[ news ]   [ Nmap/Ncrack ]   [ projects ]   [ papers ]   [ netsec ]   [ about ]   rss twitter
--- [ Papers ] ---

Exploiting TCP and the Persist Timer Infiniteness

Exploitation of the TCP Persist Timer to perform a generic DoS attack, completely statelessly and with no memory overhead using the Nkiller2 POC tool. This paper was originally published at Phrack #66. You can also find a local copy here.

paper

Abusing Network Protocols

The focus here is a new stealthy port scanning attack made possible by abusing XMPP. The technique uses a "zombie" host (that can be anyone in your [most probably fake] friend/contact list) and some timing calculations in order to conduct a portscan through that proxy to any target. The IP address is never revealed to the scanned victim, the same way the famous idle/zombie scan, discovered by antirez, works. I presented this research at athcon, a new security conference in Athens, Greece.

paper     presentation

Hacking the OpenSSH library for Ncrack

This paper analyses the process of building a OpenSSH-based library for Ncrack's SSH module. It goes through OpenSSH code involved with the authentication part, mentions the major changes that had to be done to convert the codebase to Ncrack's and Nsock's needs and also discusses some challenges with SSH bruteforcing.

paper  

SOCK_RAW Demystified

SOCK_RAW Demystified is a paper I wrote about explaining the implementation of the raw sockets mechanism in the kernels of FreeBSD 7.0 and Linux 2.6. It delves into network internals showing the details of this powerful socket type and how it works behind the scene.

paper

Locating Stateless Firewalls

Locating Stateless Firewalls focuses on methods to discern between stateful and stateless firewalls. It discusses about how stateless firewalls can be further exploited due to possible misconfigurations and the result of RFC ambiguites.

paper  

Coding a Syn Scanner

Coding a Syn Scanner is a paper which explores the craft of making a custom port scanner that takes advantage of half-open connections. It explains in detail all the process required to code such a tool from scratch. It uses the codebase of Creeper - the simple syn scanner, which was actually written in parallel to this guide.

paper   creeper.c.html

Hacking Bash History

Hacking Bash History discusses about why the history mechanism of bash cannot be used as a monitoring/logging facility even with the strictest measures applied to secure it. A section of the text is dedicated to hacking the bash source code to interface it with syslog.

paper