f3200d9fca11d33ee4c748b2e |
|
| /// File Name: |
domain-traversal.pdf |
Description:
|
Whitepaper entitled Using Parent Domain Traversal In Drive By Attacks.
| | Author: | hkm | | File Size: | 149814 | | Last Modified: | Nov 9 16:10:56 2008 |
| MD5 Checksum: | 152aadbe147f9533b4ea621f6cafb24e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
