Section: .. / papers / general /
| /// File Name: |
clickjack-xss.txt |
Description:
|
The Clickjacking Meets XSS: A State Of Art.
| | Author: | Nex | | Homepage: | http://nex.playhack.net/ | | File Size: | 10491 | | Last Modified: | Dec 30 22:20:55 2008 |
| MD5 Checksum: | d40636989e456c08265bc391ca205dc4 |
|
| /// File Name: |
w3af-userguide.pdf |
Description:
|
w3af User Guide written in French.
| | Author: | Jerome Athias | | File Size: | 250940 | | Last Modified: | Dec 30 22:18:31 2008 |
| MD5 Checksum: | dfe4690bfae4bf0ab6253a92eca705d4 |
|
| /// File Name: |
password-gank.txt |
Description:
|
Brief login form password theft tutorial showing how to backdoor php code once access has been gained to a system in order to not have to crack hashes.
| | Author: | Rohit Bansal | | File Size: | 2574 | | Last Modified: | Dec 30 18:10:00 2008 |
| MD5 Checksum: | eb46ace10360dce7dd99941e63b26719 |
|
| /// File Name: |
igujv-guide.txt |
Description:
|
IGUJV - The Infection Guide Using Java/VbScript.
| | Author: | AnalyseR | | File Size: | 8500 | | Last Modified: | Dec 12 18:17:36 2008 |
| MD5 Checksum: | 5325bfd16a20d8177e616a137beb4bf4 |
|
| /// File Name: |
mime-dos.txt |
Description:
|
Write up discussing denial of service attacks on MIME-capable software via complex MIME emails.
| | Author: | Bernhard Brehm | | Homepage: | http://www.recurity-labs.com/ | | File Size: | 8340 | | Last Modified: | Dec 9 02:02:16 2008 |
| MD5 Checksum: | 8f2e0fba5de9b636f9e96f7393b1eac8 |
|
| /// File Name: |
bash-history.txt |
Description:
|
Hacking Bash History discusses about why the history mechanism of bash cannot be used as a monitoring/logging facility even with the strictest measures applied to secure it. A section of the text is dedicated to hacking the bash source code to interface it with syslog.
| | Author: | ithilgore | | Homepage: | http://sock-raw.homeunix.org/ | | File Size: | 12765 | | Last Modified: | Dec 8 23:31:00 2008 |
| MD5 Checksum: | 8e0335cc29bb88eaeb3fa45c767071f3 |
|
| /// File Name: |
locating-firewalls.txt |
Description:
|
Locating Stateless Firewalls focuses on methods to discern between stateful and stateless firewalls. It discusses about how stateless firewalls can be further exploited due to possible misconfigurations and the result of RFC ambiguities.
| | Author: | ithilgore | | Homepage: | http://sock-raw.homeunix.org/ | | File Size: | 24736 | | Last Modified: | Dec 8 23:28:11 2008 |
| MD5 Checksum: | ca1bfcdeca6c4e712760e4c6c7735449 |
|
| /// File Name: |
sock-raw.txt |
Description:
|
This paper's purpose is to explain the often misunderstood nature of raw sockets. The driving force of writing this text was the curiosity of the author to learn the ins and outs of this powerful socket type also known as SOCK_RAW. What is going to be discussed here will *not* be another tutorial on how to hand-craft one's own packets. This topic has been overly discussed many times and one can find quite a few references on the net about it (mixter etc). What is going to be discussed here is what raw sockets do behind the scenes.
| | Author: | ithilgore | | Homepage: | http://sock-raw.homeunix.org/ | | File Size: | 64613 | | Last Modified: | Dec 8 23:23:59 2008 |
| MD5 Checksum: | 733a08d7be73f0242f7fa4c92660f9e5 |
|
| /// File Name: |
exploration.pdf |
Description:
|
Whitepaper entitled Exploration In The Cross Territory, a follow up paper to the Cross Site Scripting - Attack and Defense Guide.
| | Author: | Xylitol | | Homepage: | http://xylitol.free.fr/ | | File Size: | 4920754 | | Last Modified: | Nov 11 21:09:53 2008 |
| MD5 Checksum: | 2ad3142ce0b9f02072eabf88d662ab3f |
|
| /// File Name: |
domain-traversal.pdf |
Description:
|
Whitepaper entitled Using Parent Domain Traversal In Drive By Attacks.
| | Author: | hkm | | File Size: | 149814 | | Last Modified: | Nov 9 16:10:56 2008 |
| MD5 Checksum: | 152aadbe147f9533b4ea621f6cafb24e |
|
| /// File Name: |
banking-flaws.pdf |
Description:
|
Whitepaper entitled Internet Banking Flaws In India.
| | Author: | webDEViL | | File Size: | 312348 | | Last Modified: | Nov 4 00:46:42 2008 |
| MD5 Checksum: | 4f9d8bbb8f81dae1a06b4b258f70a18e |
|
| /// File Name: |
HS-P005_ReflectiveDllInjection.pdf |
Description:
|
Whitepaper on reflective DLL injection. Reflective DLL injection is a library injection technique in which the concept of reflective programming is employed to perform the loading of a library from memory into a host process. As such the library is responsible for loading itself by implementing a minimal Portable Executable (PE) loader.
| | Author: | Stephen Fewer | | Homepage: | http://www.harmonysecurity.com/ | | File Size: | 165921 | | Last Modified: | Oct 31 14:53:30 2008 |
| MD5 Checksum: | 9dcfe4b1a13f2b6430c44bf6ea224287 |
|
| /// File Name: |
server_security.txt |
Description:
|
Whitepaper discussing a lockdown methodology for a Cent OS 5 server with Apache installed.
| | Author: | QKrun1x | | File Size: | 21584 | | Last Modified: | Oct 30 19:49:06 2008 |
| MD5 Checksum: | dcb47cf92dc9edbc577e62c87ea5a8c7 |
|
| /// File Name: |
appOSfingerprint.txt |
Description:
|
Whitepaper entitled Advanced application-level OS fingerprinting: Practical approaches and examples.
| | Author: | Dan Crowley | | File Size: | 12009 | | Last Modified: | Oct 30 13:13:08 2008 |
| MD5 Checksum: | ae054f97b0ef7a85c7a4e4e57059587f |
|
| /// File Name: |
address-spoof.txt |
Description:
|
Address Bar Spoofing Attacks Against Microsoft Internet Explorer 6. Due to formatting issues when sent , additional notes regarding the attacks are appended.
| | Author: | Amit Klein | | Homepage: | http://www.trusteer.com/ | | File Size: | 15579 | | Last Modified: | Oct 27 18:38:09 2008 |
| MD5 Checksum: | 5bf24bf420c7b4f9d6da416472832ec8 |
|
| /// File Name: |
http_botnet.txt |
Description:
|
Whitepaper on setting up a HTTP controlled botnet. Code examples provided.
| | Author: | cross | | File Size: | 24691 | | Last Modified: | Oct 22 17:18:52 2008 |
| MD5 Checksum: | db39c5c6d8edc80aed2f9e2b9fc59db0 |
|
| /// File Name: |
hackers-rfc.txt |
Description:
|
The Hacker's RFC - This document introduces best practices a computer hacker should know about and implement for his own safety.
| | Author: | fckD | | File Size: | 10805 | | Last Modified: | Oct 16 19:43:46 2008 |
| MD5 Checksum: | 7bcf0701c8097dac62f535cb9feb45eb |
|
| /// File Name: |
xenfb-adventures-10.pdf |
Description:
|
Whitepaper entitled Adventures with a certain Xen vulnerability (in the PVFB backend).
| | Author: | Rafal Wojtczuk | | File Size: | 167544 | | Related CVE(s): | CVE-2008-1943 | | Last Modified: | Oct 15 20:14:18 2008 |
| MD5 Checksum: | d001b568f3f249e6ebedb390b57fe7dc |
|
| /// File Name: |
ENG_in_a_nutshell.pdf |
Description:
|
Exploit Creation - The Random Approach. A paper about using Encore Next Generation techniques to create exploits.
| | Author: | Nelson Brito | | File Size: | 165713 | | Last Modified: | Oct 6 22:24:31 2008 |
| MD5 Checksum: | dd9d916dd9cd088ebacdbac525cd7a78 |
|
| /// File Name: |
wasc_wass_2007.pdf |
Description:
|
The Web Application Security Consortium (WASC) is pleased to announce the WASC Web Application Security Statistics Project 2007. This initiative is a collaborative industry wide effort to pool together sanitized website vulnerability data and to gain a better understanding about the web application vulnerability landscape. The overall statistics includes analysis results of 32,717 sites and 69,476 vulnerabilities of different degrees of severity.
| | Homepage: | http://www.webappsec.org/ | | File Size: | 173892 | | Last Modified: | Sep 8 18:38:56 2008 |
| MD5 Checksum: | 86567ab3f61b08ab7690e05b87500656 |
|
| /// File Name: |
draft-gont-opsec-ip-security-01.txt |
Description:
|
This is the IETF Internet-Draft entitled "Security Assessment of the Internet Protocol version 4", which is heavily based on the "Security Assessment of the Internet Protocol".
| | Author: | Fernando Gont | | Homepage: | http://www.ietf.org/ | | File Size: | 166263 | | Last Modified: | Sep 2 23:30:05 2008 |
| MD5 Checksum: | 8df28368bfb0390ab4b35fd2f97b23a2 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
