本文共 5724 字,大约阅读时间需要 19 分钟。
Operating systems architecture
PitBull Foundation OS-Level Security
PitBull Foundation Secure Application Environment Writing ia32 alphanumeric shellcodes Intrusion Detection SystemsNIDS Placement in the Real World
Polymorphic Shellcodes vs. Application IDSs Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection Evasion, Traffic Normalization, and End-to-End Protocol Semantics Cisco routersImproving Security on Cisco Routers
Defining Strategies to Protect Against UDP Diagnostic Port Denial of Service Attacks Configuring Context-Based Access Control (PDF) Configuring Context-Based Access Control (HTML) Cisco Router Guides Cisco Password Recovery Cisco 2500 series help Password Recovery Procedure for the Cisco 2600 Series Routers Denial of Service attacksTrends os Denial of Service Attack Technology
FirewallsGuide to Firewall: Selection and Policy Recommandations:
FTP and Firewalls Real Stateful TCP Packet Filtering in IP Filter A Stateful Inspection of FireWall-1 PhoneBoy's FireWall-1 FAQ NIST's SP 800-41 Guidelines on Firewalls and Firewall Policy Information WarfareIWAR Range: A Laboratory for Undergraduate Information Assurance Education
Oracle securitySpecialists in Security and Oracle
ProgrammingProgramming Languages - C - C99
Cheating the ELF - Subversive Dynamic Linking to Libraries Tool Interface Standard (TIS) Executable and Linking Format (ELF) Specification Version 1.2 Intel Architecture Software Developer's Manual Volume 1: Basic Architecture Intel Architecture Software Developer's Manual Volume 2: Instruction Set Reference Manual Intel Architecture Software Developer's Manual Volume 3: System Programming Guide SPARC Assembly Language Reference Manual Syscall Proxying - Simulating Remote Execution FreeBSD Developers' Handbook: x86 Assembly Language Programming Secure Programming for Linux and Unix HOWTO (PDF) Secure Programming for Linux and Unix HOWTO (HTML) Secure UNIX Programming FAQ The Secure Pprogramming Standards Methodology Manual Setuid Demystified The Peon's Guide To Secure System Development 15 Tips for Secure Win32 Programming Buffer overflow vulnerabilities exploitation technicsSmashing The Stack For Fun And Profit
The Frame Pointer Overwrite (Off-by-one exploits) Once Upon a free() En Francais, tres complet, aborde tous les types de vulnerabilitees exploitables SPARC Buffer Overflows (DEFCON 8, July 28, 2000, Las Vegas, NV.) Writing buffer overflow exploits - a tutorial for beginners Syscall Proxying - Simulating Remote Execution Exploiting Buffer Overflows under Windows environmentExploiting Windows NT 4 Buffer Overruns Non-Stack Overflows on Windows Exploitation of UNICODE Buffer Overflows Format string vulnerabilities exploitation technics
Howto remotely and automatically exploit a format bug
Format string vulnerability Exploiting format string vulnerabilities Format Bugs: What are they, Where did they come from, ... How to exploit them Analysis of Format Strings Bugs Howto exploit OpenBSD 2.7 ftpd format string Other vulnerability types exploitationDeliver signals for fun and profit
Basic Integer Overflows - by blexim Secure programming and protection mecanismsInsecure Programming by example
Many resources on exploiting UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes (HTML) UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes (PDF) Win32 Assembly Components Using Environment for returning into Lib C Secure Programming A Buffer Overflow Study, Attacks & Defenses Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Bypassing StackGuard and StackShield Multiple vulnerabilities in stack smashing protection technologies A practical approach for defeating Nmap OS-Fingerprinting Security policy related papersInternet Security Policy: A Technical Guide
Introduction to Security Policies, Part One: An Overview of Policies Information Security involves a set of engineering processes OCTAVE Threat Profiles Common Criteria for IT Security Evaluation Wireless LAN related papersWireless Access Points and ARP Poisoning:
All you want to know about WLAN Practical Exploitation of RC4 Weaknesses in WEP Environments FingerprintingPassive OS Fingerprinting: Details and Techniques
Microsoft securitySecurityFocus Links
Windows 2000 Guides Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) (HTML) Cryptanalysis of Microsoft's PPTP Authentication Extensions (MS-CHAPv2) (PDF) Building a Windows NT Bastion Host in Practice Layer 2 protocolsDetection of Promiscuous Nodes Using ARP Packets
CertificationsCISSP Open Study Guides
SpoofingSpoofing with different protocols
Network protocolsICMP Usage In Scanning Research
The Hping2 Idle Host Scan Security Problems in the TCP/IP Protocol Suite Operating systemsSecure Deletion of Data from Magnetic and Solid-State Memory
Cross-site scripting vulnerabilitesMalicious HTML Tags Embedded in Client Web Requests
Full explanation, with useful links Cross-Site Scripting Web Vulnerability Web-based attacksExploiting Common Vulnerabilities in PHP Applications
SQL Injection Are Your Web Applications Vulnerable Advanced SQL Injection In SQL Server Applications Hackproofing Oracle Application Server, David Litchfield Assessing IIS Configuration Remotely Fingerprinting Port80 Attacks SQL insertion Brute-Force Exploitation of Web Application Session IDs Web securityz/OS WebSphere and J2EE Security Handbook
Reverse EngineeringMany links on the subject, bookmarks from Dave Dittrich
EncryptionThe end of SSL and SSH ?
SniffingSniffing (network wiretap, sniffer) FAQ
Misc.Password recovery tools
The Unix Auditor's Practical Handbook转载地址:http://fxqmb.baihongyu.com/