Section: .. / papers / general /
| /// File Name: |
perl-format-string.txt |
Description:
|
Format String Vulnerabilities in Perl Programs - Whitepaper discussing all the attack and impact details of recent discussions surrounding format string exploitation in perl. Provides further insight on how these flaws can be manipulated and has examples.
| | Author: | Steven M. Christey | | File Size: | 25936 | | Last Modified: | Dec 3 01:06:52 2005 |
| MD5 Checksum: | ff51ff0694b291ce947b9effb9227978 |
|
| /// File Name: |
phpendangers.txt |
Description:
|
Whitepaper entitled PHP Endangers - Remote Code Execution.
| | Author: | Arham Muhammed | | File Size: | 13748 | | Last Modified: | Aug 16 04:32:46 2007 |
| MD5 Checksum: | 75496cb8ab31fe5ed70fd44ed2edd52e |
|
| /// File Name: |
pnetext.ps |
Description:
|
Pseudo-Network Drivers and Virtual Networks: A method for creating pseudo-networks, much like the pseudo-terminals in use on many UNIX systems.
| | File Size: | 86678 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 394958ef114a0180372ad8da77496119 |
|
| /// File Name: |
ports.pdf |
Description:
|
White Paper on Automatic Protocol Identification on Scanned Ports. We examine the problem and propose a solution for automatically identifying the protocol run on ports that a previous network scan found to be open.
| | Author: | Izar Tarandach | | Homepage: | http://razor.bindview.com/publish/index.shtml | | File Size: | 89823 | | Last Modified: | Feb 24 20:29:28 2000 |
| MD5 Checksum: | eb71afe6cdb2a5cbb3de4a120f7fa752 |
|
| /// File Name: |
primer.ps |
Description:
|
Coping with the Threat of Computer Security Incidents: A Primer from Prevention through Recovery: A basic text for the author's one-day seminar on the practical aspects of computer security in an unclassified networked environment
| | File Size: | 293589 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 3af8eee428825555e4211dd6874cb192 |
|
| /// File Name: |
RCE_PDF.zip |
Description:
|
This paper is intended as an introduction to reverse engineering for someone who has no experience on the subject.
| | Author: | Craig Heffner | | Homepage: | http://www.craigheffner.com/ | | File Size: | 513936 | | Last Modified: | Sep 7 04:14:14 2006 |
| MD5 Checksum: | d0323f4d500864e2a4fd71e1607fc5a1 |
|
| /// File Name: |
report.pdf |
Description:
|
Whitepaper discussing how DNS can be used for detecting and monitoring in a network.
| | Author: | Antoine Schonewille, Dirk-Jan van Helmond | | File Size: | 244923 | | Last Modified: | Feb 25 20:34:33 2006 |
| MD5 Checksum: | 741418521669132f0fd03db71e85f5c9 |
|
| /// File Name: |
reverse_backdoored_binaries.txt |
Description:
|
Well written whitepaper about reverse engineering backdoored binaries. It is meant for the beginner reverse engineer with some knowledge of ELF, C, x86 ASM, and Linux.
| | Author: | borg | | Homepage: | http://www.cr-secure.net/ | | File Size: | 28027 | | Last Modified: | Apr 19 09:49:00 2004 |
| MD5 Checksum: | 44254a0ab92d356cf69959d3c8060f44 |
|
| /// File Name: |
reverseeng.pdf |
Description:
|
This paper aims to present a methodical framework for high-level reverse engineering. The methodology is a culmination of existing tools and techniques within the IT security research community, which presents ways to identify process operation at a higher-level of abstraction than traditional binary reversing.
| | Author: | Matthew Lewis | | Homepage: | http://www.irmplc.com/ | | File Size: | 1276878 | | Last Modified: | Oct 2 00:31:35 2007 |
| MD5 Checksum: | ad6255431165e52467be53fd14fa775b |
|
| /// File Name: |
rfpolicy-2.0.txt |
Description:
|
RFPolicy 2.0 - Rain Forrest Puppy's policy on notifying vendors and releasing security vulnerabilities.
| | Author: | Rain Forrest Puppy | | Homepage: | http://www.wiretrip.net | | Changes: | Less stringent on timeframes, more stringent on communication. Thanks to everyone who contributed. I also added some supporting notes (FAQ, etc) to help dispell some misconceptions on it. | | File Size: | 15498 | | Last Modified: | Oct 17 15:45:59 2000 |
| MD5 Checksum: | 4bb04bf50ab00e365ec966deb62c2a7a |
|
| /// File Name: |
RogueXMLSpecific.pdf |
Description:
|
Whitepaper entitled Rogue XML Specifications. It discusses insecurities that relate to XML schema.
| | Author: | ZeroKnock | | Homepage: | http://zeroknock.metaeye.org/ | | File Size: | 222734 | | Last Modified: | Feb 27 19:38:50 2007 |
| MD5 Checksum: | f09a65b98a3e2e12185cf646d3e793ae |
|
| /// File Name: |
Secure-Programs-HOWTO.htm |
Description:
|
Secure Programming Howto - This paper provides a set of design and implementation guidelines for writing secure programs for Linux systems. Such programs include application programs used as viewers of remote data, CGI scripts, network servers, and setuid/setgid programs.
| | Author: | David A. Wheeler | | File Size: | 7529 | | Last Modified: | Jan 11 21:00:27 2000 |
| MD5 Checksum: | 24859d444efc55ac3c4fe643fd1ff557 |
|
| /// File Name: |
secure_smtp_proxy_for_protecting_mt..> |
Description:
|
Whitepaper entitled "Secure SMTP Proxy for Protecting Mail Transfer Agents". This is a 70 page document that discusses new angles for defending mail daemons and more.
| | Author: | Alin-Adrian Anton | | File Size: | 880872 | | Last Modified: | Sep 5 20:24:58 2007 |
| MD5 Checksum: | 5328c8e51d8209c0781888d131361c97 |
|
| /// File Name: |
SecureDevelopmentv06.pdf |
Description:
|
Corsaire White Paper: Secure Development Framework. This paper addresses the need for an infrastructure to exist in which things are securely developed to help mitigate the high costs incurred when vulnerable software is released into the wild.
| | Author: | Glyn Geoghegan | | Homepage: | http://www.corsaire.com | | File Size: | 343216 | | Last Modified: | May 19 21:19:44 2004 |
| MD5 Checksum: | 7155cf428ccb06b0b9b83af4dbfd755f |
|
| /// File Name: |
security-policy.pdf |
Description:
|
This paper outlines the strategies and managing of the processes behind implementing a successful Security Policy. Additionally, it gives recommendations for the creation of a Security Awareness Program, where the main objective would be to provide a staff with a better understanding of the issues stated in a security policy.
| | Author: | Dancho Danchev | | Homepage: | http://www.windowsecurity.com/ | | File Size: | 556798 | | Last Modified: | Sep 20 02:38:36 2005 |
| MD5 Checksum: | b57d540352ef547932a99d43e16c848d |
|
| /// File Name: |
Security_Breach_Survey.pdf |
Description:
|
White and Case, a top NYC law firm, posted a survey on Data Security Breach Notifications on September 26, 2005. From the press release: "Victims of personal data security breaches are showing their displeasure by terminating relationships with the companies that maintained their data, according to a new national survey sponsored by global law firm White & Case. The independent survey of nearly 10,000 adults, conducted by the respected privacy research organization Ponemon Institute, reveals that nearly 20 percent of respondents say they have terminated a relationship with a company after being notified of a security breach."
| | Author: | Ponemon Institute | | Homepage: | http://www.whitecase.com/news/news_detail.aspx?newsid=11731&type=News%20Releases | | File Size: | 330889 | | Last Modified: | Oct 4 00:14:13 2005 |
| MD5 Checksum: | 57fc4866bcbc56b61a9f66cfed7993e4 |
|
| /// File Name: |
SecurityIPTelephonyNetworks.pdf |
Description:
|
IP Telephony based networks, which might be a core part of our Telephony infrastructure in the near future, introduce caveats and security concerns which traditional telephony based networks do not have to deal with, have long forgotten about, or have learned to cope with. The security risk is usually overshadowed by the technological hype and the way IP Telephony equipment manufacturers push the technology to the masses. This paper highlights the different security risk factors with IP Telephony based networks.
| | Author: | Ofir Arkin | | File Size: | 459385 | | Last Modified: | Nov 24 22:50:16 2002 |
| MD5 Checksum: | e013b1ffa4ad1861992a3a2038e98d7b |
|
| /// File Name: |
SQLInjectionWhitePaper.pdf |
Description:
|
SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping illegal characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this paper is to educate the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection as well as make clear the correct mechanisms that should be put in place to protect against SQL injection, as well as input validations problems in general.
| | Author: | Spi Labs | | Homepage: | http://www.spidynamics.com | | File Size: | 816899 | | Last Modified: | Feb 2 03:20:35 2002 |
| MD5 Checksum: | e67624e3913f0dd2dea2ddbae0a5f3dd |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
