Section: .. / papers / general /
| /// File Name: |
server_security.txt |
Description:
|
Whitepaper discussing a lockdown methodology for a Cent OS 5 server with Apache installed.
| | Author: | QKrun1x | | File Size: | 21584 | | Last Modified: | Oct 30 19:49:06 2008 |
| MD5 Checksum: | dcb47cf92dc9edbc577e62c87ea5a8c7 |
|
| /// File Name: |
sock-raw.txt |
Description:
|
This paper's purpose is to explain the often misunderstood nature of raw sockets. The driving force of writing this text was the curiosity of the author to learn the ins and outs of this powerful socket type also known as SOCK_RAW. What is going to be discussed here will *not* be another tutorial on how to hand-craft one's own packets. This topic has been overly discussed many times and one can find quite a few references on the net about it (mixter etc). What is going to be discussed here is what raw sockets do behind the scenes.
| | Author: | ithilgore | | Homepage: | http://sock-raw.homeunix.org/ | | File Size: | 64613 | | Last Modified: | Dec 8 23:23:59 2008 |
| MD5 Checksum: | 733a08d7be73f0242f7fa4c92660f9e5 |
|
| /// File Name: |
Software.Distribution.Malware.Infec..> |
Description:
|
This paper presents an efficient mechanism as well as the corresponding reference implementation for on-the-fly infecting of executable code with malicious software. Their algorithm deploys virus infection routines and network redirection attacks, without requiring the modification of the application itself. This allows infection of executables with an embedded signature when the signature is not automatically verified before execution. They briefly discuss countermeasures such as secure channels, code authentication as well as trusted virtualization that enables the isolation of untrusted downloads from other applications running in trusted domains or compartments.
| | Author: | Felix Groebert | | Homepage: | http://groebert.org/felix | | File Size: | 223713 | | Last Modified: | Jul 18 17:30:01 2008 |
| MD5 Checksum: | f0295501b1659600e2481f6a2cb082cb |
|
| /// File Name: |
SQLInjectionWhitePaper.pdf |
Description:
|
SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping illegal characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this paper is to educate the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection as well as make clear the correct mechanisms that should be put in place to protect against SQL injection, as well as input validations problems in general.
| | Author: | SPI Labs | | Homepage: | http://www.spidynamics.com | | File Size: | 816899 | | Last Modified: | Feb 2 03:20:35 2002 |
| MD5 Checksum: | e67624e3913f0dd2dea2ddbae0a5f3dd |
|
| /// File Name: |
ssh_tunnels.txt |
Description:
|
Encrypted Tunnels using SSH and MindTerm - This paper will discuss using Secure Shell (SSH) and MindTerm to secure organizational communication across the Internet. Easy to setup and reliable software need to be used in order to allow the inexperienced users the ability to quickly establish secure communication channels.
| | Author: | Duane Dunston | | Homepage: | http://www.linuxsecurity.com | | File Size: | 34275 | | Last Modified: | May 30 19:25:25 2001 |
| MD5 Checksum: | c6f772e94054386472ab1a226d50571d |
|
| /// File Name: |
stakkato.pdf |
Description:
|
Paper discussing the Stakkato intrusions which ultimately resulted in the theft of IOS source code released by one of the affected sites detailing how they caught stakkato.
| | Author: | Micheal Turner | | Homepage: | http://www.nsc.liu.se/~nixon/stakkato.pdf | | File Size: | 163111 | | Last Modified: | May 25 21:30:34 2006 |
| MD5 Checksum: | 3a6f5bc541aea4bfd352fdd6d8431aeb |
|
| /// File Name: |
sthuy_article_openvpn_29940810.B.zi..> |
Description:
|
This whitepaper discusses OpenVPN as a free, secure, and easy to use and configure SSL-Based VPN solution. It offers various scenarios of use.
| | Author: | Stijn Huyghe | | File Size: | 1646498 | | Last Modified: | Aug 13 11:10:26 2004 |
| MD5 Checksum: | bd0687e11edb3c819cbc5613c99044bc |
|
| /// File Name: |
SyscalltableAMD64EN.txt |
Description:
|
Whitepaper titled "How to get sys_call_table on amd64 under Linux".
| | Author: | pouik | | File Size: | 9327 | | Last Modified: | Oct 18 19:35:23 2006 |
| MD5 Checksum: | cb8bcc65f01e76177ffea9b98ef6102c |
|
| /// File Name: |
tempest.pdf |
Description:
|
The story regarding how the United States first learned about the fundamental security vulnerability called "compromising emanations" is revealed for the first time in this 1972 paper called TEMPEST: A Signal Problem.
| | Homepage: | http://www.nsa.gov/ | | File Size: | 284750 | | Last Modified: | Apr 29 21:06:17 2008 |
| MD5 Checksum: | 6930f3cfa80a029f63102875a3947dcc |
|
| /// File Name: |
timesync.html |
Description:
|
White paper discussing the fact that many modern networks are extremely dependant on a centralized time resource and the negative aspects of a network not having one.
| | Author: | 3APA3A | | Homepage: | http://www.security.nnov.ru/advisories/timesync.asp | | File Size: | 22180 | | Last Modified: | Aug 20 03:54:26 2004 |
| MD5 Checksum: | b4fcd8bce74ebb05e8db85ae5c200d7c |
|
| /// File Name: |
tools.ps |
Description:
|
Automated Tools for Testing Computer System Vulnerability: Discusses some of the automated tools for checking the security of a wide variety of systems
| | File Size: | 309577 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 5375d8a3754042a2e917bff30f5c3cdf |
|
| /// File Name: |
TopologyDOS.pdf |
Description:
|
This paper re-examines the denial-of-service issue. It looks at the techniques used to accomplish denial of service including process recovery, resource destruction (crash), and resource overload. Looking at how DOS functions allows for the design of other DOS attacks aimed at the processes used by the operating system, the network protocols and the users.
| | Author: | Coretez Giovanni | | Homepage: | http://www.8thport.com | | File Size: | 74536 | | Last Modified: | Jul 12 14:42:31 2000 |
| MD5 Checksum: | 690a78612efc13f42762b3aaa8fca700 |
|
| /// File Name: |
transparency.txt |
Description:
|
This paper discusses full disclosure, the necessity of legitimate network scanning, and the results of criminalizing security research and information. Overreactions to harmless activities not crossing legal boundaries are leading to a scenario where anyone acquiring basic information about a system needs to be afraid about potential consequences.
| | Author: | Mixter | | Homepage: | http://mixter.warrior2k.com | | File Size: | 10257 | | Last Modified: | Nov 13 16:29:15 2000 |
| MD5 Checksum: | 6392ac2ef70447827974be8b88605ec2 |
|
| /// File Name: |
UBehavior.zip |
Description:
|
Whitepaper discussing the exploitation of uninitialized data.
| | Author: | mercy | | Homepage: | http://www.felinemenace.org/ | | File Size: | 372833 | | Last Modified: | Jan 4 00:17:44 2006 |
| MD5 Checksum: | d247ac8afbe9033ebea4e8d93a16806b |
|
| /// File Name: |
vdwgreport.pdf |
Description:
|
The US Department of Homeland Security's "Vulnerability Disclosure Framework" document.
| | Homepage: | http://www.dhs.gov/ | | File Size: | 307070 | | Last Modified: | Jan 13 17:07:56 2007 |
| MD5 Checksum: | 6bdc9752e2b650847982d521426669e4 |
|
| /// File Name: |
virtualmachines.txt |
Description:
|
Paper discussing various ways of detecting virtual machines regardless of the OS used.
| | Author: | Bipin Gautam | | File Size: | 4678 | | Last Modified: | Oct 27 15:33:01 2006 |
| MD5 Checksum: | 21cbc35e13a2ab126eacb9eee82dd46d |
|
| /// File Name: |
VNSECON07-JA-Exploit_development.pd..> |
Description:
|
Whitepaper discussing how to speed up the exploit development process as presented at VNSECON07.
| | Author: | Jerome Athias | | File Size: | 1698766 | | Last Modified: | Aug 9 22:22:28 2007 |
| MD5 Checksum: | 06a895e8ac593460d4bfdf6ec7692a60 |
|
| /// File Name: |
vote.pdf |
Description:
|
Analysis of an Electronic Voting System - This paper describes several security flaws in Diebold electronic voting machines. Voters may be able to cast multiple ballots with little built in traceability, administrative functions can be performed by regular voters, and inside poll workers, software developers, and janitors can rig the vote. The smart card system is insecure and uses plaintext passwords. The code appears unaudited and there is no ability to do a paper recount.
| | Author: | Adam Stubblefield,Tadayoshi Kohno,Dan S. Wallach,Aviel D. Rubin | | File Size: | 244831 | | Last Modified: | Oct 31 14:21:22 2003 |
| MD5 Checksum: | 3b6981806063c69b646d789f3f009136 |
|
| /// File Name: |
votehack.txt |
Description:
|
Article about evidence mounting that the vote was hacked. The FBI has been called in to Florida.
| | Author: | Thom Hartmann | | Homepage: | http://CommonDreams.org | | File Size: | 14240 | | Last Modified: | Nov 10 01:49:51 2004 |
| MD5 Checksum: | 2c398b6336f2e2e0d98f62a2048297f1 |
|
| /// File Name: |
VT-belva-dekay-final.pdf |
Description:
|
Whitepaper titled "Creating Business Through Virtual Trust: How to Gain and Sustain a Competitive Advantage Using Information Security".
| | Author: | Kenneth F. Belva,Sam H. Dekay | | Homepage: | http://www.ftusecurity.com/ | | File Size: | 187709 | | Last Modified: | Aug 28 23:09:56 2006 |
| MD5 Checksum: | 7f6b399cf8ffbbe96ca5477648dc7c60 |
|
| /// File Name: |
vuln-trends.txt |
Description:
|
The primary goal of this whitepaper is to provide analysis that studies research trends using publicly reported vulnerabilities.
| | Author: | Steven M. Christey | | Homepage: | http://cwe.mitre.org/ | | File Size: | 77213 | | Last Modified: | Oct 8 23:02:12 2006 |
| MD5 Checksum: | 72c0a21ea7ec0241752f95032c5650bf |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
