Resources - Papers

Operating systems architecture
http://www.argus-systems.com/product/white_paper/pitbull/oss/ PitBull Foundation OS-Level Security
http://www.argus-systems.com/product/white_paper/lx/sae/ PitBull Foundation Secure Application Environment
http://www.phrack.com/show.php?p=57&a=15 Writing ia32 alphanumeric shellcodes
Intrusion Detection Systems
http://www.packetnexus.com/docs/packetnexus/NIDS_Placement.pdf NIDS Placement in the Real World
http://www.ngsec.com/docs/polymorphic_shellcodes_vs_app_IDSs.PDF Polymorphic Shellcodes vs. Application IDSs
http://www.robertgraham.com/mirror/Ptacek-Newsham-Evasion-98.html Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection
http://www.aciri.org/vern/papers/norm-usenix-sec-01.pdf Evasion, Traffic Normalization, and End-to-End Protocol Semantics
Cisco routers
http://www.cisco.com/warp/public/707/21.html Improving Security on Cisco Routers
http://www.cisco.com/warp/public/707/3.html Defining Strategies to Protect Against UDP Diagnostic Port Denial of Service Attacks
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt3/sccbac.pdf Configuring Context-Based Access Control (PDF)
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/secur_c/scprt3/sccbac.htm Configuring Context-Based Access Control (HTML)
http://nsa1.www.conxion.com/cisco/guides/cis-securityguides.zip Cisco Router Guides
http://www.cisco.com/warp/public/474/ Cisco Password Recovery
http://www.cisco.com/warp/public/474/pswdrec_2500.html Cisco 2500 series help
http://www.cisco.com/warp/public/474/pswdrec_2600.shtml Password Recovery Procedure for the Cisco 2600 Series Routers
Denial of Service attacks
http://www.cert.org/archive/pdf/DoS_trends.pdf Trends os Denial of Service Attack Technology
Firewalls
http://csrc.nist.gov/publications/drafts/Firewall-Guide.pdf Guide to Firewall: Selection and Policy Recommandations:
ftp://ftp.echogent.com/docs/FTP_and_Firewalls.pdf FTP and Firewalls
http://www.madison-gurkha.com/publications/tcp_filtering/tcp_filtering.ps Real Stateful TCP Packet Filtering in IP Filter
http://www.dataprotect.com/bh2000/blackhat-fw1.html A Stateful Inspection of FireWall-1
http://www.phoneboy.com/ PhoneBoy's FireWall-1 FAQ
http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf NIST's SP 800-41 Guidelines on Firewalls and Firewall Policy
Information Warfare
http://www.itoc.usma.edu/Documents/IWARLab.pdf IWAR Range: A Laboratory for Undergraduate Information Assurance Education
Oracle security
http://www.pentest-limited.com/ Specialists in Security and Oracle
Programming
http://www.ucalgary.ca/~bgwong/n869.pdf Programming Languages - C - C99
http://hcunix.7350.org/grugq/doc/subversiveld.pdf Cheating the ELF - Subversive Dynamic Linking to Libraries
http://x86.ddj.com/ftp/manuals/tools/elf.pdf Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification Version 1.2
http://www.eecs.umich.edu/~farnam/482/Winter99/24319001.pdf Intel Architecture Software Developer's Manual Volume 1: Basic Architecture
http://www.eecs.umich.edu/~farnam/482/Winter99/24319102.pdf Intel Architecture Software Developer's Manual Volume 2: Instruction Set Reference Manual
http://www.eecs.umich.edu/~farnam/482/Winter99/24319201.pdf Intel Architecture Software Developer's Manual Volume 3: System Programming Guide
http://docs-pdf.sun.com/806-3774/806-3774.pdf SPARC Assembly Language Reference Manual
http://www1.corest.com/blackhat2002.htm Syscall Proxying - Simulating Remote Execution
http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/x86.html FreeBSD Developers' Handbook: x86 Assembly Language Programming
http://www.dwheeler.com/secure-programs/ Secure Programming for Linux and Unix HOWTO (PDF)
http://www.linuxdoc.org/HOWTO/Secure-Programs-HOWTO/ Secure Programming for Linux and Unix HOWTO (HTML)
http://www.whitefang.com/sup/ Secure UNIX Programming FAQ
http://uk.osstmm.org/osstmm.en.2.0.zip The Secure Pprogramming Standards Methodology Manual
http://www.cs.berkeley.edu/~daw/papers/setuid-usenix02.pdf Setuid Demystified
http://m.bacarella.com/papers/secsoft/ The Peon's Guide To Secure System Development
http://archive.devx.com/upload/free/features/zones/security/articles/2000/12dec00/mh1200/mh1200-1.asp 15 Tips for Secure Win32 Programming
Buffer overflow vulnerabilities exploitation technics
http://www.shmoo.com/phrack/Phrack49/p49-14 Smashing The Stack For Fun And Profit
http://phrack.org/phrack/55/P55-08 The Frame Pointer Overwrite (Off-by-one exploits)
http://www.phrack.com/phrack/57/p57-0x09 Once Upon a free()
http://diwww.epfl.ch/~ogay/advbof/advbof.pdf
http://diwww.epfl.ch/~ogay/advbof.tar.gz En Francais, tres complet, aborde tous les types de vulnerabilitees exploitables
http://www.cs.unm.edu/~ghandi/ SPARC Buffer Overflows (DEFCON 8, July 28, 2000, Las Vegas, NV.)
http://community.core-sdi.com/~juliano/exploit_tutorial.txt Writing buffer overflow exploits - a tutorial for beginners
http://www.corest.com/blackhat2002.htm Syscall Proxying - Simulating Remote Execution
Exploiting Buffer Overflows under Windows environment
http://www.ngssoftware.com/papers/bufferoverflowpaper.rtf
http://www.ngssoftware.com/papers/ntbufferoverflow.html Exploiting Windows NT 4 Buffer Overruns
http://www.ngssoftware.com/papers/non-stack-bo-windows.pdf Non-Stack Overflows on Windows
http://www.ngssoftware.com/papers/unicodebo.pdf Exploitation of UNICODE Buffer Overflows
Format string vulnerabilities exploitation technics
http://minimum.inria.fr/~raynal/ Howto remotely and automatically exploit a format bug
http://www.hert.org/papers/format.html Format string vulnerability
http://www.team-teso.net/articles/formatstring/ Exploiting format string vulnerabilities
http://online.securityfocus.com/archive/1/66842 Format Bugs: What are they, Where did they come from, ... How to exploit them
http://www.securityfocus.com/data/library/format-bug-analysis.pdf Analysis of Format Strings Bugs
http://www.gomor.org/Fichiers/tgz/fox0.1.tgz Howto exploit OpenBSD 2.7 ftpd format string
Other vulnerability types exploitation
http://razor.bindview.com/publish/papers/signals.txt Deliver signals for fun and profit
http://www.phrack.org/phrack/60/p60-0x0a.txt Basic Integer Overflows - by blexim
Secure programming and protection mecanisms
http://community.corest.com/~gera/InsecureProgramming/ Insecure Programming by example
http://community.core-sdi.com/~juliano/ Many resources on exploiting
http://www.lsd-pl.net/papers.html#assembly UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes (HTML)
http://www.lsd-pl.net/documents/asmcodes-1.0.2.pdf UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes (PDF)
http://www.lsd-pl.net/documents/winasm-1.0.1.pdf Win32 Assembly Components
http://www.bursztein.net/secu/rilc.html Using Environment for returning into Lib C
http://minimum.inria.fr/~raynal/index.php3?page=113 Secure Programming
http://www.enseirb.fr/~glaume/indexen.html A Buffer Overflow Study, Attacks & Defenses
http://immunix.org/StackGuard/discex00.pdf Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade
http://www.phrack.org/phrack/56/p56-0x05 Bypassing StackGuard and StackShield
http://www.corest.com/corelabs/papers Multiple vulnerabilities in stack smashing protection technologies
http://voodoo.somoslopeor.com/papers/nmap.html A practical approach for defeating Nmap OS-Fingerprinting
Security policy related papers
http://csrc.nist.gov/isptg/html/ISPTG-Contents.html Internet Security Policy: A Technical Guide
http://www.securityfocus.com/infocus/1193 Introduction to Security Policies, Part One: An Overview of Policies
http://www.sse-cmm.org/Papers/SSECMMv2Final.pdf Information Security involves a set of engineering processes
http://www.cert.org/archive/pdf/OCTAVEthreatProfiles.pdf OCTAVE Threat Profiles
http://csrc.nist.gov/cc/ Common Criteria for IT Security Evaluation
Wireless LAN related papers
http://www.cigitallabs.com/resources/papers/download/arppoison.pdf Wireless Access Points and ARP Poisoning:
http://www.netstumbler.com/ All you want to know about WLAN
http://www.dachb0den.com/projects/bsd-airtools/wepexp.txt Practical Exploitation of RC4 Weaknesses in WEP Environments
Fingerprinting
http://www.incidents.org/papers/OSfingerprinting.php Passive OS Fingerprinting: Details and Techniques
Microsoft security
http://www.securityfocus.com/cgi-bin/microsoft_topics.pl SecurityFocus Links
http://nsa1.www.conxion.com/win2k/guides/w2k-securityguides.zip Windows 2000 Guides
http://www.counterpane.com/pptpv2-paper.html Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) (HTML)
http://www.counterpane.com/pptpv2.pdf Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) (PDF)
http://people.hp.se/stnor/hpntbast13.pdf Building a Windows NT Bastion Host in Practice
Layer 2 protocols
http://www.securityfriday.com/promiscuous_detection_01.pdf Detection of Promiscuous Nodes Using ARP Packets
Certifications
http://www.cccure.org CISSP Open Study Guides
Spoofing
http://www.sans.org/cgi-bin/htdig/htsearch?method=and&config=htdig&words=ip+spoofing Spoofing with different protocols
Network protocols
http://www.sys-security.com/archive/papers/ICMP_Scanning_v3.0.pdf ICMP Usage In Scanning Research
http://rr.sans.org/audit/hping2.php The Hping2 Idle Host Scan
http://www.research.att.com/~smb/papers/ipext.pdf Security Problems in the TCP/IP Protocol Suite
Operating systems
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html Secure Deletion of Data from Magnetic and Solid-State Memory
Cross-site scripting vulnerabilites
http://www.cert.org/advisories/CA-2000-02.html Malicious HTML Tags Embedded in Client Web Requests
http://www.securityfocus.com/archive/1/138297 Full explanation, with useful links
http://www.jmu.edu/computing/info-security/engineering/issues/cross.shtml Cross-Site Scripting Web Vulnerability
Web-based attacks
http://www.securereality.com.au/studyinscarlet.txt Exploiting Common Vulnerabilities in PHP Applications
http://www.spidynamics.com/papers/SQLInjectionWhitePaper.pdf SQL Injection Are Your Web Applications Vulnerable
http://www.ngssoftware.com/papers/advanced_sql_injection.pdf Advanced SQL Injection In SQL Server Applications
http://www.nextgenss.com/papers/hpoas.pdf Hackproofing Oracle Application Server, David Litchfield
http://www.nextgenss.com/papers/iisrconfig.pdf Assessing IIS Configuration Remotely
http://www.cgisecurity.net/papers/fingerprinting-2.txt Fingerprinting Port80 Attacks
http://www.sensepost.com/misc/SQLinsertion.htm SQL insertion
http://www.idefense.com/sessionids.html Brute-Force Exploitation of Web Application Session IDs
Web security
http://www.redbooks.ibm.com/redpieces/pdfs/sg246846.pdf z/OS WebSphere and J2EE Security Handbook
Reverse Engineering
http://www.washington.edu/People/dad/ Many links on the subject, bookmarks from Dave Dittrich
Encryption
http://www.seifried.org/security/cryptography/20011108-end-of-ssl-ssh.html The end of SSL and SSH ?
Sniffing
http://robertgraham.com/pubs/sniffing-faq.html Sniffing (network wiretap, sniffer) FAQ
Misc.
http://www.lostpassword.com/excel.htm Password recovery tools
http://www.nii.co.in/tuaph.html The Unix Auditor's Practical Handbook