|
Exploitation / Vulnerability
|
|
|
| Title |
Contributor |
Date |
Description |
Rating |
|
TEMPEST |
Chris Gates |
28/12/07 |
Chris Gates from 'Learn Security Online' submits this paper on Electronic and electromechanical information-processing equipment that can produce unintentional intelligence-bearing emanations, commonly known as TEMPEST. |
10 |
|
Old Threats Never Die |
Gunter Ollmann |
29/08/07 |
Gunter Ollmann examines malware, Login Bypass, Web Browser and other vulnerabilities still in the wild today. |
10 |
|
The Vishing Guide |
Gunter Ollmann |
27/08/07 |
This white paper, written by Gunter Ollmann, specifically examines vishing and provides an analysis of current and future vectors for this particular attack. |
10 |
|
X-morphic Exploitation |
Gunter Ollmann |
23/08/07 |
Gunter Ollmann writes this fascinating look into the the world of personalized, one-of-a-kind Web browser exploits and the dawn of x-morphic exploitation. |
9 |
|
Scanning Ajax for XSS entry points |
Shreeraj Shah |
16/02/07 |
This contribution from Shreeraj Shah, introduces one to a quick way to identify XSS entry points in an application. |
7 |
|
Top 10 Web 2.0 Attack Vectors |
Shreeraj Shah |
22/11/06 |
Shreeraj Shah submits this paper outlining his top 10 Web 2.0 attacks that you should be aware of. |
9 |
|
A Modular Approach to Data Validation in Web Applications |
Stephen de Vries |
07/04/06 |
Stephen de Vries submits this paper which discusses the fact that data that is not validated or poorly validated is the root cause of a number of serious security vulnerabilities affecting applications. This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use, can be realised. |
9 |
|
Web Services: Enumeration and Profiling |
Shreeraj Shah |
28/03/05 |
Web services hacking begins with the Web Services Definition Language or WSDL. A WSDL file is a major source of information for an attacker. Examining a WSDL description provides critical information like methods, input and output parameters. It is important to understand the structure of a WSDL file, based on which one should be able to enumerate web services. The outcome of this process is a web services profile or matrix. The scope of this paper is restricted to understanding this process. Once this is done, attack vectors for web services can be defined. |
7 |
|
Web Application Footprints and Discovery |
Shreeraj Shah |
08/02/05 |
Serious challenges arise when doing web application assessments on web servers that host
multiple virtual hosts and all this with zero knowledge about the number of web applications
mapped to a single IP address. Using the manual techniques outlined in the paper, the
methodology pinpoints specific ways to discover applications and enhance web application
assessment with tangible results. |
9 |
|
A day in the life of the JPEG Vulnerability |
Charles Hornat |
09/12/04 |
A technical overview of the recent Microsoft JPEG vulnerability. |
6 |
|
Second-order Code Injection Attacks |
Gunter Ollmann |
06/11/04 |
A discussion on injecting code for use at a later time. A different look at injection! |
9 |
|
DoS Attacks: Instigation and Mitigation |
Jeremy Martin |
26/08/04 |
The purpose of this article is to give the reader with basic network knowledge a better understanding of the challenges presented by Denial of Service attacks, how they work, and ways to protect systems and networks from them. |
9 |
|
I Know Something You Don't Know (Email Secrets) |
Bob Radvanovsky |
15/08/04 |
Whitepaper: I Know Something that You Don't Know (Email Secrets), A Theoretical Discussion Concerning Secretive or Covertive Methods of
Communication via an Unchecked Feature of the SMTP Protocol
|
6 |
|
Demystifying Google Hacks |
Debasis Mohanty |
21/07/04 |
Looks at Google’s Advance Search Query Syntaxes and their use in querying for vulnerable sites and servers. Also highlights security measures that admins or security professionals can take to prevent against such “unauthorized Google invasion”. |
9 |
|
Reverse Engineering Backdoored Binaries |
ChrisR- |
01/07/04 |
Reverse engineering backdoor binaries on an x86 Linux Operating System. Explains the basics of the particular binary by disassembling and then goes into recreating the source code. |
9 |
|
Application Level DoS Attacks |
Stephen de Vries |
07/06/04 |
Provides a foundation as to what is application denial of service, the types of attack, their root causes and advantages over traditional DoS attacks. |
5 |
|
An Overview of Common Programming Security Vulnerabilities and Possible Solutions |
Yves Younan |
11/05/04 |
Recommended for those wanting a foundation guide to exploitation and patching; this extensive document looks at common application vulnerabilities and in the process, analyses a cross-section of exploits including the Apache HTTPd. |
9 |
|
UDP Remote Controls |
Angelo Rosiello |
03/05/04 |
Illustrates the possibility of controlling servers with the UDP protocol. |
9 |
|
Discovering Passwords in the Memory |
Abhishek Kumar |
14/04/04 |
Discusses the dangers of using plain text passwords in memory, a common vulnerability that can be exploited by low privileged users to steal critical passwords and escalate their privileges. |
9 |
|
Crafting Symlinks for Fun and Profit |
Shaun Colley |
12/04/04 |
Attempts to demonstrate and analyze the risks of sym link bugs at large, providing interesting case-studies where necessary to demonstrate the author’s points. Information on preventing these sorts of attacks is also provided, with general safe-guards against preventing them. |
8 |
|
Stack Overflow’s Analysis & Exploiting Ways |
Angelo Rosiello |
08/04/04 |
A look at how the main processor works during a program’s execution in order to really understand STACK overflows. |
7 |
|
Exploitation - Returning into libc |
Shaun Colley |
11/03/04 |
The intention here is not to teach you the ins and outs of buffer overflows, but to explain in a little detail another technique used to execute arbitrary code as opposed to the classic 'NOP sled + shellcode + repeated retaddr' method. |
9 |
|
Vulnerability Protection - A Buffer for Patching |
Vikram Phatak |
02/03/04 |
Attempts to explain why current security technologies such as firewalls, intrusion detection and prevention systems, and automated patch management solutions have failed in preventing vulnerabilities from being exploited. |
7 |
|
Guarded Memory Move (GMM) Buffer Overflow Detection And Analysis |
Davide Libenzi |
12/02/04 |
All software engineers and system administrators dealing with the debug of faulting applications due possible buffer overflow exploits, will find in GMM a precious inspection tool. |
8 |
|
The Basics of Shellcoding |
Angelo Rosiello |
10/02/04 |
The goal here is not to explain all the possibilities of injecting a shellcode developed during last years, but to analyze and understand its essence. |
9 |
|
Adjacent Overwrite BUG |
Daniel Hodson |
20/01/04 |
Presented as an informative, step by step log of exploiting an adjacent memory overflow. It is aimed at those who have buffer overflow experience, and hopefully have knowledge of the organisation of the stack. |
9 |
|
Buffer Overflow for Beginners |
Daniel Hodson |
09/01/04 |
Basic Buffer Overflow Exploitation Explained. A starting point for this tutorial requires the readers to have a simple understanding of the C programming language. |
8 |
|
On the Importance of Secure Coding |
Hagai Bar-El |
16/12/03 |
Provides a brief definition of secure coding and of secure programs and tries to assess the reasons for the need to focus efforts on this aspect of information security. |
No votes |
|
An introduction to the Fake players bug and DoS 0.1.1 |
Luigi Auriemma |
04/11/03 |
An attacker can fill a game server with a custom number of inexistent players (1 player is 'emulated' by no more than one or two packets of data) and the server after having reached the maximum number of players will not accept others.
The effect is a Denial of Service where the real players cannot use the service offered by the server because it is already full. |
5 |
|
The Rise of the Spammers |
David Barroso Berrueta |
30/10/03 |
The author writes: 'I'm not going to talk about the motives
of this spam community to send millions of dumb e-mails telling how to get a
good mortgage rate, increase my body length or make business with an African
prince. This is the story of how one of my home servers was compromised and
used as a massive spamming sender within an environment that I've never
seen (but was likely to happen).' |
9 |
|
Application Security: Attackers Won’t Stop at the Firewall (Why should you?) |
Kenneth Newman |
15/10/03 |
Kenneth Newman’s presentation highlights what Application Security is about, what are bad applications and what make them insecure. The presentation focuses on Application Security Framework, Application Security Integration & Application Security Awareness. |
9 |
|
The Risks of Vulnerabilities |
Jim Tiller |
04/08/03 |
Covers the recent Cisco and Microsoft vulnerabilities, with
some suggestions for how companies can handle them. |
8 |
|
Remote Automatic Exploitation of Stack Overflows |
Burebista |
31/07/03 |
The purpose of this paper is to prove that it is possible to remotely exploit hostile environments without having any idea of what the server-side software sources are. |
9 |
|
Stack Overflows |
Burebista |
29/07/03 |
Covers a vulnerability commonly found in the wild: the stack overflow. Particularly discussed are all the details and steps taken into account, demonstrating that it is possible to inject arbitrary machine code in any running process, making use of stack overflow errors. |
5 |
|
CASR - ACAT: PHP TopSites Vulnerability Report |
CyberArmy |
15/03/03 |
The purpose of this document is to show several vulnerabilities and provide fixes for the PHP TopSites Pro/Free script. |
9 |
|
Why Web Application Security is the New Threat |
Dan Cuthbert |
17/10/02 |
Explains what web applications are, why they are plagued with vulnerabilities; ways they are exploited, for e.g. Cross-site scripting, URL manipulation etc. The paper also touches on guidelines for developing secure web applications. |
7 |
|
The Dark Side of NTFS (Microsoft’s Scarlet Letter) |
H. Carvey |
10/10/02 |
Admins & users know very little about a feature of the NTFS file system called 'alternate data streams' (ADSs).
This paper describes in detail how ADSs are created and manipulated, and how code hidden in ADSs can be executed. Specific differences in the treatment of ADSs by NT, 2K, and XP are noted. |
9 |
|
Format String Attacks |
Ed Skoudis |
25/09/02 |
These slides show a picture of what's happening on the stack during such an attack. |
6 |
|
Improving the Security of Your Site by Breaking Into it |
Dan Farmer |
05/09/02 |
*The early ‘90s perspective* “In this paper we will take an unusual approach to system security. Instead of merely saying that something is a problem, we will look through the eyes of a potential intruder, and show why it is one...” |
6 |
|
A day in the life of Directory Traversal and IIS |
Charles Hornat |
05/09/02 |
What unicode is, how the exploit works, examples, how to protect yourself from it |
8 |
|
The Meaning of Security |
Charles Hornat |
05/09/02 |
Before & after applying SUN security patches, security scans were performed and then analyzed before concluding that applying patches can result in high unpredictability |
6 |
|
|
