|Selected Files by type|
| UNIX: |
Distributed Attack Tools
UNIX Administration Tools
UNIX Security Tools
UNIX Intrusion Detection Tools
UNIX Sniffers/Network Logging Utilities
UNIX Miscellaneous Security Tools
UNIX Scan/Attack Detectors
UNIX Network Scanning Utilities
UNIX Secure Deletion
Windows NT Auditing Tools
Windows NT Hacking Text Files
Windows NT Penetration Tools
Windows NT Intrusion Detection Tools
Windows NT Network Scanning Utilities
Windows Administration Utilities
|Crypto Bibliography Year Per Year|
Computer Vulnerabilites Eric Knight's book, Computer Vulnerabilities covers a complete description of how vulnerabilities can be catagoried, adding great detail to previous works on vulnerability taxonomies. This book is a draft, but because of the dynamic nature of network publications, can be revised at any time
Well written paper on securing linux for newbies. Lots of good and updated info. Version 1.1. By Sil.
Paper on writing advanced buffer overflow exploits. The early buffer overflow exploit codes only spawn a shell ( execute /bin/sh ). However, nowadays some of the buffer overflow exploit codes have very nice features. For example, passing through filtering, opening a socket, breaking chroot, and so on. This paper will attempt to explain the advanced buffer overflow exploit skill under intel x86 linux. By Taeho Oh, Postech Laboratory for Unix Security, and Postech Linux User Group.
Attacking FreeBSD with Kernel Modules - The System Call Approach. System calls can be backdoored on FreeBSD much like they can on linux, and most linux kernel modules can easily be ported to FreeBSD. Includes information on intercepting system calls, filesystem related hacks, hiding files and contests, process related hacks, file execution redirection, tty hijacking, and module hiding. Homepage here. By pragmatic.
The COPS Security Checker System: A description of one of the most popular UNIX security scanners.
A tutorial on how to write shellcode and exploits, and how buffer overflows work in general. It aims to be detailed and suitable for novice exploit coders with some C understanding. Homepage here. By Mixter.
Improving the Security of Your Site by Breaking Into It: Discussion of a number of commonly used attacks on UNIX systems, and how to check your systems for vulnerability to them.
There exists a vulnerability with certain configurations of certain ftp daemons with which users with a valid ftp only acccount on a system may execute arbitrary commands (including binaries supplied by themselves). There also exists the possibilty that anonymous ftp users may execute arbitrar y commands (also including binaries supplied by themselves). While this vulnerability is entirely configuration dependent. The required configuration is rather common. Homepage here. By suid.
Beginners Guide to Linux + Easy Installation Guide version 1.1 - I'd bet some of the people reading this description are using Windows, and are afraid to install Unix on their computer for some reason. "Sure, Unix does all those cool things and has better security and most Unix programs are open-source, but what will happen if I'll screw up with the installation and delete my old copy of Windows?" Black Sun Research Facility presents - an easy to understand and simple installation guide for Redhat Linux and Mandrake Linux, the two most easiest-to-install distributions (although this tutorial is good for other common Linux distributions as well). By Barakirs.
Commonly overlooked audit trails on intrusions. This is my attempt of compiling a 'top list' of audit trails that are being left after intrusions where the intruders try to cover their tracks but don't do a good job. To put it short, there are actually a lot of audit trails on a normal UNIX system, which can almost all be overcome, but with some effort, that most intruders evade. Homepage here. By Mixter.
Life Without Root: A method for authorizing users to perform certain system administration tasks without giving them the super-user password.
UNIX Password Security: A discussion of the importance of well-chosen passwords, and how passwords are cracked.
Power PC shellcode. LinuxPPC and BSD (darwin?) versions are included. By Palante
On the Security of UNIX: The original UNIX security paper.
The `Session Tty' Manager: A method for controlling access to terminals by background processes after the user has logged out.
Improving the Security of Your UNIX System: A description of many of the security features of the average UNIX system, and how to use them.
The following is an analysis of the "Tribe Flood Network", or "TFN", by Mixter. TFN is ai powerful distributed attack tool and backdoor currently being developed and tested on a large number of compromised Unix systems on the Internet. TFN source available here. By David Dittrich.
UNIX Security Tools: An excellent summary of most of the public domain UNIX security tools, and where to obtain them.
The following is an analysis of the DoS Project's "trinoo" (a.k.a. "trin00") master/slave programs, which implement a distributed network denial of service tool. Trinoo daemons were originally found in binary form on a number of Solaris 2.x systems, and probably being set up on hundreds, perhaps thousands, of systems on the Internet that are being compromised by remote buffer overrun exploitation. By David Dittrich.
The Design and Implementation of Tripwire: A File System Integrity Checker: Tripwire computes checksums of files on the system, and then scans later for any changes to those files.
Experiences With Tripwire: Using Integrity Checkers for Intrusion Detection: A description of how the Tripwire integrity checker has performed in the field.
UNIX & Security: Describes many of the security features of the UNIX operating system, as well as features that could be added to result in an evaluatable system at Class C2.
A tutorial for a Unix newbie or semi-newbie who is interested in computer security and/or networking. Basic Local/Remote Unix Security: Change default configurations, basic packet filtering, how to secure your system's networking services (or completely remove them or some of them, in case you don't need them, in order to increate your computer's security), how to use, how to avoid trojans, what are sniffers, how to maintain local security between different users in your system (if you're not the only one using this system, whether it's locally or remotely), some stuff about SSH, how to protect yourself against computer viruses under the Unix system, what are security scanners and how to use them, why you should encrypt your important data and how etc'. By Raven.
UTnet Guide to UNIX System Security: A guide to UNIX security resources.
Highjacking AFS: A description of security weaknesses in the Andrew File System (AFS).
Since the invention of Web browser cookies by Netscape, the claim has always been made that they are anonymous and cannot be associated with any personal information unless someone provides this information. In this write-up, I will present a technique in which browser cookies can be matched to Email addresses without people's knowledge. The technique relies on a security hole that is present in both Microsoft's Internet Explorer browser and Netscape's Navigator browser. This technique can be used, for example, to allow a banner ad company to associate an Email address with a "anonymous" profile that has been created for a person as they surf the Web. Homepage here. By Richard Smith
An End-to-End Argument for Network Layer, Inter-Domain Access Controls: A method by which different administrative domains of an internetwork can interconnect without exposing their internal resources to unrestricted access.
Identification Protocol - RFC 1413: A description of the Identification Protocol, a means to determine the identity of the user of a particular TCP connection.
Security Problems in the TCP/IP Protocol Suite: A description of several attacks on TCP/IP protocols including sequence number spoofing, routing attacks, source address spoofing, and authentication attacks.
Legitimate Sites as Covert Channels: An Extension to the Concept of Reverse HTTP Tunnels. Legitimate sites that allow anonymous posting can be used to covertly send commands to systems behind firewalls. By Errno Jones.
DNS Spoofing and Abuse - Lately on bugtraq there have been a number of DNS abuse related posts. Homepage here.
SILENT CARRIERS AND LINK PROTOCOLS - As we all know, "wardialing" is one of the best entertainments for hacking/phreaking lovers. Sometimes this activity makes us desperate due to the usual "login: password:" repetition that appears in nearly every CARRIER. It's also usual to find Carriers that present us with no message... just a "CONNECT xxxxx". These ones are usually very interesting as you will see in this document. Homepage here. By BadreL.
A Unix Network Protocol Security Study: Network Information Service: A discussion of the security weaknesses in the Network Information Service (Yellow Pages) protocol from Sun Microsystems.
A Security Analysis of the NTP Protocol: A security analysis of the Network Time Protocol (NTP).
Protocol Design for Integrity Protection: A design method for message integrity protection.
Access Control and Policy Enforcement in Internetworks. Methods of controlling access policy between different administrative domains of an internetwork. Part I.
Access Control and Policy Enforcement in Internetworks. Methods of controlling access policy between different administrative domains of an internetwork. Part II.
Access Control and Policy Enforcement in Internetworks. Methods of controlling access policy between different administrative domains of an internetwork. Part III.
Privacy-Enhanced Electronic Mail: A description of the Internet Privacy-Enhanced Mail protocols.
A Weakness in the 4.2BSD TCP/IP Software: A description of a security weakness of the TCP/IP protocol suite as implemented in 4.2BSD UNIX.
Security Analyses of Network Time Services: An analysis of the security requirements for a network time service.
Secure Control of Transit Internetwork Traffic: Methods for controlling traffic traversing a local network on its way from one remote network to another.
PostScript version of "Snort - Lightweight Intrusion Detection for Networks"By Martin Roesch! This paper discusses the architecture, performance, and uses of Snort. If makes a comparative analysis of Snort to some other wellknown programs used for similar purposes. There is also a nice rules tutorial contained in the document for those of you wanting to know how the rules system works. By Martin Roesch
Text version of "Snort - Lightweight Intrusion Detection for Networks"By Martin Roesch! This paper discusses the architecture, performance, and uses of Snort. If makes a comparative analysis of Snort to some other wellknown programs used for similar purposes. There is also a nice rules tutorial contained in the document for those of you wanting to know how the rules system works. By Martin Roesch
Secure Programming Howto - This paper provides a set of design and implementation guidelines for writing secure programs for Linux systems. Such programs include application programs used as viewers of remote data, CGI scripts, network servers, and setuid/setgid programs. By David A. Wheeler
CaIRA: Computer and Internet-Related Acronyms. 1,725 acronyms and abbreviations with definitions and explanations. Includes a listing of all internet country abbreviations. Homepage here. By Raven.
An Evening With Berferd: In Which a Cracker is Lured, Endured, and Studied: A description of how the author kept an attacker ``on the line'' for several months in order to learn his methods.
Speeding Up Your Internet Connection using DNS Caching under Unix and Windows: everything you've always wanted to know about DNS caching but were afraid to ask. Homepage here. By Raven.
Computer Emergency Response - An International Problem: A call for international cooperation between computer emergency response teams, and suggested methods for achieving it
Paper on exploiting security issues in client and other non-server software. Includes a sample exploit against tar. By Mixter
PSS gets "texts for newbies" by the bucketload. However, this is quite different. It has the "newbie hacking basics" presented in a tasteful and useful manner. Later, it goes into "novice/intermediate" tactics that many as piring (though not yet leet) hackers will find usefull. And finally, in sections such as Firewall Penetration experienced hackers will find valuable theroritical and practical tactics and techniques. All in all, Digital Voodoo is a great reference and resource for hacker and security specialist alike. By Kurruppt2k
There Be Dragons: A description of the wide variety of attacks attempted on the AT&T Internet firewall
Establishing a Computer Security Incident Response Capability: Procedures and issues for establishing a computer security incident response team
Software Forensics: Can We Track Code to its Authors? An idea that it may be possible to identify the authors of malicious software by the style and features of their programs
Security Breaches: Five Recent Incidents at Columbia University: A detailed account of five break-ins at Columbia University, and the steps taken to stop them
The Social Organization of the Computer Underground: The author's thesis for a master's degree in sociology
This document clarifies many of the terms used within the context of information security (infosec). Version 0.1.2, last updated January 25, 2000. By Robert Graham.
Site Security Handbook - RFC 1244: The product of the Site Security Policy Handbook Working Group of the Internet Engineering Task Force
Computer Break-ins: A Case Study: A study of multiple break-in attempts at Vrije Universiteit in Amsterdam
Shellcode programming for SCO. All examples are taken from a SCO OpenServer 5.0.4 machine so some of them may not work under another SCO type of Unix (like unixware) although I have tried to make it as portable as possible. Homepage here. By Renegade Master
Electronic Currency for the Internet: A framework for electronic currency for the Internet that provides a real-time electronic payment system
NetCash: A Design for Practical Electronic Currency on the Internet: A framework for electronic currency for the Internet that provides a real-time electronic payment system
Computer User's Guide to the Protection of Information Resources: A report from the US National Institute of Standards and Technology
How to Obscure Any URL: How Spammers And Scammers Hide and Confuse. There are several tricks that can be used to make it nearly impossable to recognise a URL. Homepage here. By Pchelp
An Introduction to Computer Security: The NIST Handbook: A publication of the US National Institute of Standards and Technology. Draft Copy. Part I.
An Introduction to Computer Security: The NIST Handbook: A publication of the US National Institute of Standards and Technology. Draft Copy. Part II.
An Introduction to Computer Security: The NIST Handbook: A publication of the US National Institute of Standards and Technology. Draft Copy. Part III.
An Introduction to Computer Security: The NIST Handbook: A publication of the US National Institute of Standards and Technology. Draft Copy. Part IV.
An Introduction to Computer Security: The NIST Handbook: A publication of the US National Institute of Standards and Technology. Draft Copy. Part V.
Proxy-Based Authorization and Accounting for Distributed Systems: A method to support both authorization and accounting in a distributed environment
Pseudo-Network Drivers and Virtual Networks: A method for creating pseudo-networks, much like the pseudo-terminals in use on many UNIX systems.
Coping with the Threat of Computer Security Incidents: A Primer from Prevention through Recovery: A basic text for the author's one-day seminar on the practical aspects of computer security in an unclassified networked environment
Pho's alternate remote OS detection techinques page has been updated. Includes information on ICMP techniques, ARP techniques, IP techniques, and UDP techniques. By Pho
Automated Tools for Testing Computer System Vulnerability: Discusses some of the automated tools for checking the security of a wide variety of systems
Packet Filtering in an IP Router: A description of how the packet filtering facility in the Telebit NetBlazer was designed and developed.
A Network Firewall: A description of Digital Equipment Corporation's network firewall between its corporate network and the Internet.
This document answers the question: I've seen on my firewall; what does it mean? Firewall administrators regularly see strange behaviour showing up in their logfiles. This document describes some of the common things seen on these firewalls, and what they mean. Note that this document is intended both for owners of personal firewalls as well as corporate firewalls. Version 0.3.0. (Jan 15, 2000) By Robert Graham.
Thinking About Firewalls: A description of some of the considerations and trade-offs in designing network firewalls.
An Internet Gatekeeper: A description of how to construct an Internet firewall
The Design of a Secure Internet Gateway: A description of the design of the firewall used by AT&T to protect their corporate network from the Internet
A Network Perimeter With Secure External Access: A description of the firewall in use at whitehousegov
Packets Found on an Internet: A description of the types of packets, particularly the anomalous ones, that appeared at the AT&T firewall
Network (In)Security Through IP Packet Filtering: A description of how to use the packet filtering features of commercial routers as a security tool
Building Your Firewall Rulebase - One of the largest risks with a firewall is a misconfigured rulebase. The most expenseive firewall in the world does not help you if you have a rule misconfigured. "Building Your Firewall Rulebase" helps to address this problem. The paper focuses on the concepts of how to build a secure rulebase. It goes step by step through the design process, explaining each rule and it signifigance. The paper is focused for beginner/intermediate firewall admins, but even the gurus can hopefully learn a trick or two (I know I did). Homepage here. By Lance Spitzner
Simple and Flexible Datagram Access Controls for Unix-based Gateways: A description of the screend packet filtering system
TCP Wrapper: Network Monitoring, Access Control, and Booby Traps (Text): A description of the author's tcpwrapper software
A Toolkit and Methods for Internet Firewalls: A description of the Trusted Information Systems Firewall Toolkit
An Architectural Overview of UNIX Network Security: A description of a number of UNIX-related components of network security, particularly as they pertain to firewalls
X Through the Firewall, and Other Application Relays: A description of how to create application-specifc relays to pass traffic through a network firewall
Canadian Trusted Computer Product Evaluation Criteria, Part 1: The Canadian "Orange Book."
Canadian Trusted Computer Product Evaluation Criteria, Part 2: The Canadian "Orange Book."
Executive Guide to the Protection of Information Resources: A US National Institute of Standards and Technology publication.
Federal Criteria for Information Technology Security, Volume 1: The new "Orange Book"
Federal Criteria for Information Technology Security, Volume 2: The new "Orange Book"
Green Book on the Security of Information Systems: A document that sets out the development of a consistent approach to Information Security in Europe, taking into account common interests with other countries.
Foundations for the Harmonization of Information Technology Security Standards: An analysis of the differences between the US, Canadian, and European Information Technology Security efforts, and discussions of how to make them more similar.
Horses and Barn Doors: Evolution of Corporate Guidelines for Internet Usage: A description of how Intel Corp's Internet usage policies were developed.
Guidelines for the Secure Operation of the Internet - RFC 1281: Provides a set of guidelines to aid in the secure operation of the Internet.
Information Technology Security Evaluation Criteria: The European "Orange Book".
Management Guide to the Protection of Information Resources: A US National Institute of Standards and Technology publication.
Protection and Security Issues for Future Systems: An examination of the problems of protection and security as applied to future computer systems.
Relating Functionality Class and Security Sub-Profile Specifications: A discussion of various alternatives for associating functionality class and security sub-profiile specifications, such as those presented in the Federal Criteria (fcvol1ps and fcvol2ps).
Department of Defense Trusted Computer System Evaluation Criteria: The "Orange Book".
Quantum Encryption: just how does the whole thing works anyway? (Diagrams included) Homepage here. By Raven
Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure. Real security is never that simple, and that is especially true with PKI. By Carl Ellison and Bruce Schneier
Don't know anything about PGP? Wanna know what is it good for? How to use it? What are the advantages of encrypting your files and your Email? How PGP works? Why is it so hard to crack? Want a simple tutorial to teach you all this? Then go for this one! Simple, easy to understand and relatively small. By Raven
Encrypted Key Exchange: Password-Based Protocols Secure Against Dictionary Attacks: A combination of public- and private-key cryptography that allows two parties sharing a common password to exchange confidential and authenticated information over an insecure network The protocol is secure against active attack, and also against off-line "dictionary" attacks.
Why Cryptosystems Fail: A survey of the failure modes of retail banking systems, the second largest application of cryptography.
The Basics of Cryptography: Learn the basic of cryptography and how to break it in this short, simple and easy-to-understand text. By The Maniac
Protocol Failure in the Escrowed Encryption Standard: A description of some protocol weaknesses in the Clinton administration's Escrowed Encryption Standard, also known as the Clipper Chip.
Using Content-Addressable Search Engines to Encrypt and Break DES: A very simple parallel architecture using a modifed version of content-addressable memory can be used to cheaply and efficiently encipher and decipher data with DES-like systems Describes how to implement these systems, and also how to construct a large scale engine for exhaustively searching the keyspace of DES.
A High-Speed Software DES Implementation: Describes a high-speed software implementation of the Data Encryption Standard.
The Cocaine Auction Protocol: On the Power of Anonymous Broadcast. This paper builds on a case study, of an anonymous auction between mistrustful principals with no trusted arbitrator, to introduce "anonymous broadcast" as a new protocol building block. Homepage here. By Frank Stajano
Key Management in an Encrypting File System: A description of how "smart cards" can be used to manage the keys used by the encryption file system described in cfsps.
A Cryptographic File System for Unix: A description of a UNIX file system implementation that provides transparent encryption and decryption of files stored on the disk.
Augmented Encrypted Key Exchange: A Password-Based Protocol Secure Against Dictionary Attacks and Password File Compromise: An extension of the protocol described in nekeps that removes the requirement that the host store passwords in cleartext.
Codes, Keys, and Conflicts: Issues in US Crypto Policy: A report of a special panel of the ACM (Association for Computing Machinery) US Public Policy Committee.
A Note on the Use of Timestamps as Nonces: A note on the use of timestamps in authentication protocols
Long Running Jobs in an Authenticated Environment: A system for running batch jobs in an environment in which users must have tokens or tickets to run.
KryptoKnight Authentication and Key Distribution System: An authentication and key distribution system that provides facilities for secure communication in any type of network environment.
Limitations of the Kerberos Authentication System: A description of some limitations and weaknesses in the Kerberos authentication system.
Kerberos: An Authentication Service for Open Network Systems: A description of the Kerberos authentication system.
Designing an Authentication System: A Dialogue in Four Scenes: A ``play'' in which the characters end up designing an authentication system much like Kerberos Provides an easy-to-understand description of why Kerberos is the way it is
Spanish paper on NT Security. Rather comprehensive. Word97 format. By Chessy (SET).
Windows NT Buffer Overflows From Start to Finish. Includes lots of demonstration code. Homepage here. By Jason Jordan
Adding new services to the Windows NT kernel (Native API) on intel X86 processors. Version 0.81. By Nishad P. Herath.
Updated paper on Intrusion Detection under Windows NT. This should make things a bit clearer. Microsoft Powerpoint presentation. By JD Glaser, NT OBJECTives, Inc.
Intrusion Auditing Under Windows NT. Microsoft PowerPoint presentation. By JD Glaser.
Advisory RFP9907 You, your servers, RDS, and thousands of script kiddies. .gov, .mil, and even microsoft.com haven fallen lately to the hands of website defacers. Turns out, it's all been because of RDS. This paper is the straight story on fixing the RDS hole. Homepage here. By rain forest puppy
Antidote for RFPoison (Followup to RFP9906) Recently I released RFP9906: NT denial of service in services.exe.html (RFPoison). I included a limited sample exploit that would demonstrate the problem. Since then, I've worked with a few individuals and confirmed some configurations what will protect your system. By rfp
A look at whisker's anti-IDS tactics. Anti-Intrusion Detection System (IDS) tactics were one of the original key features of my whisker web scanner. The goal of any anti-IDS tactic is to mutate a request so much that the ID systems will get confused, but the web server will still be able to understand it, hence the subtitle "just how bad can we ruin a good thing?". Homepage here. By Rain Forrest Puppy
The NIDES Statistical Component: Description and Justification
PowerPoint presentation on Snort Lightweight Intrusion Detection for Networks. Homepage here. By Martin Roesch
Writing Snort Rules How To write Snort rules for intrusion detection and keep your sanity. Homepage here. By Martin Roesch
The top commercial vulnerability scanners have little to no security surrounding their licensing, making them excellent script kiddie tools. These scanners are actively being used by the underground against targets. Simple Nomad
Software Requirements Specification: Next Generation Intrusion Detection Expert System
"Interpreting Network Traffic" takes a look at modern reconnaissance activity from the viewpoint of the intrusion detection analyst. The author introduces general principles of network intrusion detection, and explains the basics of a TCP connection through its representation in TCPDump format. He then dissects specific network events in TCPDump format, including scans, third party effects of SYN floods, and load balancing systems. He also presents an argument to refute the existence of "reset scans." By Richard Bejtlich
The Design of GrIDS A whitepaper on a graph based Intrusion Detection System. GrIDS is a prototype intrusion detection system that was designed to explore the issues involved in doing large scale IDS. Homepage here. By Steven Cheung
Detecting Intruders in Computer Systems Detecting Intruders in Computer Systems
A Distributed Approach to Network Security Paper which gives a overview of Distributed attacks and how IDS systems can detect them, and about the future of IDS systems and distributed attack tools. By Joe Walko
Adopted By 'System Crackers' When Attempting To Break Into Corporate or Sensitive
Microsoft Proxy Server 2.0
Hacking (Hacking 2000)
Found on an Internet
Problems in the TCP/IP Protocol Suite
4.3BSD IPC Tutorial - PDF Version
NFS Tracing by Passive Network
Through IP Packet Filtering - PDF
An Evening with Berferd
Improving the Security of your
Improving The Security of Your
System by Breaking Into It
A Weakness in the 4.2BSD Unix
The Risks of Key Recovery, Key Escrow,
and Trusted 3rd Party Encryption
Course in X-Windows Security
Things that go Bump on the net
Issues 48, 49, 50, and 51
Phrack Issue 53
A Unix Hacking Tutorial
Neophyte's Guide to Hacking
Kit version 2.0 Beta
archives by date
Sockets Frequently Asked Questions
Remains High Issues 1-6 + Summer Issue
Common Insecurities Fail Scrutiny
to Internet Protocols
Novice's Guide to Hacking
The Design of a Secure Internet Gateway
Some Problems with
the FTP Protocol
The interaction of SSH and
Guide to Hacking