| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Denial of Service
|
|
Social Engineering
|
|
SQL Injection
|
|
Telnet Based Attacks This paper examines attacks developed over the years using the Telnet service. It covers the history of the telnet service, common attacks, and OS specific information.
Paul Gurgul,
10/18/2004
|
|
UDP Remote Controls I want to illustrate, with this article, the possibility to control servers with the UDP protocol. In order to exemplify the topic in question, I conceptualized the program. Before describing the program functions and services, I thought that it was useful to explain some important topics about the UDP protocol, that is, the basic element of the whole project.
Angelo Rosiello,
10/04/2004
|
|
Stack Overflow's Analysis & Exploiting Ways The first passage to follow, in order to completely understand the STACK overflows, it's to study how the main processor works during any program's execution. When a program is executed his elements are allocated into the memory in a well organized way (look at the Figure 1). Local variables, function arguments and still other things, are allocated into the STACK. Automatic allocated variables stay instead in the HEAP. Both .BSS and .DATA sectors are dedicated to the local variables and are allocated during the compile time. To be clear: the sector .BSS includes not initalized data, while .DATA is reserved for static data (e.g. "static" in the C language). The .TEXT sector is the data area including the instructions, such as the program's code which is being executed where it's not possible to realize any writing operation but only reading ones.
Angelo Rosiello,
10/02/2004
|
|
The Basics of Shellcoding A shellcode is a group of instructions which can be executed while another program is running. Nowadays lots of examples show how a shellcode can be executed while an application is running and its followings is proposed us by vulnerabilities' exploits. In order to get advantage from a vulnerability it is indispensable to inject a shellcode because we have to get the control of a running application. The goal of this article is not to explain all the possibilities of injecting a shellcode developed during last years, but to analyze and understand its essence.
Angelo Rosiello,
10/01/2004
|
|
Shellcoding for Linux/i386 No one knows about the nature of victim system and its security level and as my research tells me, IDS is the biggest enemy of shellcode. For example, you download a shell-exploit for XYZ service and that exploit contain string “/bin/sh” and the victims system takes all string and make it capital, so what you say your shell-exploit will work? No way. So what you do now, a part from waiting for another shell-exploit, which will cover this problem. That’s why learning shellcoding is important. Not only you can make changes to the existing shellcode but also you can study it for your personal knowledge.
Masood Mehmood,
09/28/2004
|
|
Attackers and Their Motivation Attackers, as well as their motivations, come in many different shapes and forms. This paper provides an overview of who the attackers are and what their motivation is. Please note that the descriptions are used and abused correctly and incorrectly, and are not defined in any standard.
By Johan Hiemstra, 09/21/2004
|
|
Examining a Public Exploit, Part 1 As an instructor, many of the people who ask me about intrusion detection and packet analysis often ask the same questions, such as the following: What tools do you use? Can you practice and learn this at home? What kind of knowledge does one need to have? These and other questions figure predominantly. In this article series these questions will be answered and shown to the reader for evaluation in a lab environment. We'll take a publicly available exploit, which you can download and compile at your discretion, and then analyze how it would be seen on your network and evaluated from a security administrator's point of view.
By Don Parker , 08/18/2004
|
|
The Enemy Within: A System Administrator's Look at Network Security Network security has always been a key player in the system administrator's day-to-day duties: however, since the onset of the new self-propagating virus infections and the terrorist attacks of late the need and calling for more security has escalated beyond reason. Everyone is sending his or her administrators for training. Some long lost specializations have now found a new lease on life, such as the study and understanding of Steganography.
By Lawrence Dubin, , 05/17/2004
|
|
Corporate Espionage 101 Information can make the difference between success and failure or profit and loss in the business world. If a trade secret is stolen, then the competitive playing field is leveled or worse, tipped in favor of the competitor. To complicate the problem even more, trade secrets are not only being sought after by a company's competitors, but from foreign nations as well. They are hoping to use stolen corporate information to increase that nation's competitive edge in the global marketplace.
By Shane W. Robinson, 05/17/2004
|
|
Espionage and the Insider Often associated with classified information, governments, intelligence and counterintelligence agencies, espionage is often considered a funny word for those involved in business sector information security. Is there a connection? Given the fact information security professionals are responsible for securing information, while those involved in espionage are focused on obtaining information, I would argue there is.
By Steve Kipp, 04/25/2004
|
|
Page: 1 2 34567 |
