Security Ressources Sites

Operating systems architecture

PitBull Foundation OS-Level Security

PitBull Foundation Secure Application Environment Writing ia32 alphanumeric shellcodes Intrusion Detection Systems

NIDS Placement in the Real World

Polymorphic Shellcodes vs. Application IDSs Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection Evasion, Traffic Normalization, and End-to-End Protocol Semantics Cisco routers

Improving Security on Cisco Routers

Defining Strategies to Protect Against UDP Diagnostic Port Denial of Service Attacks Configuring Context-Based Access Control (PDF) Configuring Context-Based Access Control (HTML) Cisco Router Guides Cisco Password Recovery Cisco 2500 series help Password Recovery Procedure for the Cisco 2600 Series Routers Denial of Service attacks

Trends os Denial of Service Attack Technology

Firewalls

Guide to Firewall: Selection and Policy Recommandations:

FTP and Firewalls Real Stateful TCP Packet Filtering in IP Filter A Stateful Inspection of FireWall-1 PhoneBoy's FireWall-1 FAQ NIST's SP 800-41 Guidelines on Firewalls and Firewall Policy Information Warfare

IWAR Range: A Laboratory for Undergraduate Information Assurance Education

Oracle security

Specialists in Security and Oracle

Programming

Programming Languages - C - C99

Cheating the ELF - Subversive Dynamic Linking to Libraries Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification Version 1.2 Intel Architecture Software Developer's Manual Volume 1: Basic Architecture Intel Architecture Software Developer's Manual Volume 2: Instruction Set Reference Manual Intel Architecture Software Developer's Manual Volume 3: System Programming Guide SPARC Assembly Language Reference Manual Syscall Proxying - Simulating Remote Execution FreeBSD Developers' Handbook: x86 Assembly Language Programming Secure Programming for Linux and Unix HOWTO (PDF) Secure Programming for Linux and Unix HOWTO (HTML) Secure UNIX Programming FAQ The Secure Pprogramming Standards Methodology Manual Setuid Demystified The Peon's Guide To Secure System Development 15 Tips for Secure Win32 Programming Buffer overflow vulnerabilities exploitation technics

Smashing The Stack For Fun And Profit

The Frame Pointer Overwrite (Off-by-one exploits) Once Upon a free() En Francais, tres complet, aborde tous les types de vulnerabilitees exploitables SPARC Buffer Overflows (DEFCON 8, July 28, 2000, Las Vegas, NV.) Writing buffer overflow exploits - a tutorial for beginners Syscall Proxying - Simulating Remote Execution Exploiting Buffer Overflows under Windows environment

Exploiting Windows NT 4 Buffer Overruns Non-Stack Overflows on Windows Exploitation of UNICODE Buffer Overflows Format string vulnerabilities exploitation technics

Howto remotely and automatically exploit a format bug

Format string vulnerability Exploiting format string vulnerabilities Format Bugs: What are they, Where did they come from, ... How to exploit them Analysis of Format Strings Bugs Howto exploit OpenBSD 2.7 ftpd format string Other vulnerability types exploitation

Deliver signals for fun and profit

Basic Integer Overflows - by blexim Secure programming and protection mecanisms

Insecure Programming by example

Many resources on exploiting UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes (HTML) UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes (PDF) Win32 Assembly Components Using Environment for returning into Lib C Secure Programming A Buffer Overflow Study, Attacks & Defenses Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Bypassing StackGuard and StackShield Multiple vulnerabilities in stack smashing protection technologies A practical approach for defeating Nmap OS-Fingerprinting Security policy related papers

Internet Security Policy: A Technical Guide

Introduction to Security Policies, Part One: An Overview of Policies Information Security involves a set of engineering processes OCTAVE Threat Profiles Common Criteria for IT Security Evaluation Wireless LAN related papers

Wireless Access Points and ARP Poisoning:

All you want to know about WLAN Practical Exploitation of RC4 Weaknesses in WEP Environments Fingerprinting

Passive OS Fingerprinting: Details and Techniques

Microsoft security

SecurityFocus Links

Windows 2000 Guides Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) (HTML) Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) (PDF) Building a Windows NT Bastion Host in Practice Layer 2 protocols

Detection of Promiscuous Nodes Using ARP Packets

Certifications

CISSP Open Study Guides

Spoofing

Spoofing with different protocols

Network protocols

ICMP Usage In Scanning Research

The Hping2 Idle Host Scan Security Problems in the TCP/IP Protocol Suite Operating systems

Secure Deletion of Data from Magnetic and Solid-State Memory

Cross-site scripting vulnerabilites

Malicious HTML Tags Embedded in Client Web Requests

Full explanation, with useful links Cross-Site Scripting Web Vulnerability Web-based attacks

Exploiting Common Vulnerabilities in PHP Applications

SQL Injection Are Your Web Applications Vulnerable Advanced SQL Injection In SQL Server Applications Hackproofing Oracle Application Server, David Litchfield Assessing IIS Configuration Remotely Fingerprinting Port80 Attacks SQL insertion Brute-Force Exploitation of Web Application Session IDs Web security

z/OS WebSphere and J2EE Security Handbook

Reverse Engineering

Many links on the subject, bookmarks from Dave Dittrich

Encryption

The end of SSL and SSH ?

Sniffing

Sniffing (network wiretap, sniffer) FAQ

Misc.

Password recovery tools

The Unix Auditor's Practical Handbook