A paper by Immunity describing in technical detail the details of the LLSSRV issue described in MS05-010. This paper also describes how this issue affects Windows 2000 AP SP3 and SP4 without authentication, something which was not described in the MS05-010 bulletin.
9a2d067a18b330af81f10c5e578a7b8b552bacf8da50268824d53fb63f24a752A good introduction to writing exploits for the Win32 platform. Walks through creation of an exploit for a real vulnerable piece of software, using OllyDbg to help isolate the fault and exploit it.
a1ac7823b06c48cec480ed611ee8b0204d36353a374f2c737339dfa0f6b96491A bit of a rant about how Microsoft and Virus scanners fail to properly pay attention to .txt file extensions and how they can be used by attackers to fall into the background.
229dfa0b0c78a9b80ce0ca073eee096c97a84c01ed37e967a28cc0d2f6cc95f2Small whitepaper describing the obfuscation algorithm used by Windows 2k/NT/XP Syskey and the steps required to remove its encryption from the password hashes. Tools to automate the process included.
f5f9bec45eda579187a441ef744709a51fad7d1713b89e43530fcc7690bca1d3A simple tutorial on Windows Shellcoding - Shows how to write shellcode in asm that spawns a cmd shell. Includes tools to encode the asm code to avoid NULL bytes, and to generate the typical C shellcode. In Powerpoint and PDF format.
d612a88f1dba4e28d11743cd0d9579d520bc1ffcfcc355aa2d650faad3da1111Brief research paper that audits and discusses the true scope of how many hosts on the Internet actually have TCP port 139 listening and are susceptible to attack.
244293ebdd2a973beb2961f77348e04047e69687a1efabdac4ab45d5af3cf75bPaper discussing utilization of the Win32 exploit for the DCOM RPC vulnerability.
ac991411216d76522190300a8ee9d05dc9d1eee9a92a9af2f72a6cffa66b6bb9Paper discussing more shatter attacks that are possible using SEH memory locations to escalate privileges in Windows. Related information available here.
08eeaae0ef4d604d10152e302c4788b1eb3339d71fd9c5a793d9b0e5a67d44e0An iDEFENSE released security paper reflecting on the Shatter Attacks found against the Windows operating system in 2002. It clarifies what the flaws in the Windows event model are, describes a related vulnerability that continues to exist in many popular software products and suggests ways in which these unfixable flaws might be addressed.
fb0fa8745192613a9bdb181c4d941509343bd2f72a05a7a56786349fd4ee1876This paper presents a new generation of attacks against Microsoft Windows, and possibly other message-based windowing systems. The flaws presented in this paper are, at the time of writing, unfixable. The only reliable solution to these attacks requires functionality that is not present in Windows, as well as efforts on the part of every single Windows software vendor. This paper documents Next-Generation Win32 exploits being based off of fundamental API flaws.
e6db69645f9bab587c9ae93bf6270d1e2f76d72cd700fd1a238cd11736e74682Security Hardening of Windows 2000 and NT Server Machines - Contains a roundup of good security practices, hardening, ways that windows-boxes are penetrated, and a roundup of some useful tools. Written in 2001.
e9aaaa0f410f24e9705089083e684c2cd647519dbc5bd929756fc5b6a20e511fHow to hack windows remotely through file sharing.
ffc2b445833e871c315c998250f6bb60702c9aff78e05256d53c79e26ad64a71Windows 2000 Format String Vulnerabilities - Includes detailed discussion of how format string bugs in fprintf(), vprintf() and sprintf() calls they are created, discovered, and exploited.
cc470ec4478e27b35f145967b8b7096795122256fa90b4a6e74a53055431fa40Whitepaper on hardening the Windows 2000 operating system.
3a76a02aea438530ffc18147fa2aa954786034a888c0c029de6f70bd966562dbWindows 2000 machines can reliably be identified remotely because they do not correctly respond to ICMP query messages with a nonstandard Type-of-Service value.
47afc4eb164d7d4d223a0ea4749e7ca0101efeb95f9269d96b699b461e1f7355Windows 2000 Security - Log of a Windows 2000 hack and explanation of the dangers involved with the default security in Windows 2000 professional.
8b2ac853634ad5a826d4954ec9a04f38562ac16e7d8df4b21e6871c90ec05651
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed