|
The Database Hackers Handbook
|
|
Hits: 14 |
|
Date added: 09/09/2006 |
|
This book is aimed at people who are interested in the practical reality of database security. This includes database administrators, network administrators, security auditors, and the broader security research community. The book is unashamedly technical, and the reader is assumed to be familiar with well-known security concepts such as buffer overflows, format string bugs, SQL injection, basic network architecture, and so on. We dip into C, C++, and even assembler source code from time to time, but in general, programming skills aren't necessary in order to understand the material. |
|
|
|
|
|
|
Writing Security Tools And Exploits
|
|
Hits: 14 |
|
Date added: 10/18/2006 |
|
In most information technology circles these days,the term exploits has become synonymous with vulnerabilities or in some cases, buffer overflows.It is not only a scary word that can keep you up at night wondering if you purchased the best firewalls,configured your new host-based intrusion prevention system correctly,and have patched your entire environment,but can enter the security water-cooler discussions faster than McAfee’s new wicked anti-virus software or Symantec’s latest acquisition.Exploits are proof that the computer science,or software programming,community still does not have an understanding (or,more importantly,firm knowledge) of how to design,create,and implement secure code.
Like it or not,all exploits are a product of poorly constructed software programs and talented software hackers – and not the good type of hackers that trick out an application with interesting configurations.These programs may have multiple deficiencies such as stack overflows,heap corruption,format string bugs,and race conditions—the first three commonly being referred to as simply buffer overflows.Buffer overflows can be as small as one misplaced character in a million-line program or as complex as multiple character arrays that are inappropriately handled.
Building on the idea that hackers will tackle the link with the least amount of resistance,it is not unheard of to think that the most popular sets of software will garner the most identified vulnerabilities.While there is a chance that the popular software is indeed the most buggy,another angle would be to state that the most popular software has more prying eyes on it.
TABLE OF CONTENT:
Chapter 01 - Writing Exploits and Security Tools
Chapter 02 - Assembly and Shellcode
Chapter 03 - Exploits: Stack
Chapter 04 - Exploits: Heap
Chapter 05 - Exploits: Format Strings
Chapter 06 - Writing Exploits I
Chapter 07 - Writing Exploits II
Chapter 08 - Coding for Ethereal
Chapter 09 - Coding for Nessus
Chapter 10 - Extending Metasploit I
Chapter 11 - Extending Metasploit II
Chapter 12 - Extending Metasploit III
Appendix A - Data Conversion Reference
Appendix B - Syscall Reference
Appendix C - Taps Currently Embedded in Ethereal
Appendix D - Glossary |
|
|
|
|
|
Smart-Phones Attacks and Defenses
|
|
Hits: 14 |
|
Date added: 06/08/2007 |
|
In this paper, we wish to alarm the community that the long realized risk of interoperation with the Internet is becoming a reality: Smart-phones,interoperable between the telecom networks and the Internet, are dangerous conduits for Internet security threats to reach the telecom infrastructure. The damage caused b ysubverted smart-phones could range from privacy violation and identity theft to emergency call center DDoS attacks and national crises. We also describe defense solution space including smart-phone hardening approaches, Internet-side defense, telecom-side defense, and coordination mechanisms that may be needed between the Internet and telecom networks. Much of this space is yet to be explored. |
|
|
|
|
|
|
Mastering windows network forensincs
|
|
Hits: 14 |
|
Date added: 09/12/2007 |
|
Conduct Cutting-Edge Forensic Investigations of Computer Crimes |
|
|
|
|
|
|
SEH Overwrites Simplified
|
|
Hits: 16 |
|
Date added: 12/18/2007 |
|
This paper goes through the SEH Overwrites on two different Windows platforms using the aid of
diagrams of the stack. Of course information related to this will also be documented. A basic
knowledge of C, stack operation and exploiting stack based buffer overflows is assumed and
needed to understand the contents of this paper. |
|
|
|
