Section: .. / papers / general /
| /// File Name: |
022805.txt |
Description:
|
This paper describes several techniques for exposing file contents using the site search functionality. It is assumed that a site contains documents which are not visible/accessible to external users. Such documents are typically future PR items, or future security advisories, uploaded to the website beforehand. However, the site is also searchable via an internal search facility, which does have access to those documents, and as such, they are indexed by it not via web crawling, but rather, via direct access to the files. Therein lies the security breach.
| | Author: | Amit Klein | | Homepage: | http://webappsec.org/ | | File Size: | 25702 | | Last Modified: | Feb 28 19:15:11 2005 |
| MD5 Checksum: | 87eb98b564a55d22d12c7b83e9641965 |
|
| /// File Name: |
041607.html |
Description:
|
The Web Application Security Consortium is proud to present 'The Importance of Application Classification in Secure Application Development'.
| | Author: | Rohit Sethi | | Homepage: | http://www.webappsec.org/ | | File Size: | 44216 | | Last Modified: | Apr 18 20:40:46 2007 |
| MD5 Checksum: | 067f062ee0605f2c9e32f8a6614d533c |
|
| /// File Name: |
050819-securing-mac-os-x-tiger.pdf |
Description:
|
Corsaire (www.corsaire.com/white-papers/) has released a fully updated version of their guide to securing Mac OS X to cover the new security features offered by Mac OS X 10.4 Tiger (such as ACLs) as well as incorporating additional security guidelines that were omitted in the original (10.3) guide.
| | Author: | Stephen de Vries | | Homepage: | http://www.corsaire.com/white-papers/ | | File Size: | 751834 | | Last Modified: | Aug 26 00:55:07 2005 |
| MD5 Checksum: | 021cca9d23a8be3656a5f08e6bc300ec |
|
| /// File Name: |
2004_11.txt |
Description:
|
Electronic Frontier Foundation Media Release - Presidential Votes Miscast on E-voting Machines Across the Country. Voters from at least half a dozen states reported that touch-screen voting machines had incorrectly recorded their choices, including for president.
| | Author: | Cindy Cohn,Matt Zimmerman | | Homepage: | http://www.eff.org/news/archives/2004_11.php#002062 | | File Size: | 3620 | | Last Modified: | Nov 4 22:43:21 2004 |
| MD5 Checksum: | 801f5c3f4e63747cba6eb681b9c7e8f4 |
|
| /// File Name: |
3Steps.rar |
Description:
|
Whitepaper called From Win32 User-Land through Native API to Kernel. Includes demonstration code.
| | Author: | cross | | Homepage: | http://x1machine.com/ | | File Size: | 425458 | | Last Modified: | Mar 30 15:46:13 2009 |
| MD5 Checksum: | 2850b46fa8d6679464eb53efefc006a9 |
|
| /// File Name: |
A_Modular_Approach_to_Data_Validati..> |
Description:
|
This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use can be released. The paper begins with an explanation of the vulnerabilities introduced through poor validation and then goes on to discuss the merits of a number of common data validation methodologies. A modular approach is introduced together with practical examples of how to implement such a scheme in a web application. It also provides information on common attack vectors, principles of validation, a modular solution and implementation of that solution.
| | Author: | Stephen de Vries | | Homepage: | http://www.corsaire.com/ | | File Size: | 382808 | | Last Modified: | Apr 12 14:59:25 2006 |
| MD5 Checksum: | a0b2f3ac1b5d56c1eb5b580c14a11f16 |
|
| /// File Name: |
abc.pdf |
Description:
|
This White Paper gives an introduction to computer security and its significance for businesses, followed by an alphabetical guide to common security measures and threats.
| | Author: | Paul Ducklin | | Homepage: | http://www.sophos.com | | File Size: | 99449 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 234140dc38979cbe235a915f9e495f15 |
|
| /// File Name: |
acros.txt |
Description:
|
CaIRA: Computer and Internet-Related Acronyms. 1,725 acronyms and abbreviations with definitions and explanations. Includes a listing of all internet country abbreviations.
| | Author: | Raven | | Homepage: | http://blacksun.box.sk | | File Size: | 119341 | | Last Modified: | Feb 3 11:35:16 2000 |
| MD5 Checksum: | 81861a7a8afc090fb589e09620587a27 |
|
| /// File Name: |
address-spoof.txt |
Description:
|
Address Bar Spoofing Attacks Against Microsoft Internet Explorer 6. Due to formatting issues when sent , additional notes regarding the attacks are appended.
| | Author: | Amit Klein | | Homepage: | http://www.trusteer.com/ | | File Size: | 15579 | | Last Modified: | Oct 27 18:38:09 2008 |
| MD5 Checksum: | 5bf24bf420c7b4f9d6da416472832ec8 |
|
| /// File Name: |
agents.txt |
Description:
|
The Evolution of Malicious Agents. This paper examines the evolution of malicious agents by analyzing features and limitations of popular viruses, worms, and trojans, detailing the possibility of a new breed of malicious agents currently being developed on the Internet.
| | Author: | Lenny Zeltser | | Homepage: | http://www.zeltser.com/agents | | File Size: | 48331 | | Last Modified: | May 3 18:20:38 2000 |
| MD5 Checksum: | badaef580cc6781fc436d7fe02f5cce9 |
|
| /// File Name: |
Altering_ARP_Tables_v_1.00.htm |
Description:
|
Altering ARP Tables v1.00 - This paper is dedicated to ARP tables and how to alter them remotely. Includes a couple of implementations of ARP poisoning in a bridge based segment and a couple of ways to protect yourself.
| | Author: | Data Wizard | | File Size: | 22573 | | Last Modified: | Sep 7 23:03:45 2001 |
| MD5 Checksum: | 2cddda46bc0102cac912313b0b33cd68 |
|
| /// File Name: |
AnonMoney.zip |
Description:
|
An interesting paper on using the TOR network to anonymously collect funds with eGold.
| | Author: | Mr Babs | | File Size: | 27881 | | Last Modified: | Apr 28 12:47:57 2006 |
| MD5 Checksum: | dd9e819d06c9b8ad5e1c6d1b4d87ce5c |
|
| /// File Name: |
appOSfingerprint.txt |
Description:
|
Whitepaper entitled Advanced application-level OS fingerprinting: Practical approaches and examples.
| | Author: | Dan Crowley | | File Size: | 12009 | | Last Modified: | Oct 30 13:13:08 2008 |
| MD5 Checksum: | ae054f97b0ef7a85c7a4e4e57059587f |
|
| /// File Name: |
arpspoofing.pdf |
Description:
|
Short whitepaper discussing the basics of ARP spoofing.
| | Author: | Affix | | Homepage: | http://ihack.co.uk/ | | File Size: | 89641 | | Last Modified: | Jan 12 15:37:14 2009 |
| MD5 Checksum: | aabb36931cac90312055efa371921d6f |
|
| /// File Name: |
asm-1.tbz |
Description:
|
Project Freedocs Volume 4 - A collection of tutorials regarding asm programming.
| | Author: | Bugghy | | Homepage: | http://vaida.bogdan.googlepages.com/ | | File Size: | 876790 | | Last Modified: | Sep 9 04:11:55 2004 |
| MD5 Checksum: | 36dbbc1321d22b50c15c4c125e5e506a |
|
| /// File Name: |
AveOfAttack.pdf |
Description:
|
A New Avenue of Attack: Event-Driven System Vulnerabilities. This paper gives more technical details to security vulnerabilities in event-driven systems and relates it to Information Warfare.
| | Author: | Simos Xenitellis | | Homepage: | http://www.isg.rhul.ac.uk/~simos/event_demo/ | | File Size: | 51408 | | Last Modified: | Aug 11 19:06:53 2002 |
| MD5 Checksum: | f75606876872b209db3c27c173b8f830 |
|
| /// File Name: |
banking-flaws.pdf |
Description:
|
Whitepaper entitled Internet Banking Flaws In India.
| | Author: | webDEViL | | File Size: | 312348 | | Last Modified: | Nov 4 00:46:42 2008 |
| MD5 Checksum: | 4f9d8bbb8f81dae1a06b4b258f70a18e |
|
| /// File Name: |
bash-history.txt |
Description:
|
Hacking Bash History discusses about why the history mechanism of bash cannot be used as a monitoring/logging facility even with the strictest measures applied to secure it. A section of the text is dedicated to hacking the bash source code to interface it with syslog.
| | Author: | ithilgore | | Homepage: | http://sock-raw.homeunix.org/ | | File Size: | 12765 | | Last Modified: | Dec 8 23:31:00 2008 |
| MD5 Checksum: | 8e0335cc29bb88eaeb3fa45c767071f3 |
|
| /// File Name: |
bbpaint.pdf |
Description:
|
Whitepaper describing how ptrace() might be used to build a Control Flow Integrity system.
| | Author: | Sebastian Krahmer | | File Size: | 2150784 | | Last Modified: | Jun 26 23:40:45 2006 |
| MD5 Checksum: | b4fc325a07b02849e37e300fd38f2b7f |
|
| /// File Name: |
Becoming_a_Hacker_-_Part_1.pdf |
Description:
|
An introductory paper for would-be hackers. It could also prove useful for network admins and hackers that want to improve themselves. Chapters include: The OS, Understanding TCP/IP, Becoming a Hacker, WHOIS Databases, Basic Tracerouting and Path Analysis, Mapping with DNS and Geolocation and more.
| | Author: | Elite Nabukadnezar | | File Size: | 937329 | | Last Modified: | Apr 28 19:58:49 2006 |
| MD5 Checksum: | a1f9344215ff0a8ba83d3479fe01d821 |
|
| /// File Name: |
berferd.ps |
Description:
|
An Evening With Berferd: In Which a Cracker is Lured, Endured, and Studied: A description of how the author kept an attacker ``on the line'' for several months in order to learn his methods.
| | File Size: | 81747 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 5cc030611fec89e1f717d00e76688835 |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
