Expert analysis
Spam: The problems with junk e-mail
We all get junk mail at home. It’s an accepted fact of life, at least in the U.S. So why is Unsolicited Commercial Email (UCE) – a/k/a “spam” or …
Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT/2000/XP
Most buffer overflow exploits for Windows have relied on getting code on the stack and somehow jumping process execution to there, but as more products arrive in the market to …
Assessing IIS Configuration Remotely
This document will look at the relatively unsung skill of assessing the in-depth configuration of a Microsoft IIS web server remotely, showing how to “read” server …
Understanding Security
What is security? Process, procedures, and tools that assure data can be stored reliability and retrieved by those authorised users… Download the paper in PPT format here.
HTML Form Protocol Attack
This paper describes how some HTML browsers can be tricked through the use of HTML forms into sending more or less arbitrary data to any TCP port. This can be used to send …
Installation of a Secure Web Server
Apart from firewalls, which aim at protecting internal networks against attacks from the internet, web servers are the second important field requiring a high degree of …
BlackHat 2001 Attrition Slide Presenation
This is the presentation that the Attrition staff presented at the BlackHat Briefings 2001. It shows how they managed their defacement mirror as well as the problems related …
Automating Penetration Tests: A new challenge for the IS industry?
This is the presentation from the BlackHat Briefings by Ivan Arce and Maximiliano Caceres. Download the presentation in PDF format here.
Attack on Private Signature Keys of the OpenPGP format, PGP programs and other applications compatible with OpenPGP
The article describes an attack on OpenPGP format, which leads to disclosure of the private signature keys of the DSA and RSA algorithms. The OpenPGP format is used in a …
Advanced Host Detection – Techniques To Validate Host-Connectivity
This paper will attempt to describe techniques used to discover heavily filtered and firewalled hosts, that will not answer to standard PING responses. It is assumed that the …
Results of the Security in ActiveX Workshop
On August 22-23, 2000, the CERT Coordination Center hosted a workshop in Pittsburgh, Pennsylvania, for twenty invited experts to address security issues related to ActiveX …
The ABC of computer security
This White Paper gives an introduction to computer security and its significance for businesses, followed by an alphabetical guide to common security measures and threats. …
Featured news
Sponsored
Don't miss
- Cultivating a security-first mindset: Key leadership actions
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)
- Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)
- Qualcomm zero-day under targeted exploitation (CVE-2024-43047)
- American Water shuts down systems after cyberattack