Curious Yellow v0.01 is example code for Fun and Games with FreeBSD Kernel modules. Contains examples for all the different kernel alteration methods plus several small tools that can also be used for detection and defense.
73f88d8d22fa2950f8a4357f7da33c328f20127b5742927ce21031e9f29ee484
Fun and Games with FreeBSD Kernel Modules - Kernel hacking using kernel modules and kmem patching. Contains information on how to intercept system calls and other calls in the kernel by altering the corresponding call table. Also shows how to alter these tables by writing to kernel memory and gives an example of patching the kernel directly without the use of modules. Furthermore an example is given on how the symbol table in the kernel can be altered.
6db5555db57051ba93d1218a96282712e6bec0bee4d5f2277a0cc04f3e3b2771
Format String Builder includes code and instructions for use of a program which aids in the creation of format string exploits. Includes fmtbuilder.c, a small program to help build the strings.
848aaf31d3d81b8a782d44737935a4b9fcbae59484032cc55cdd1d2a44e1e406
This package contains all codes prepared for technical paper - UNIX Assembly Codes Development for Vulnerabilities Illustration Purposes. For every discussed processor architecture samples of various assembly components are included.
b198c0c0a17e1e73d1170ac01516e46602412eb03ffe85f6eeb00bf35c7ed193
Unix Assembly Code Development for Vulnerabilities Illustration Purposes v1.02 - Covers IRIX / MIPS, Solaris, HP-UX, AIX, Ultrix, Linux, BeOS, and BSD. Includes system call invocation information, code specifics, "Zero free" code, ASM functionality, and examples.
62d2e8de6232b3ff6562e6a1ae2a27a030259d2647d85ffb2ae413a70b82d7e1
Guidelines for C source code auditing - A basic reference containing some tips, approaches and methods for finding vulnerabilities in C code.
b51ef94c9808338490069713f8eb6404b9f0ffddb2612c40f2369d7c13b0a159
Looking for Vulnerabilities - Our approach has been to look for a few common mistakes in programs (and scripts) of interest (mainly setuid, setgid programs and network servers). This paper focuses on unsafe temp files, unsafe environment, and buffer overflows.
f66499c4db19f49b5b6f1abda1969d8574ee7a5fbe0ed73010d9c2401d1d8dac
Monitoring Networks Using ntop - How to monitor networks using the security tool ntop. Includes information on how to use it as a lightweight IDS.
8fab586e80d7808fa072e8c914fb00ef79573c88cc88de648f64595124e333e7
Stealth Syscall Redirection - This article describes a technique of redirecting system calls without modifying the sys call table (implemented in Linux). This can be used to evade intrusion detection systems that use the sys call table to register redirected or trojaned system calls. The basic premise behind this attack is to modify the old system call code to jump to the new system call, thus control is transferred to the replacement system call and the sys call table is left untouched.
b65637f6eb6460d4d82d35adddf11e37ba7cdf38d977e6f9f161d95599528e70
Open-Source Security Testing Methodology Manual - This is a document of Internet security testing methodology, a set of rules and guidelines for solid penetration testing, ethical hacking, and information security analysis including the use of open source testing tools for the standardization of security testing and the improvement of automated vulnerability testing tools.
13359705253cc0ddb86314504ce87e011dbd75e3d275187fc6074dabcfb1ae41
This guide intends to teach the basics of buffer overflow to the average C programmer without the need for complex knowledge of assembly. Written with FreeBSD 4.2-Release in mind, but written for x86 *nix.
cb58a5e28f825f34f22a59c92b55d25701b5d23ebf652a924fb49ea2eaa8a82b
Disassembling programs on Debian Linux 2.2 using gdb.
56d9a1c2e8443b0f76c19af756ecdda7c41fa869fa870e362ec15110a4a21e2b
How to exploit format string vulnerabilities - In Spanish.
d30ae54998bb2cc00f334b5bae58862608dc3f8d9da7dce9df01a7975c7a1cc0
This paper describes how the StJude kernel module stops local and remote exploits from being successful. The Saint Jude model for improper privilege transitions terminates program execution when it is exploited even if the exploit is unknown.
32a264782ffbeb3b1d5ac2fe7295419e164d7bcced7404713c2fa709c85c1ee7
Format Bugs - What they are, Where they came from, and How to exploit them. Users can often input format strings into printf and other statments, causing the stack to be overwritten. Includes code samples and debugger output.
a591a666146efb26ddfc36a8bc0226770a35257ba749a6efc8797ecf52f3289c
Passive Fingerprinting is a method to learn more about the enemy, without them knowing it. Specifically, you can determine the operating system and other characteristics of the remote host using nothing more then sniffer traces. Though not 100% accurate, you can get surprisingly good results by looking at the TTL, TOS, Window Size, and DF bit. Includes information on changing your machines fingerprint on Linux and Solaris.
3de3522a3961606ab4ff30b515bb3831552e13e90fd72c8718c7d15a4adf6301
Building a Bastion Host Using HP-UX 11 - Covers configuring HP-UX 10 and 11 to be a secure host, useful for firewall gateways, web servers, ftp servers, dns servers, mail hubs, and more.
d1b8db73a010afb5da4be15559a94e2c098a450abb5a26cce22234cd6db501d7
IRIX Login Security - In this paper you will learn a bit about logins, and the seriousness of what could happen if you don't take certain precautions. You will have found out some options you can take with your logins, certain restrictions, and a lot more.
35daa4e31eadc2e9835852cb680f16c18c3d63d83c32a3c93afa078dcdfd4718
Securing and Optimizing Red Hat Linux - This documentation is indispensable for peoples that want to get all advantage, security, and optimization of a Linux Server. Features Free/SWAN section, Quota configuration, Portsentry, Logcheck, section, improved firewall security approach, more system security tips and a lot other changes. This is the version 1.2 released the March 17, 2000.
21fedc3ff40715c9ab54627a93f618933543a9092dd9c93b1701b7e1865b8233
What you don't know will hurt you - Remote information gathering. This paper outlines two models of information gathering . The first model is "noisy" where the attacker uses all known resources with little reguard for what footprints* might be left on the target. The second is "stealthy". Wherein the attacker uses methods and packages designed to subvert logging facilities on the target.
7ad6564fa61c83377ccb981bf858b6053af46d1c53f44d173b57428b2d0d38a9
A little article on m68k buffer overflows + shellcode.
016422af06a4b1b382cf3adddd84f9422c208462d1ded6d338ac8ba2a3b63718
Step by Step instructions for tunnelling IP through an SSL Proxy using two linux boxes, pppd, ipfwadm, and ppptcp-ssl.
0dea7e4d8de7848934326ba14c32424742eca07f1b208d21ec80e262ffbdfb8c
There exists a vulnerability with certain configurations of certain ftp daemons with which users with a valid ftp only acccount on a system may execute arbitrary commands (including binaries supplied by themselves). There also exists the possibilty that anonymous ftp users may execute arbitrar y commands (also including binaries supplied by themselves). While this vulnerability is entirely configuration dependent. The required configuration is rather common. Exploit information here.
223f01ce4e2ad4bdfbd09c6989851a84ceba7d1fbe6c4a85a5d5802a338bf787
Attacking FreeBSD with Kernel Modules - The System Call Approach. System calls can be backdoored on FreeBSD much like they can on linux, and most linux kernel modules can easily be ported to FreeBSD. Includes information on intercepting system calls, filesystem related hacks, hiding files and contests, process related hacks, file execution redirection, tty hijacking, and module hiding.
99570c1f731fdefef35078cbb47958ca6d7efe7e113d0f5d14d4788fbf479ea0
Beginners Guide to Linux + Easy Installation Guide version 1.1 - I'd bet some of the people reading this description are using Windows, and are afraid to install Unix on their computer for some reason. "Sure, Unix does all those cool things and has better security and most Unix programs are open-source, but what will happen if I'll screw up with the installation and delete my old copy of Windows?" Black Sun Research Facility presents - an easy to understand and simple installation guide for Redhat Linux and Mandrake Linux, the two most easiest-to-install distributions (although this tutorial is good for other common Linux distributions as well).
94cf75c7fd9dcca69ca84c58292ccd72ecd74d76665906368f284adf788ce5fb