Section: .. / papers / general /
| /// File Name: |
050819-securing-mac-os-x-tiger.pdf |
Description:
|
Corsaire (www.corsaire.com/white-papers/) has released a fully updated version of their guide to securing Mac OS X to cover the new security features offered by Mac OS X 10.4 Tiger (such as ACLs) as well as incorporating additional security guidelines that were omitted in the original (10.3) guide.
| | Author: | Stephen de Vries | | Homepage: | http://www.corsaire.com/white-papers/ | | File Size: | 751834 | | Last Modified: | Aug 26 00:55:07 2005 |
| MD5 Checksum: | 021cca9d23a8be3656a5f08e6bc300ec |
|
| /// File Name: |
WIPv011.tgz |
Description:
|
Whitepaper giving an overview of a security assessment against Windows NT machines when penetration testing. Provides insight from both attacker and administrative perspectives.
| | Author: | Adrian Pastor aka pagvac | | File Size: | 740406 | | Last Modified: | Jan 26 23:29:09 2005 |
| MD5 Checksum: | 6c638d17610ae47a614b8c4765cfc7b1 |
|
| /// File Name: |
InternetProtocol.pdf |
Description:
|
This document aims to raise awareness about the many security threats based on the IP protocol, those that we are currently facing, and those we may still have to deal with in the future. It provides advice for the secure implementation of the IP, and also insights about the security aspects of the IP that may be of help to the Internet operations community.
| | Author: | Fernando Gont | | Homepage: | http://www.cpni.gov.uk/ | | File Size: | 675316 | | Last Modified: | Aug 14 20:12:10 2008 |
| MD5 Checksum: | 8621c729eab84344f70a70121b88b710 |
|
| /// File Name: |
hacking_unix_2nd-us.pdf |
Description:
|
Hacking Unix is a new beginners guide to hacking. The first part covers basic fundamental knowledge one should know regarding the Internet, security, and Unix. The second half covers network profiling, compromises, and backdooring.
| | Author: | detach | | Homepage: | http://hackaholic.org/Hacking_Unix_2/ | | File Size: | 652094 | | Last Modified: | Jul 7 11:21:00 2004 |
| MD5 Checksum: | e056c69db9850f54b0a53b6c9c42fd41 |
|
| /// File Name: |
elf-1.tbz |
Description:
|
Project Freedocs Volume 3 - A collection of tutorials regarding elf programming.
| | Author: | Bugghy | | Homepage: | http://vaida.bogdan.googlepages.com/ | | File Size: | 650891 | | Last Modified: | Sep 9 04:05:32 2004 |
| MD5 Checksum: | 1e8c74bcb9a66fd9d469b5f26afa165e |
|
| /// File Name: |
html5whitepaper.pdf |
Description:
|
Abusing HTML 5 Structured Client-Side Storage - A whitepaper analyzing security implications of this technology and how showing how different attacks can be conducted.
| | Author: | Alberto Trivero | | Homepage: | http://www.codebug.org | | File Size: | 572736 | | Last Modified: | Jul 21 17:56:20 2008 |
| MD5 Checksum: | cd342087438c5a1b591b57870b770d41 |
|
| /// File Name: |
part3.ps |
Description:
|
An Introduction to Computer Security: The NIST Handbook: A publication of the US National Institute of Standards and Technology. Draft Copy. Part III.
| | File Size: | 557336 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | ccdde02987842a5e481a21901110d6d3 |
|
| /// File Name: |
security-policy.pdf |
Description:
|
This paper outlines the strategies and managing of the processes behind implementing a successful Security Policy. Additionally, it gives recommendations for the creation of a Security Awareness Program, where the main objective would be to provide a staff with a better understanding of the issues stated in a security policy.
| | Author: | Dancho Danchev | | Homepage: | http://www.windowsecurity.com/ | | File Size: | 556798 | | Last Modified: | Sep 20 02:38:36 2005 |
| MD5 Checksum: | b57d540352ef547932a99d43e16c848d |
|
| /// File Name: |
part2.ps |
Description:
|
An Introduction to Computer Security: The NIST Handbook: A publication of the US National Institute of Standards and Technology. Draft Copy. Part II.
| | File Size: | 548684 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | 3190868284afdfe682e7d1790c0139e5 |
|
| /// File Name: |
core_vulnerabilities.pdf |
Description:
|
Vulnerabilities in your code and Advanced Buffer Overflows - A paper by CoreSecurity that underlines some of the most common mistakes made by programmers, presented as ten examples. Paper shows the exact location of vulnerabilities in codes, providing detailed explanations and exploits for each one found.
| | Author: | gera | | Homepage: | http://www.core-sec.com/ | | File Size: | 522303 | | Last Modified: | Nov 17 01:50:53 2002 |
| MD5 Checksum: | 500b253d035fcffa897c6bfe277aed28 |
|
| /// File Name: |
RCE_PDF.zip |
Description:
|
This paper is intended as an introduction to reverse engineering for someone who has no experience on the subject.
| | Author: | Craig Heffner | | Homepage: | http://www.craigheffner.com/ | | File Size: | 513936 | | Last Modified: | Sep 7 04:14:14 2006 |
| MD5 Checksum: | d0323f4d500864e2a4fd71e1607fc5a1 |
|
| /// File Name: |
part4.ps |
Description:
|
An Introduction to Computer Security: The NIST Handbook: A publication of the US National Institute of Standards and Technology. Draft Copy. Part IV.
| | File Size: | 505610 | | Last Modified: | Oct 1 17:22:48 1999 |
| MD5 Checksum: | a17d9b0662b7209a0da4ec6ad75535c0 |
|
| /// File Name: |
NISR-AntiBruteForce.pdf |
Description:
|
Authentication processes in web-based applications are frequently vulnerable to automated brute force guessing attacks. Whilst commonly proposed solutions make use of escalating time delays and minimum lockout threshold strategies, these tend to prove ineffectual in real attacks and may actually promote additional attack vectors. Resource metering through client-side computationally intensive "electronic payments" can provide an alternative strategy in defending against brute force guessing attacks. This whitepaper discusses how such a solution works and the security advantages it can bring.
| | Author: | Gunter Ollmann | | Homepage: | http://www.nextgenss.com/ | | File Size: | 489812 | | Last Modified: | Mar 22 10:46:18 2005 |
| MD5 Checksum: | 0b4494791f61ecd4804eee34f97360b8 |
|
| /// File Name: |
wiretap.pdf |
Description:
|
Signaling Vulnerabilities In Wiretapping Systems. This white paper discusses vulnerabilities and countermeasures that exist within commonly used wiretapping systems by the government.
| | Author: | Micah Sherr,Eric Cronin,Sandy Clark,Matt Blaze | | Homepage: | http://www.crypto.com/papers/wiretapping/ | | File Size: | 464443 | | Last Modified: | Dec 10 16:37:51 2005 |
| MD5 Checksum: | 60ff9fa476112db51624c46807aa29b8 |
|
| /// File Name: |
SecurityIPTelephonyNetworks.pdf |
Description:
|
IP Telephony based networks, which might be a core part of our Telephony infrastructure in the near future, introduce caveats and security concerns which traditional telephony based networks do not have to deal with, have long forgotten about, or have learned to cope with. The security risk is usually overshadowed by the technological hype and the way IP Telephony equipment manufacturers push the technology to the masses. This paper highlights the different security risk factors with IP Telephony based networks.
| | Author: | Ofir Arkin | | File Size: | 459385 | | Last Modified: | Nov 24 22:50:16 2002 |
| MD5 Checksum: | e013b1ffa4ad1861992a3a2038e98d7b |
|
| /// File Name: |
PBX-draft.doc |
Description:
|
Finding Holes in Your PBX Before Someone Else Does. Covers switching algorithms, susceptibility to tapping, conferencing, remote access, maintenance feature vulnerabilities, line testing capabilities, undocumented maintenance features, software loading and update tampering, tamper and error detection, crash-restart attacks, live microphone vulnerabilities, embedded login IDs and passwords, alarms and audit trails, silent monitoring, override (intrude), voice mail security, and denial of service.
| | Author: | National Institute of Standards and Technology | | Homepage: | http://csrc.nist.gov/publications | | File Size: | 440320 | | Last Modified: | Jul 12 17:47:25 2000 |
| MD5 Checksum: | 449ccc1c7ad6877d73a42e91fd094d08 |
|
| /// File Name: |
FiTechSummit_final_paper.pdf |
Description:
|
This presentation was given by the keynote speaker at the FiTech Summit 2005. It is entitled "How It's Difficult to Ruin a Good Name: An Analysis of Reputational Risk".
| | Author: | Kenneth F. Belva | | Homepage: | http://www.ftusecurity.com | | File Size: | 436192 | | Last Modified: | Sep 26 01:04:13 2005 |
| MD5 Checksum: | 5131f07bb7a4df687b2eb4106ce4c174 |
|
| /// File Name: |
Inf_Pr_Ldap_Gar_Dumps.pdf |
Description:
|
The LDAP garbage dump that remains on web server results in information disclosure. Security of LDAP may be compromised, if for instance a search engine crawls through untamed directories on the web server and finds information through the ldap.xml file.
| | Author: | Aditya K Sood | | Homepage: | http://www.secniche.org/ | | File Size: | 436128 | | Last Modified: | Dec 4 00:27:02 2007 |
| MD5 Checksum: | 16a4b1bd047ad43f4255dac007b0a1f8 |
|
| /// File Name: |
InformationSecurity.pdf |
Description:
|
Whitepaper entitled "The Role of Modeling and Simulation in Information Security".
| | Author: | Mohammad Heidari | | File Size: | 414687 | | Last Modified: | Feb 9 00:02:52 2006 |
| MD5 Checksum: | 9a3b07d375e390281e4dc563bbebf6b8 |
|
| /// File Name: |
instrumental.pdf |
Description:
|
Whitepaper discussing how to generate runtime call graphs using certain GCC features.
| | Author: | Sebastian Krahmer | | File Size: | 406833 | | Last Modified: | Jun 26 23:39:35 2006 |
| MD5 Checksum: | 4406692f431765df98c31d321f8c9fcc |
|
| /// File Name: |
compvuln_draft.pdf |
Description:
|
Online copy of the book "Computer Vulnerabilities" covers a complete description of how vulnerabilities can be catagoried, adding great detail to previous works on vulnerability taxonomies. This book is a draft, but because of the dynamic nature of network publications, can be revised at any time.
| | Author: | Eric Knight | | Homepage: | http://www.securityparadigm.com | | File Size: | 399694 | | Last Modified: | Mar 11 02:42:20 2000 |
| MD5 Checksum: | c0bbb76448c755c0f05135d0f9e7297d |
|
| /// File Name: |
binfmt-es.pdf |
Description:
|
Polluting sys_execve() in kernel space without depending on the sys_call_table[]: A paper discussing design weaknesses in the linux kernel's handling of simply linked lists used to register binary formats. Spanish Version.
| | Author: | SHELLCODE Security Research TEAM | | Homepage: | http://www.shellcode.com.ar | | File Size: | 392521 | | Last Modified: | Oct 9 19:46:25 2006 |
| MD5 Checksum: | ed63f18b799338c8d20d7f13b9c637fe |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
