Section: .. / papers / general /
| /// File Name: |
report.pdf |
Description:
|
Whitepaper discussing how DNS can be used for detecting and monitoring in a network.
| | Author: | Antoine Schonewille,Dirk-Jan van Helmond | | File Size: | 244923 | | Last Modified: | Feb 25 20:34:33 2006 |
| MD5 Checksum: | 741418521669132f0fd03db71e85f5c9 |
|
| /// File Name: |
reverse_backdoored_binaries.txt |
Description:
|
Well written whitepaper about reverse engineering backdoored binaries. It is meant for the beginner reverse engineer with some knowledge of ELF, C, x86 ASM, and Linux.
| | Author: | Chris | | Homepage: | http://www.cr-secure.net/ | | File Size: | 28027 | | Last Modified: | Apr 19 09:49:00 2004 |
| MD5 Checksum: | 44254a0ab92d356cf69959d3c8060f44 |
|
| /// File Name: |
reverseeng.pdf |
Description:
|
This paper aims to present a methodical framework for high-level reverse engineering. The methodology is a culmination of existing tools and techniques within the IT security research community, which presents ways to identify process operation at a higher-level of abstraction than traditional binary reversing.
| | Author: | Matthew Lewis | | Homepage: | http://www.irmplc.com/ | | File Size: | 1276878 | | Last Modified: | Oct 2 00:31:35 2007 |
| MD5 Checksum: | ad6255431165e52467be53fd14fa775b |
|
| /// File Name: |
rfpolicy-2.0.txt |
Description:
|
RFPolicy 2.0 - rain forest puppy's policy on notifying vendors and releasing security vulnerabilities.
| | Author: | rain forest puppy | | Homepage: | http://www.wiretrip.net | | Changes: | Less stringent on timeframes, more stringent on communication. Thanks to everyone who contributed. I also added some supporting notes (FAQ, etc) to help dispell some misconceptions on it. | | File Size: | 15498 | | Last Modified: | Oct 17 15:45:59 2000 |
| MD5 Checksum: | 4bb04bf50ab00e365ec966deb62c2a7a |
|
| /// File Name: |
RogueXMLSpecific.pdf |
Description:
|
Whitepaper entitled Rogue XML Specifications. It discusses insecurities that relate to XML schema.
| | Author: | Aditya Sood | | Homepage: | http://zeroknock.metaeye.org/ | | File Size: | 222734 | | Last Modified: | Feb 27 19:38:50 2007 |
| MD5 Checksum: | f09a65b98a3e2e12185cf646d3e793ae |
|
| /// File Name: |
Secure-Programs-HOWTO.htm |
Description:
|
Secure Programming Howto - This paper provides a set of design and implementation guidelines for writing secure programs for Linux systems. Such programs include application programs used as viewers of remote data, CGI scripts, network servers, and setuid/setgid programs.
| | Author: | David A. Wheeler | | File Size: | 7529 | | Last Modified: | Jan 11 21:00:27 2000 |
| MD5 Checksum: | 24859d444efc55ac3c4fe643fd1ff557 |
|
| /// File Name: |
secure_smtp_proxy_for_protecting_mt..> |
Description:
|
Whitepaper entitled "Secure SMTP Proxy for Protecting Mail Transfer Agents". This is a 70 page document that discusses new angles for defending mail daemons and more.
| | Author: | Alin-Adrian Anton | | File Size: | 880872 | | Last Modified: | Sep 5 20:24:58 2007 |
| MD5 Checksum: | 5328c8e51d8209c0781888d131361c97 |
|
| /// File Name: |
SecureDevelopmentv06.pdf |
Description:
|
Corsaire White Paper: Secure Development Framework. This paper addresses the need for an infrastructure to exist in which things are securely developed to help mitigate the high costs incurred when vulnerable software is released into the wild.
| | Author: | Glyn Geoghegan | | Homepage: | http://www.corsaire.com | | File Size: | 343216 | | Last Modified: | May 19 21:19:44 2004 |
| MD5 Checksum: | 7155cf428ccb06b0b9b83af4dbfd755f |
|
| /// File Name: |
securing_a_webserver.txt |
Description:
|
Whitepaper discussing a lockdown methodology for a Cent OS 5 server with Apache and Cpanel installed.
| | Author: | QKrun1x | | File Size: | 21682 | | Last Modified: | Jul 16 20:03:24 2008 |
| MD5 Checksum: | c48568dcf8bbd3abcdfa1033ce6b1f2c |
|
| /// File Name: |
security-policy.pdf |
Description:
|
This paper outlines the strategies and managing of the processes behind implementing a successful Security Policy. Additionally, it gives recommendations for the creation of a Security Awareness Program, where the main objective would be to provide a staff with a better understanding of the issues stated in a security policy.
| | Author: | Dancho Danchev | | Homepage: | http://www.windowsecurity.com/ | | File Size: | 556798 | | Last Modified: | Sep 20 02:38:36 2005 |
| MD5 Checksum: | b57d540352ef547932a99d43e16c848d |
|
| /// File Name: |
Security_Breach_Survey.pdf |
Description:
|
White and Case, a top NYC law firm, posted a survey on Data Security Breach Notifications on September 26, 2005. From the press release: "Victims of personal data security breaches are showing their displeasure by terminating relationships with the companies that maintained their data, according to a new national survey sponsored by global law firm White & Case. The independent survey of nearly 10,000 adults, conducted by the respected privacy research organization Ponemon Institute, reveals that nearly 20 percent of respondents say they have terminated a relationship with a company after being notified of a security breach."
| | Author: | Ponemon Institute | | Homepage: | http://www.whitecase.com/news/news_detail.aspx?newsid=11731&type=News%20Releases | | File Size: | 330889 | | Last Modified: | Oct 4 00:14:13 2005 |
| MD5 Checksum: | 57fc4866bcbc56b61a9f66cfed7993e4 |
|
| /// File Name: |
SecurityIPTelephonyNetworks.pdf |
Description:
|
IP Telephony based networks, which might be a core part of our Telephony infrastructure in the near future, introduce caveats and security concerns which traditional telephony based networks do not have to deal with, have long forgotten about, or have learned to cope with. The security risk is usually overshadowed by the technological hype and the way IP Telephony equipment manufacturers push the technology to the masses. This paper highlights the different security risk factors with IP Telephony based networks.
| | Author: | Ofir Arkin | | File Size: | 459385 | | Last Modified: | Nov 24 22:50:16 2002 |
| MD5 Checksum: | e013b1ffa4ad1861992a3a2038e98d7b |
|
| /// File Name: |
seh-paper.txt |
Description:
|
Playing around with SEH (the Structured Exception Handler).
| | Author: | suN8Hclf | | Homepage: | http://www.dark-coders.pl/ | | File Size: | 41425 | | Last Modified: | Aug 18 20:00:12 2008 |
| MD5 Checksum: | 679821c48bb8441a75d5ed76b003bd45 |
|
| /// File Name: |
server_security.txt |
Description:
|
Whitepaper discussing a lockdown methodology for a Cent OS 5 server with Apache installed.
| | Author: | QKrun1x | | File Size: | 21584 | | Last Modified: | Oct 30 19:49:06 2008 |
| MD5 Checksum: | dcb47cf92dc9edbc577e62c87ea5a8c7 |
|
| /// File Name: |
Software.Distribution.Malware.Infec..> |
Description:
|
This paper presents an efficient mechanism as well as the corresponding reference implementation for on-the-fly infecting of executable code with malicious software. Their algorithm deploys virus infection routines and network redirection attacks, without requiring the modification of the application itself. This allows infection of executables with an embedded signature when the signature is not automatically verified before execution. They briefly discuss countermeasures such as secure channels, code authentication as well as trusted virtualization that enables the isolation of untrusted downloads from other applications running in trusted domains or compartments.
| | Author: | Felix Groebert | | Homepage: | http://groebert.org/felix | | File Size: | 223713 | | Last Modified: | Jul 18 17:30:01 2008 |
| MD5 Checksum: | f0295501b1659600e2481f6a2cb082cb |
|
| /// File Name: |
SQLInjectionWhitePaper.pdf |
Description:
|
SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries without stripping illegal characters first. Despite being remarkably simple to protect against, there is an astonishing number of production systems connected to the Internet that are vulnerable to this type of attack. The objective of this paper is to educate the professional security community on the techniques that can be used to take advantage of a web application that is vulnerable to SQL injection as well as make clear the correct mechanisms that should be put in place to protect against SQL injection, as well as input validations problems in general.
| | Author: | SPI Labs | | Homepage: | http://www.spidynamics.com | | File Size: | 816899 | | Last Modified: | Feb 2 03:20:35 2002 |
| MD5 Checksum: | e67624e3913f0dd2dea2ddbae0a5f3dd |
|
| /// File Name: |
ssh_tunnels.txt |
Description:
|
Encrypted Tunnels using SSH and MindTerm - This paper will discuss using Secure Shell (SSH) and MindTerm to secure organizational communication across the Internet. Easy to setup and reliable software need to be used in order to allow the inexperienced users the ability to quickly establish secure communication channels.
| | Author: | Duane Dunston | | Homepage: | http://www.linuxsecurity.com | | File Size: | 34275 | | Last Modified: | May 30 19:25:25 2001 |
| MD5 Checksum: | c6f772e94054386472ab1a226d50571d |
|
| /// File Name: |
stakkato.pdf |
Description:
|
Paper discussing the Stakkato intrusions which ultimately resulted in the theft of IOS source code released by one of the affected sites detailing how they caught stakkato.
| | Author: | Micheal Turner | | Homepage: | http://www.nsc.liu.se/~nixon/stakkato.pdf | | File Size: | 163111 | | Last Modified: | May 25 21:30:34 2006 |
| MD5 Checksum: | 3a6f5bc541aea4bfd352fdd6d8431aeb |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
