Cyber Security Expo
Exploitation / Vulnerability
Click here to return to the library index
Title Contributor Date Description Rating
Improving the Security of Your Site by Breaking Into it Dan Farmer 05/09/02 *The early ‘90s perspective* “In this paper we will take an unusual approach to system security. Instead of merely saying that something is a problem, we will look through the eyes of a potential intruder, and show why it is one...” 6
A day in the life of Directory Traversal and IIS Charles Hornat 05/09/02 What unicode is, how the exploit works, examples, how to protect yourself from it 8
The Meaning of Security Charles Hornat 05/09/02 Before & after applying SUN security patches, security scans were performed and then analyzed before concluding that applying patches can result in high unpredictability 6
Format String Attacks Ed Skoudis 25/09/02 These slides show a picture of what's happening on the stack during such an attack. 6
The Dark Side of NTFS (Microsoft’s Scarlet Letter) H. Carvey 10/10/02 Admins & users know very little about a feature of the NTFS file system called 'alternate data streams' (ADSs). This paper describes in detail how ADSs are created and manipulated, and how code hidden in ADSs can be executed. Specific differences in the treatment of ADSs by NT, 2K, and XP are noted. 9
Why Web Application Security is the New Threat Dan Cuthbert 17/10/02 Explains what web applications are, why they are plagued with vulnerabilities; ways they are exploited, for e.g. Cross-site scripting, URL manipulation etc. The paper also touches on guidelines for developing secure web applications. 7
CASR - ACAT: PHP TopSites Vulnerability Report CyberArmy 15/03/03 The purpose of this document is to show several vulnerabilities and provide fixes for the PHP TopSites Pro/Free script. 9
Stack Overflows Burebista 29/07/03 Covers a vulnerability commonly found in the wild: the stack overflow. Particularly discussed are all the details and steps taken into account, demonstrating that it is possible to inject arbitrary machine code in any running process, making use of stack overflow errors. 5
Remote Automatic Exploitation of Stack Overflows Burebista 31/07/03 The purpose of this paper is to prove that it is possible to remotely exploit hostile environments without having any idea of what the server-side software sources are. 9
The Risks of Vulnerabilities Jim Tiller 04/08/03 Covers the recent Cisco and Microsoft vulnerabilities, with some suggestions for how companies can handle them. 8
Application Security: Attackers Won’t Stop at the Firewall (Why should you?) Kenneth Newman 15/10/03 Kenneth Newman’s presentation highlights what Application Security is about, what are bad applications and what make them insecure. The presentation focuses on Application Security Framework, Application Security Integration & Application Security Awareness. 9
The Rise of the Spammers David Barroso Berrueta 30/10/03 The author writes: 'I'm not going to talk about the motives of this spam community to send millions of dumb e-mails telling how to get a good mortgage rate, increase my body length or make business with an African prince. This is the story of how one of my home servers was compromised and used as a massive spamming sender within an environment that I've never seen (but was likely to happen).' 9
An introduction to the Fake players bug and DoS 0.1.1 Luigi Auriemma 04/11/03 An attacker can fill a game server with a custom number of inexistent players (1 player is 'emulated' by no more than one or two packets of data) and the server after having reached the maximum number of players will not accept others. The effect is a Denial of Service where the real players cannot use the service offered by the server because it is already full. 5
On the Importance of Secure Coding Hagai Bar-El 16/12/03 Provides a brief definition of secure coding and of secure programs and tries to assess the reasons for the need to focus efforts on this aspect of information security. No votes
Buffer Overflow for Beginners Daniel Hodson 09/01/04 Basic Buffer Overflow Exploitation Explained. A starting point for this tutorial requires the readers to have a simple understanding of the C programming language. 8
Adjacent Overwrite BUG Daniel Hodson 20/01/04 Presented as an informative, step by step log of exploiting an adjacent memory overflow. It is aimed at those who have buffer overflow experience, and hopefully have knowledge of the organisation of the stack. 9
The Basics of Shellcoding Angelo Rosiello 10/02/04 The goal here is not to explain all the possibilities of injecting a shellcode developed during last years, but to analyze and understand its essence. 9
Guarded Memory Move (GMM) Buffer Overflow Detection And Analysis Davide Libenzi 12/02/04 All software engineers and system administrators dealing with the debug of faulting applications due possible buffer overflow exploits, will find in GMM a precious inspection tool. 8
Vulnerability Protection - A Buffer for Patching Vikram Phatak 02/03/04 Attempts to explain why current security technologies such as firewalls, intrusion detection and prevention systems, and automated patch management solutions have failed in preventing vulnerabilities from being exploited. 7
Exploitation - Returning into libc Shaun Colley 11/03/04 The intention here is not to teach you the ins and outs of buffer overflows, but to explain in a little detail another technique used to execute arbitrary code as opposed to the classic 'NOP sled + shellcode + repeated retaddr' method. 9
Stack Overflow’s Analysis & Exploiting Ways Angelo Rosiello 08/04/04 A look at how the main processor works during a program’s execution in order to really understand STACK overflows. 7
Crafting Symlinks for Fun and Profit Shaun Colley 12/04/04 Attempts to demonstrate and analyze the risks of sym link bugs at large, providing interesting case-studies where necessary to demonstrate the author’s points. Information on preventing these sorts of attacks is also provided, with general safe-guards against preventing them. 8
Discovering Passwords in the Memory Abhishek Kumar 14/04/04 Discusses the dangers of using plain text passwords in memory, a common vulnerability that can be exploited by low privileged users to steal critical passwords and escalate their privileges. 9
UDP Remote Controls Angelo Rosiello 03/05/04 Illustrates the possibility of controlling servers with the UDP protocol. 9
An Overview of Common Programming Security Vulnerabilities and Possible Solutions Yves Younan 11/05/04 Recommended for those wanting a foundation guide to exploitation and patching; this extensive document looks at common application vulnerabilities and in the process, analyses a cross-section of exploits including the Apache HTTPd. 9
Application Level DoS Attacks Stephen de Vries 07/06/04 Provides a foundation as to what is application denial of service, the types of attack, their root causes and advantages over traditional DoS attacks. 5
Reverse Engineering Backdoored Binaries ChrisR- 01/07/04 Reverse engineering backdoor binaries on an x86 Linux Operating System. Explains the basics of the particular binary by disassembling and then goes into recreating the source code. 9
Demystifying Google Hacks Debasis Mohanty 21/07/04 Looks at Google’s Advance Search Query Syntaxes and their use in querying for vulnerable sites and servers. Also highlights security measures that admins or security professionals can take to prevent against such “unauthorized Google invasion”. 9
I Know Something You Don't Know (Email Secrets) Bob Radvanovsky 15/08/04 Whitepaper: I Know Something that You Don't Know (Email Secrets), A Theoretical Discussion Concerning Secretive or Covertive Methods of Communication via an Unchecked Feature of the SMTP Protocol 6
DoS Attacks: Instigation and Mitigation Jeremy Martin 26/08/04 The purpose of this article is to give the reader with basic network knowledge a better understanding of the challenges presented by Denial of Service attacks, how they work, and ways to protect systems and networks from them. 9
Second-order Code Injection Attacks Gunter Ollmann 06/11/04 A discussion on injecting code for use at a later time. A different look at injection! 9
A day in the life of the JPEG Vulnerability Charles Hornat 09/12/04 A technical overview of the recent Microsoft JPEG vulnerability. 6
Web Application Footprints and Discovery Shreeraj Shah 08/02/05 Serious challenges arise when doing web application assessments on web servers that host multiple virtual hosts and all this with zero knowledge about the number of web applications mapped to a single IP address. Using the manual techniques outlined in the paper, the methodology pinpoints specific ways to discover applications and enhance web application assessment with tangible results. 9
Web Services: Enumeration and Profiling Shreeraj Shah 28/03/05 Web services hacking begins with the Web Services Definition Language or WSDL. A WSDL file is a major source of information for an attacker. Examining a WSDL description provides critical information like methods, input and output parameters. It is important to understand the structure of a WSDL file, based on which one should be able to enumerate web services. The outcome of this process is a web services profile or matrix. The scope of this paper is restricted to understanding this process. Once this is done, attack vectors for web services can be defined. 7
A Modular Approach to Data Validation in Web Applications Stephen de Vries 07/04/06 Stephen de Vries submits this paper which discusses the fact that data that is not validated or poorly validated is the root cause of a number of serious security vulnerabilities affecting applications. This paper presents a modular approach to performing thorough data validation in modern web applications so that the benefits of modular component based design; extensibility, portability and re-use, can be realised. 9
Top 10 Web 2.0 Attack Vectors Shreeraj Shah 22/11/06 Shreeraj Shah submits this paper outlining his top 10 Web 2.0 attacks that you should be aware of. 9
Scanning Ajax for XSS entry points Shreeraj Shah 16/02/07 This contribution from Shreeraj Shah, introduces one to a quick way to identify XSS entry points in an application. 7
X-morphic Exploitation Gunter Ollmann 23/08/07 Gunter Ollmann writes this fascinating look into the the world of personalized, one-of-a-kind Web browser exploits and the dawn of x-morphic exploitation. 9
The Vishing Guide Gunter Ollmann 27/08/07 This white paper, written by Gunter Ollmann, specifically examines vishing and provides an analysis of current and future vectors for this particular attack. 10
Old Threats Never Die Gunter Ollmann 29/08/07 Gunter Ollmann examines malware, Login Bypass, Web Browser and other vulnerabilities still in the wild today. 10
TEMPEST Chris Gates 28/12/07 Chris Gates from 'Learn Security Online' submits this paper on Electronic and electromechanical information-processing equipment that can produce unintentional intelligence-bearing emanations, commonly known as TEMPEST. 10
Exploitation / Vulnerability - Community Contributions
Title Contributor Date Description Rating
GNU And Its Role In Exploitation Phactorial 05/09/02 Covers .dtors and exploitation through the GOT segment 8
Overwriting .dtors using Malloc Chunk Corruption Nipon 05/09/02 The exploitation of programs by overwriting .dtors/using malloc chunks 7
How to find Security Holes Kragen Sitaker 06/09/02 "...Sometimes programs sit on security boundaries. They take input from other programs that don't have the same access that they do..." 5
Babel, DDoS of Biblical proportions Floydman 06/09/02 Discusses the effects of possible large scale DDos attacks that could occur in the future. 10
Instant Paranoia: Instant Messenger Security Konstantin Klyagin 10/08/04 Talking every day on your favorite instant messaging networks with friends, lovers, colleagues and partners, have you ever thought if your conversations can be intercepted and become exposed to someone who can use them with some evil intentions? 6
Stealing Passwords Via Browser Refresh Karmendra Kohli 12/08/04 The browser’s back and refresh features can be used to steal passwords from insecurely written applications. This paper discusses the problem and the solution. We will show how a bad guy can access the user credentials of the previously logged in user by exploiting this feature, if the web application has not been developed securely 8
Defeating Encryption John Bambenek 22/11/04 Encryption is good. It helps make things more secure. However, the idea that strong cryptography is good security by itself is simply wrong. Encrypted messages eventually have to be decrypted so they are useful to the sender or receiver. If those end-points are not secured, then getting the plain-text messages is trivial. This is a demonstration of a crude process of accomplishing that. 6
The Implementation of Passive Covert Channels in the Linux Kernel Joanna Rutkowska 04/03/05 The goal of this paper is to describe the idea of so called passive covert channels (PCC), which might be used by malware to leak information from the compromised hosts. This idea has been implemented in a proof-of-concept tool, called NUSHU. The primary goal of the PCC is to be as stealth as possible by not generating its own traffic at all. To be actually useful PCC should be combined with some kind of password sniffer or other information gathering software running on the compromised host. 9
Deterring The Negative Effects of Spyware Alex Estevez 25/04/05 Alex Estevez writes an article of deterring the growing threat of adware and spyware. 3
XSS Vulnerabilities, So understimated, so dangerous Zinho 29/04/05 ZINHO from Hackerscenter submitted this paper that demontrates how common and understimated Cross Site Scripting is. He provides real world scenarios that explain how dangerous simple xss holes can be. 3
Bypassing Non-Executable-Stack During Exploitation Using return-to-libc c0ntex 10/08/05 C0ntex submits this technical exploitation paper on executing a buffer overflow on systems with non-executable stacks with examples, a step-by-step guide and what one can do to protect against such attacks. 9
Defeating Firewalls : Sneaking Into Office Computers From Home Manu Garg 12/08/05 Manu Garg submits this paper discussing ways to tunnel traffic past corporate firewalls. It includes scripts and methods freely available. 9
GOT Hijack - return-to-got c0ntex 26/09/05 C0ntex submits this short paper that discusses the method of overwriting a pointer that is used in a function, to overwrite the associated entry in the Global Offset Table, allowing one to redirect the execution flow of a program. 8
Software Security and Reverse Engineering Hardik Shah 03/10/05 Hardik Shah contributes this paper on reverse engineering software, the protection schemes vendors use and some tools to assist. 8
IPC and it's Security Issues Preeteesh Kakkar 05/10/05 This is a short article on Processes and manipulating them by Preeteesh Kakkar. 9
Cookie Dethroning.::DEMYSTIFIED Part A Aditya Sood 26/10/05 Aditya Sood contributed this first of 2 papers that cover Everything one could ever want to know about Cookies. 7
Cookie Dethroning.::DEMYSTIFIED Part B Aditya Sood 31/10/05 Part B of a two part paper on everything you need to know about Cookies by Aditya Sood. This part includes discussion on Cookies, Bookmarks, Cache, and more. 1
Exegesis of Virtual Hosts Hacking Petko Petkov and pagvac 27/03/06 This text, submitted by Petko Petkov and Pagvac, discusses virtual host discovery using tecniques such as active enumeration, querying public databases and probing DNS. They also provide proof of concept using a specific tool. 8
The War in the Stack Ge Zhang 17/05/06 This paper, written by Ge Zhang, mainly focuses on the stack which is always interested by hackers and security researchers. 7
Web Application Security: Unvalidated Input Tom Olzak 26/06/06 Tom Olzak writes this paper on how applciations process user input and how validation helps protect. No votes
Session Hijacking: Exploiting TCP, UDP and HTTP Sessions Shray Kapoor 21/07/06 The purpose of this paper, written by Shray Kapoor, is to illustrate a common cum valiant security threat to which most systems are prone to i.e. Session Hijacking. 7
Web Application Security - Buffer Overflows: Are You Really at Risk? Tom Olzak 29/08/06 Tom Olzak submits this article on identifying how vulnerable your web applications are to buffer overflows. 1
Application Error Handling: How to Avoid Death by a Thousand Cuts Bryan Sullivan 02/10/06 Bryan Sullivan from Spi Dynamics submits this article on Application Error handling, how it used by an attacker, and steps to mitigate this risk. No votes
AJAX Security Bryan Sullivan 09/10/06 Bryan Sullivan from SpiDynamics presents this brief paper on AJAX security. No votes
Security Code Review - Identifying Web Vulnerabilities Kiran Maraju 13/10/06 This paper, written by Kiran Maraju, gives an introduction of security code review inspections, and provides details about web application security vulnerabilities identification in the source code. 7
Malicious Code Injection: It’s Not Just for SQL Anymore Bryan Sullivan 03/11/06 Bryan Sullivan contributes this paper discussing injecting data beyond SQL, LDAP and XPath as examples, and what one can do to protect themselves. 10
Ebay Attacking Online Jargon Aditya Sood 06/12/06 This article, submitted by Aditya Sood, relates to various online attacks that occurs through ebay and gets to core how the things are manipulated by the hackers to get work done of their own choice. This includes redirection attacks , phishing attacks and bypassing login attacks which are usually run on the net now a days. 10
End Points Malfeasance Aditya Sood 28/02/07 This article, written by Aditya Sood, shows the advancement in the flaw that occur in the end point technology ie client/server transactions. No votes
Infection Vectors In JSON Uniform Messaging Protocol Aditya Sood 23/03/07 This article, written by Aditya Sood, clearly explains the infection vectors in the JSON Uniform Messaging Protocol. No votes
The Analogy of Pop Ups Aditya Sood 25/09/07 Aditya Sood submits this paper which discusses the latest third party popup attacks that are performed by an attacker from the rogue and vulnerable links of the web sites to circumvent the normal functioning on the web. Excellent examples and proof of concepts. 4
SIPVicious: How to Get the Job Done Sandro Gauci 24/10/07 Sandro Gauci submits this fun paper about a malicious employee / penetration tester launches an attack on the VoIP / Asterisk PBX. 9
Anatomy of an XSS Attack Russ McRee 06/01/09 This submission by Russ McRee is a first-person narrative, written from the perspective of an attacker utilizing crosssite scripting (XSS) methodology combined with phishing. 10
Steps Involved in Exploiting a Buffer Overflow Vulnerability using a SEH Handler Ronnie Johndas 10/04/09 Ronnie Johndas submits this paper on finding and exploiting a buffer overflow in an activex application. 10
Old School Newbie Guide circa 2000 Raven 06/12/11 This is a flashback paper written by the founder and creator of SWG, our original site. Later it changed ownership and direction and became ISW. To those that remember Raven, enjoy! This is in celebration of our 10 year anniversary at ISW! 9

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , All rights reserved. Comments are property of the respective posters.