Papers
Lance Spitzner - Honeynet Papers
The popular "Know Your Enemy" papers are a result of
work done by The Honeynet Project
(http://project.honeynet.org).
The papers discuss the tools, tactics, and motives of the blackhat
community
Ofir Arkin
"ICMP Usage
in Scanning, Or Understanding some of the ICMP Protocol's Hazards"
"Identifying ICMP Hackery
Tools"
Mixter
"Protecting against the
unknown: A guide to improving network security to protect the Internet
against future forms of security hazards"
"An approach to systematic network
auditing"
"Coding in C - a summary of some
popular mistakes"
"DIDS - Distributed IDS Systems:
Creating the Ultimate Security Tools"
"A Study of Distributed Network
Sniffing and Attacks, otherwise known as 'Echelon'"
"Writing buffer overflow exploits
- a tutorial for beginners"
"10 Proposed 'first-aid' security
measures against Distributed Denial of Service attacks"
"Commonly overlooked audit trails on
intrusions"
"A brief programming tutorial in C
for raw sockets"
"Paranoia Vs. Transparency And
Their Effects on Internet Security"
"Finding and analyzing trojans under
unix"
Thomas H. Ptacek and Timothy N. Newsham
"Insertion,
Evasion, and Denial of Service: Eluding Network Intrusion
Detection"
Dave Dittrich
"
Forensic Challenge"
"Estimating the cost
of damages due to a security incident"
"'Root Kits' and hiding
files/directories/processes after a break-in"
"Basic Steps in
Forensic Analysis of Unix Systems"
Black Hat Las Vegas '00 Training: "
Intruder Discovery / Tracking and Compromise Analysis"
"The DoS Project's
'trinoo' distributed denial of service attack tool"
"The 'Tribe Flood
Network' distributed denial of service attack tool"
"The
'stacheldraht' distributed denial of service attack tool"
"The 'mstream'
distributed denial of service attack tool"
Aleph One
"Smashing the
Stack for Fun and Profit"
Fyodor
"Remote OS
detection via TCP/IP Stack FingerPrinting"
"The Art of Port Scanning"
Hobbit
"CIFS: Common Insecurities Fail
Scrutiny"
Ron Gula
"How to Handle Network
Probes"
Wietse Venema and Dan Farmer
"
Improving the Security of Your Site by Breaking Into it"
Thomas Lopatic, John McDonald, and Dug Song
"A
Stateful Inspection of Firewall-1"
Dug Song
"Passive Network Auditing
with dsniff"
"Passwords Found on a Wireless
Network"
Martin Roesch
"Snort -
Lightweight Intrustion Detection for Networks"
Network Security Solutions
"
Techniques Adopted By 'System Crackers' When Attempting to Break Into
Corporate or Sensitive Private Networks"
Rain Forest Puppy
"A look at
whisker's anti-IDS tactics"
Robert Graham
"FAQ: Network
Intrusion Detection Systems"
"Sniffing (network wiretap,
sniffer) FAQ"
"FAQ: Firewall Admins Guide
to Porn"
"FAQ: Firewall Forensics
(What am I seeing?)"
"Hacking Lexicon"
Wietse Venema
"Murphy's law and
computer security"
Vern Paxson
"
Detecting Backdoors"
"Detecting
Stepping Stones"
"Bro: A System for Detecting
Network Intruders in Real-Time"
"Automated Packet
Trace Analysis of TCP Implementations"
"RFC 2525: TCP Implementation
Problems"
"Difficulties in
Simulating the Internet"
"Intrusion Detection:
Evasion, Traffic, Normalization, and End-to-End Protocol Semantics"
Robin Sommer and Vern Paxson
"Enhancing
Byte-Level Network Intrusion Detection Signatures with Context"
Bruce Schneier
"Why Cryptography
Is Harder Than It Looks"
@stake
"
Compromising Voice Messaging Systems"
"Initial
Cryptanalysis of the RSA SecurID Algorithm"
"MAC Address Cloning"
"Cryptanalysis of Microsoft's PPTP
Authentication Extensions (MS-CHAPv2)"
"A
Practical Introduction to the Dallas Semiconductor iButton"
"Attacks and Countermeasures
for USB Hardware Token Devices"
"Wardialing Brief"
"Analysis of the
winhlp32.exe Buffer Overrun"
"Exploiting Windows NT 4 Buffer
Overruns (A Case Study RASMAN.EXE)"
Theo de Raadt
"Cryptography in
OpenBSD: An Overview"
Eric Steven Raymond
"How to
Become a Hacker"
Jay Beale
"
Foiling DNS Attacks"
"
Anyone with a Screwdriver Can Break In!"
"
Stupid, Stupid Protocols: Telnet, FTP, rsh/rcp/rlogin"
Karthikeyan Bhargavan, Satish Chandra, Peter J. McCann and
Carl A. Gunter
"What Packets May Come: Automata for Network monitoring"
More...
More papers can be found in the hack.co.za
archive