the original cloud security
Showing 1 - 25 of 69 RSS Feed

Files

fmat.txt
Posted Oct 21, 2006
Authored by K-sPecial | Site xzziroz.net

An alternative method in format string exploitation - a paper discussing a method of making format string exploits static again on 2.6 with random VA.

tags | paper
systems | unix
MD5 | 3323b524868edd9e4a53cd3146c4d95f
AIX_Security.pdf
Posted Jul 28, 2004
Authored by Andre Derek Protas

White paper on basic security and hardening procedures for AIX. Many of the features and functions shown throughout this guide are applicable to AIX 4.3 and above, but are more directed towards AIX 5.2. This guide attempts to cover a lot of ground and offers useful and necessary insight for anyone administering AIX machines.

tags | paper
systems | unix, aix
MD5 | 7ee76c37cf394cc8018decb23e4e558e
040622-securing-mac-os-x.pdf
Posted Jul 11, 2004
Site corsaire.com

Whitepaper on hardening Mac OS X. The paper includes a very brief introduction to the firmware, descriptions of hardening using both GUI and command-line interface.

tags | paper
systems | unix, apple, osx
MD5 | 8ceae1cb4e535ef6a400f5013566136e
mac.txt
Posted Apr 17, 2004
Authored by Bugghy | Site vaida.bogdan.googlepages.com

Mandatory Access Control tutorial to correctly and safely install, configure, and use MAC policies. Written for FreeBSD users. Full step by step details given with explanations.

tags | paper
systems | unix, freebsd
MD5 | 6863069367b013e42b38720c4e26da80
init_rpi.txt
Posted Dec 30, 2003
Authored by Christophe Devine

Whitepaper detailing how to successfully patch the linux kernel in order to allow ptracing /sbin/init, and subsequently inject a connect-back shellcode into the target process. Patch code included.

tags | paper, kernel, shellcode
systems | linux, unix
MD5 | 416c6fffc2174a4c171d7edaeccba127
ebpoverflow.txt
Posted Oct 30, 2003
Authored by Nebunu

One Byte Frame Pointer Overwrite Hardcoded Exploits - This paper describes how to exploit overflows which are off by only one byte. Includes sample code.

tags | paper, overflow
systems | unix
MD5 | 3b316253703503292efec1f27f80389a
manipulating.dtors.txt
Posted Jul 6, 2003
Authored by Bob, dsr

A paper that details the manipulation of the destructor when utilizing a buffer overflow, a format string attack, or corrupting a malloc chunk.

tags | paper, overflow
systems | unix
MD5 | cf655444e6c3559bebdf6fd69d4b4aeb
fstream-overflows.txt
Posted Feb 3, 2003
Authored by Killah | Site hack.gr

This paper describes FILE stream overflow vulnerabilities and illustrates how they can be exploited. The author uses a FILE stream overflow in dvips as a case study.

tags | paper, overflow, vulnerability
systems | unix
MD5 | 886e4343079f8bdc593fe647b77e9859
core_format_strings.pdf
Posted Jan 23, 2003
Authored by Core Security Team | Site core-sec.com

Vulnerabilities in Your Code Part II - Format string vulnerabilities and exploitation. Shows the exact location of the vulnerabilities, providing detailed explanations and exploits for each one found.

tags | paper, vulnerability
systems | unix
MD5 | bb907eb9a4f60e0c9bfc8c3f75d6307a
tmpwatch.txt
Posted Dec 21, 2002
Authored by Michal Zalewski | Site lcamtuf.coredump.cx

Common use of 'tmpwatch' utility and its counterparts triggers race conditions in many applications, sometimes allowing privilege escalation. Includes information on races, file removal, fixes, and more.

tags | paper
systems | unix
MD5 | 6d1fa3c3d46b67c59286f2608ec45dba
tcp.acknowledgement.txt
Posted Oct 10, 2002
Authored by Rohits

This paper describes how it is possible to send data in TCP headers using the acknowledgment numbers.

tags | paper, tcp
systems | unix
MD5 | 5b7707d3ef0d959aaa728fe2bc4894b0
FV.txt
Posted Sep 17, 2002
Authored by Bob, dsr | Site blaat.dtors.net

Finding Vulnerabilities - This paper explains the auditing of C source code to find application exploits. Includes a practical example of how to hack an IDS that was coded for a website.

tags | paper, vulnerability
systems | unix
MD5 | 6e349f14320160b2b874d172bdb12a94
shellcodin.txt
Posted Sep 17, 2002
Authored by Bob, dsr | Site blaat.dtors.net

Shellcoding - How to write shellcode for Linux/x86. Includes parts I + II.

tags | paper, x86, shellcode
systems | linux, unix
MD5 | f6ce6ce0746488247aaaf2c3ee8e867c
snmprizzo.txt
Posted Aug 29, 2002
Authored by Ron Sweeney, Jerry Matt

This paper will discuss setting up encrypted communication for SNMP agents and trapd hosts through the use of Zebedee (Zee-bee-dee) UDP tunneling and encryption features. The goal is encrypted SNMP traps from the hosts to the management station and encrypted polling of the SNMP agent running on the host. All SNMP communication is handled by Zebedee with proper firewall filtering practices.

tags | paper, udp
systems | unix
MD5 | 248e08ed78b2ca065b381f79b54c301c
fmt.tar.gz
Posted Aug 23, 2002
Authored by Delikon | Site delikon.de

Fmt.tar.gz contains tutorials in English and German on exploiting local format string vulnerabilities. This is a summary of tutorials from http://community.core-sdi.com/~juliano and includes sample code.

tags | paper, web, local, vulnerability
systems | unix
MD5 | 07f78152dbb1ed57e5ed511cdda34553
writing-linux-kernel-keylogger.txt
Posted Jul 24, 2002
Authored by thc, rd | Site thc.org

Writing Linux kernel based key loggers - Includes a sample key logger which can log user input and passwords.

tags | paper, kernel
systems | linux, unix
MD5 | d22ed0dc349f3db7b6501802d30e8294
linux-390-shellcode-devel.txt
Posted Jul 24, 2002
Authored by thc, Johnny Cyberpunk | Site thc.org

Writing shellcode for Linux/390 mainframes. Includes port binding shellcode example.

tags | paper, shellcode
systems | linux, unix
MD5 | 7065ee89fdd6f0feef6c441ebd9d9031
memorylayout.txt
Posted Jul 8, 2002
Authored by Frederick Giasson | Site decatomb.com

Memory Layout - Detailed information on memory management.

tags | paper
systems | unix
MD5 | eccc537f79e41f8e72c26f58a7c3722d
remotefmt-howto.txt
Posted Apr 25, 2002
Authored by Frederic Raynal

How to Remotely Exploit Format String Bugs - A practical tutorial. Includes info on guessing the offset, guessing the address of the shellcode in the stack, using format string bugs as debuggers, examples, etc.

tags | paper, shellcode
systems | unix
MD5 | 8d086961f802114fdecba45f4f33283f
sparc.zip
Posted Jan 25, 2002
Authored by David Litchfield | Site atstake.com

This document describes buffer overrun vulnerabilities on Sun Microsystems SPARC machines. We will begin by examining the SPARC architecture, looking at the registers and the stack. We will then go on to see exact how buffer overrun vulnerabilities occur and how control over the processes execution is gained under SPARC and then detail how, from here, the vulnerability can be exploited to gain control over the computer by looking at exploit code that spawns a shell under Solaris.

tags | paper, overflow, shell, vulnerability
systems | unix, solaris
MD5 | f84c8fdc8a46ebf7eb620006ec7dd07d
elf-runtime-fixup.txt
Posted Jan 17, 2002
Authored by Mayhem | Site devhell.org

Reversing the ELF - Stepping with GDB during PLT uses and .GOT fixup. This is a GDB tutorial about runtime process fixup using the Procedure Linkage Table section (.plt) and the Global Offset Table section (.got) by the dynamic linker ld-linux.so. ASM knowledge will be helpful. More info on ELF here.

tags | paper
systems | linux, unix
MD5 | a0158f7bb4c8098db9f9a4a633b10155
scantactics.doc
Posted Jan 11, 2002
Authored by Zack Walko

How Nmap scans work - This MS word document has information on how some of the different nmap scan types work.

tags | paper
systems | unix
MD5 | 159e1b0b51c948797a4feab7aa315e2e
promiscuous_detection_01.pdf
Posted Dec 9, 2001
Site securityfriday.com

In the local network, the act of sniffing has become a serious threat. Malicious users can use sniffing techniques to steal confidential documents and anyone's privacy by sniffing the network. Sniffing causes privacy intrusion, and can be done simply by downloading free sniffer tools from the Internet and installing them into a personal computer that resides on the local network. The documentation below discusses the use of Address Resolution Protocol (ARP) packets to effectively detect malicious users when they are sniffing the network. The tool Promiscan implements the techniques discussed in this document.

tags | paper, local, protocol
systems | unix
MD5 | bc65962e49e09ab64b3e0d74e72cfe7d
formatstring-1.2.tar.gz
Posted Oct 11, 2001
Authored by teso, scut | Site team-teso.net

Exploiting Format String Vulnerabilities v1.2 - Includes over 30 pages of well organized information along with several examples.

tags | paper, vulnerability
systems | unix
MD5 | b83261bd868fa46874290b59915bda58
alpha-fmtstr.txt
Posted Sep 28, 2001
Authored by Truefinder | Site igrus.inha.ac.kr

How to Exploit Format String Vulnerabilities under Alpha Linux. Includes techniques and example code.

tags | paper, vulnerability
systems | linux, unix
MD5 | 77555d54c389c58fc5c52f1ce310a874
Page 1 of 3
Back123Next

Top Authors In Last 30 Days

Recent News

News RSS Feed
Even Pokemon Go Was Used By Russia To Meddle In The Election
Posted Oct 13, 2017

tags | headline, government, usa, russia, cyberwar
US Voices Frustration With Warrant-Proof Encryption
Posted Oct 13, 2017

tags | headline, government, privacy, usa, cryptography
An Unknown Hacker Stole Sensitive Data On Australia's War Planes
Posted Oct 13, 2017

tags | headline, hacker, government, australia, data loss, cyberwar
Legacy Office Feature Used In Novel Document Attacks
Posted Oct 13, 2017

tags | headline, hacker, malware, microsoft, flaw
Equifax Rival TransUnion Also Sends Site Visitors To Malicious Pages
Posted Oct 12, 2017

tags | headline, malware
The Myth Of Responsible Encryption: Experts Say It Can't Work
Posted Oct 12, 2017

tags | headline, government, backdoor, cryptography
Equifax Removes Webpage After Malware Issue
Posted Oct 12, 2017

tags | headline, malware, fraud, flaw, adobe
Malware Checks Into Hyatt Hotels Again
Posted Oct 12, 2017

tags | headline, privacy, malware, bank, cybercrime, data loss, fraud
Rick And Morty Episode? Nope, Another CoinMiner
Posted Oct 12, 2017

tags | headline, fraud, cryptography
Judge Says US Government Has No Right To Rummage Through Anti-Trump Protest Website Logs
Posted Oct 12, 2017

tags | headline, government, privacy, usa, fraud
View More News →
packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close