Section: .. / papers / general /
| /// File Name: |
022805.txt |
Description:
|
This paper describes several techniques for exposing file contents using the site search functionality. It is assumed that a site contains documents which are not visible/accessible to external users. Such documents are typically future PR items, or future security advisories, uploaded to the website beforehand. However, the site is also searchable via an internal search facility, which does have access to those documents, and as such, they are indexed by it not via web crawling, but rather, via direct access to the files. Therein lies the security breach.
| | Author: | Amit Klein | | Homepage: | http://webappsec.org/ | | File Size: | 25702 | | Last Modified: | Feb 28 19:15:11 2005 |
| MD5 Checksum: | 87eb98b564a55d22d12c7b83e9641965 |
|
| /// File Name: |
WebApp_Footprints_Disco.pdf |
Description:
|
White paper discussing web application footprints and discovery methodology for web servers hosting multiple web applications.
| | Author: | Shreeraj Shah | | Homepage: | http://www.net-square.com/ | | File Size: | 176061 | | Last Modified: | Feb 22 22:08:59 2005 |
| MD5 Checksum: | 82336e368c3d8dab95146586a8ffda39 |
|
| /// File Name: |
WIPv011.tgz |
Description:
|
Whitepaper giving an overview of a security assessment against Windows NT machines when penetration testing. Provides insight from both attacker and administrative perspectives.
| | Author: | Adrian Pastor aka pagvac | | File Size: | 740406 | | Last Modified: | Jan 26 23:29:09 2005 |
| MD5 Checksum: | 6c638d17610ae47a614b8c4765cfc7b1 |
|
| /// File Name: |
votehack.txt |
Description:
|
Article about evidence mounting that the vote was hacked. The FBI has been called in to Florida.
| | Author: | Thom Hartmann | | Homepage: | http://CommonDreams.org | | File Size: | 14240 | | Last Modified: | Nov 10 01:49:51 2004 |
| MD5 Checksum: | 2c398b6336f2e2e0d98f62a2048297f1 |
|
| /// File Name: |
blackbox.txt |
Description:
|
Freedom of Information requests at http://www.blackboxvoting.org have unearthed two Ciber certification reports indicating that security and tamperability was NOT TESTED and that several state elections directors, a secretary of state, and computer consultant Dr. Britain Williams signed off on the report anyway, certifying it.
| | Homepage: | http://www.blackboxvoting.org/ | | File Size: | 34214 | | Last Modified: | Nov 10 01:41:32 2004 |
| MD5 Checksum: | 5285a64d546396feed26c988ae5debc3 |
|
| /// File Name: |
2004_11.txt |
Description:
|
Electronic Frontier Foundation Media Release - Presidential Votes Miscast on E-voting Machines Across the Country. Voters from at least half a dozen states reported that touch-screen voting machines had incorrectly recorded their choices, including for president.
| | Author: | Cindy Cohn,Matt Zimmerman | | Homepage: | http://www.eff.org/news/archives/2004_11.php#002062 | | File Size: | 3620 | | Last Modified: | Nov 4 22:43:21 2004 |
| MD5 Checksum: | 801f5c3f4e63747cba6eb681b9c7e8f4 |
|
| /// File Name: |
evilBushLovingMachines.txt |
Description:
|
Apparently some voting machines in New Mexico have decided to pick the opposite candidate of the ones early voters are choosing. More proof that electronic voting systems cannot be used in such an infant stage.
| | Author: | Jim Ludwick | | Homepage: | http://abqjournal.com/elex/246845elex10-22-04.htm | | File Size: | 5000 | | Last Modified: | Oct 27 00:32:07 2004 |
| MD5 Checksum: | 4bab988931293345f41299af59140d96 |
|
| /// File Name: |
Complete_Spyware_Whitepaper.pdf |
Description:
|
This is a fairly light-weight introduction to what spyware is, what it does, and how to detect/block it. Mostly, it refers to other tools rather than giving any new info, but it does have a reasonable overview of different tools.
| | Author: | Jonathan Read | | Homepage: | http://www.anti-trojan.org | | File Size: | 31599 | | Last Modified: | Oct 24 16:36:43 2004 |
| MD5 Checksum: | e18b31695e0d8689709e3ea4c42d5240 |
|
| /// File Name: |
asm-1.tbz |
Description:
|
Project Freedocs Volume 4 - A collection of tutorials regarding asm programming.
| | Author: | Bugghy | | Homepage: | http://vaida.bogdan.googlepages.com/ | | File Size: | 876790 | | Last Modified: | Sep 9 04:11:55 2004 |
| MD5 Checksum: | 36dbbc1321d22b50c15c4c125e5e506a |
|
| /// File Name: |
kernel-1.tbz |
Description:
|
Project Freedocs Volume 1 - A collection of tutorials regarding kernel programming.
| | Author: | Bugghy | | Homepage: | http://vaida.bogdan.googlepages.com/ | | File Size: | 13051902 | | Last Modified: | Sep 9 04:10:02 2004 |
| MD5 Checksum: | 4a12608dde411e4a41050e00821dcc61 |
|
| /// File Name: |
exploits-1.tbz |
Description:
|
Project Freedocs Volume 2 - A collection of tutorials regarding exploit programming.
| | Author: | Bugghy | | Homepage: | http://vaida.bogdan.googlepages.com/ | | File Size: | 2716757 | | Last Modified: | Sep 9 04:09:10 2004 |
| MD5 Checksum: | b8f9b25d88c0e4e0d06263221a540306 |
|
| /// File Name: |
elf-1.tbz |
Description:
|
Project Freedocs Volume 3 - A collection of tutorials regarding elf programming.
| | Author: | Bugghy | | Homepage: | http://vaida.bogdan.googlepages.com/ | | File Size: | 650891 | | Last Modified: | Sep 9 04:05:32 2004 |
| MD5 Checksum: | 1e8c74bcb9a66fd9d469b5f26afa165e |
|
| /// File Name: |
timesync.html |
Description:
|
White paper discussing the fact that many modern networks are extremely dependant on a centralized time resource and the negative aspects of a network not having one.
| | Author: | 3APA3A | | Homepage: | http://www.security.nnov.ru/advisories/timesync.asp | | File Size: | 22180 | | Last Modified: | Aug 20 03:54:26 2004 |
| MD5 Checksum: | b4fcd8bce74ebb05e8db85ae5c200d7c |
|
| /// File Name: |
sthuy_article_openvpn_29940810.B.zi..> |
Description:
|
This whitepaper discusses OpenVPN as a free, secure, and easy to use and configure SSL-Based VPN solution. It offers various scenarios of use.
| | Author: | Stijn Huyghe | | File Size: | 1646498 | | Last Modified: | Aug 13 11:10:26 2004 |
| MD5 Checksum: | bd0687e11edb3c819cbc5613c99044bc |
|
| /// File Name: |
hacking_unix_2nd-us.pdf |
Description:
|
Hacking Unix is a new beginners guide to hacking. The first part covers basic fundamental knowledge one should know regarding the Internet, security, and Unix. The second half covers network profiling, compromises, and backdooring.
| | Author: | detach | | Homepage: | http://hackaholic.org/Hacking_Unix_2/ | | File Size: | 652094 | | Last Modified: | Jul 7 11:21:00 2004 |
| MD5 Checksum: | e056c69db9850f54b0a53b6c9c42fd41 |
|
| /// File Name: |
osvdblive.txt |
Description:
|
OSVDB has announced that they have reached 3,000 stable entries. This Go-Live update discusses new features the site has along with a request for help from the community. Please help support them in any way possible.
| | Homepage: | http://www.osvdb.org/ | | File Size: | 2620 | | Last Modified: | Jun 2 04:00:47 2004 |
| MD5 Checksum: | a3d5199f54323b925961616b81309b1c |
|
| /// File Name: |
SecureDevelopmentv06.pdf |
Description:
|
Corsaire White Paper: Secure Development Framework. This paper addresses the need for an infrastructure to exist in which things are securely developed to help mitigate the high costs incurred when vulnerable software is released into the wild.
| | Author: | Glyn Geoghegan | | Homepage: | http://www.corsaire.com | | File Size: | 343216 | | Last Modified: | May 19 21:19:44 2004 |
| MD5 Checksum: | 7155cf428ccb06b0b9b83af4dbfd755f |
|
| /// File Name: |
reverse_backdoored_binaries.txt |
Description:
|
Well written whitepaper about reverse engineering backdoored binaries. It is meant for the beginner reverse engineer with some knowledge of ELF, C, x86 ASM, and Linux.
| | Author: | Chris | | Homepage: | http://www.cr-secure.net/ | | File Size: | 28027 | | Last Modified: | Apr 19 09:49:00 2004 |
| MD5 Checksum: | 44254a0ab92d356cf69959d3c8060f44 |
|
| /// File Name: |
enterprise_specific_security.sxw.pd..> |
Description:
|
White-paper that discusses how large enterprises use a different class of software than small companies. This software and the environment it is purchased in is subject to particular constraints that often require a different strategy. This paper presents the problems with concrete and current examples and suggests some solutions.
| | Author: | Dave Aitel | | Homepage: | http://www.immunitysec.com/ | | File Size: | 292287 | | Last Modified: | Apr 2 05:54:00 2004 |
| MD5 Checksum: | f08fdd20ce1f278a7a74b4d4494b495b |
|
| /// File Name: |
whitepaper_httpresponse.pdf |
Description:
|
Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics. This whitepaper discusses a new application attack technique and provides use cases.
| | Author: | Amit Klein | | File Size: | 297302 | | Last Modified: | Mar 4 18:07:00 2004 |
| MD5 Checksum: | a88cdaabfffc1297b09a899e0cadf9c1 |
|
| /// File Name: |
MySQL.fingerprint.txt |
Description:
|
Small write-up discussing methodology for fingerprint the type of MySQL database being used when exploiting SQL injection vulnerabilities.
| | Author: | Tonu Samuel | | File Size: | 4317 | | Last Modified: | Feb 23 18:16:00 2004 |
| MD5 Checksum: | c8504f82b10ed47a972f6bbc43dd339e |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
