Assessing IIS Configuration Remotely
This document will look at the relatively unsung skill of assessing the in-depth configuration of a Microsoft IIS web server remotely, showing how to “read” server …
Expert Analysis
Understanding Security
What is security? Process, procedures, and tools that assure data can be stored reliability and retrieved by those authorised users… Download the paper in PPT format here.
HTML Form Protocol Attack
This paper describes how some HTML browsers can be tricked through the use of HTML forms into sending more or less arbitrary data to any TCP port. This can be used to send …
Installation of a Secure Web Server
Apart from firewalls, which aim at protecting internal networks against attacks from the internet, web servers are the second important field requiring a high degree of …
BlackHat 2001 Attrition Slide Presenation
This is the presentation that the Attrition staff presented at the BlackHat Briefings 2001. It shows how they managed their defacement mirror as well as the problems related …
Automating Penetration Tests: A new challenge for the IS industry?
This is the presentation from the BlackHat Briefings by Ivan Arce and Maximiliano Caceres. Download the presentation in PDF format here.
Attack on Private Signature Keys of the OpenPGP format, PGP programs and other applications compatible with OpenPGP
The article describes an attack on OpenPGP format, which leads to disclosure of the private signature keys of the DSA and RSA algorithms. The OpenPGP format is used in a …
Advanced Host Detection – Techniques To Validate Host-Connectivity
This paper will attempt to describe techniques used to discover heavily filtered and firewalled hosts, that will not answer to standard PING responses. It is assumed that the …
Results of the Security in ActiveX Workshop
On August 22-23, 2000, the CERT Coordination Center hosted a workshop in Pittsburgh, Pennsylvania, for twenty invited experts to address security issues related to ActiveX …
The ABC of computer security
This White Paper gives an introduction to computer security and its significance for businesses, followed by an alphabetical guide to common security measures and threats. …
Unverified Fields – A Problem with Firewalls & Firewall Technology Today
The following problem (as discussed in this paper) has not yet been identified. Certain firewalls today, will not authenticate the validity of certain protocol fields, within …
Using Conservation of Flow as a Security Mechanism in Network Protocols
The law of Conservation of Flow, which states that an input must either be absorbed or sent on as an output (possibly with modification), is an attractive tool with which to …
