|--- [ Papers ] ---
Exploiting TCP and the Persist Timer Infiniteness
Exploitation of the TCP Persist Timer to perform a generic DoS attack,
completely statelessly and with no memory overhead using the Nkiller2
POC tool. This paper was originally published at
Phrack #66. You
can also find a local copy here.
Abusing Network Protocols
The focus here is a new stealthy port scanning attack made possible by abusing XMPP. The technique
uses a "zombie" host (that can be anyone in your [most probably fake] friend/contact list)
and some timing calculations in order to conduct a portscan through that proxy to any target.
The IP address is never revealed to the scanned victim, the same way the famous idle/zombie
scan, discovered by antirez, works. I presented this research at
athcon, a new security conference in Athens, Greece.
Hacking the OpenSSH library for Ncrack
This paper analyses the process of building a OpenSSH-based library
for Ncrack's SSH module. It goes through OpenSSH code involved with
the authentication part, mentions the major changes that had to
be done to convert the codebase to Ncrack's and Nsock's needs and
also discusses some challenges with SSH bruteforcing.
SOCK_RAW Demystified is a paper I wrote about explaining the
implementation of the raw sockets mechanism in the kernels of
FreeBSD 7.0 and Linux 2.6. It delves into network internals
showing the details of this powerful socket type and how it
works behind the scene.
Ncrack Developer's Guide
The official guide to writing your own modules for the Ncrack
authentication cracking tool. Starting with an overview of the
architecture and followed by an analysis of the main engine of
Ncrack, a complete tutorial for building a simple FTP module is
then given. The web page version is at Ncrack's official site
and the txt form of it is here.
Locating Stateless Firewalls
Locating Stateless Firewalls focuses on methods to discern
between stateful and stateless firewalls. It discusses about
how stateless firewalls can be further exploited due to
possible misconfigurations and the result of RFC ambiguites.
Coding a Syn Scanner
Coding a Syn Scanner is a paper which explores the craft
of making a custom port scanner that takes advantage of
half-open connections. It explains in detail all the process
required to code such a tool from scratch. It uses the codebase
of Creeper - the simple syn scanner, which was actually written
in parallel to this guide.
Hacking Bash History
Hacking Bash History discusses about why the history mechanism
of bash cannot be used as a monitoring/logging facility even
with the strictest measures applied to secure it. A section
of the text is dedicated to hacking the bash source code to
interface it with syslog.
Byakugan, a full-fledged logo recognition system
My diploma thesis for my degree from the
Computer Engineering and Informatics Department, University of Patras, Greece
It analyzes the implementation of a complete logo recognition system, leveraging
the power of OpenCV and Android. It is written in Greek, with a complete code listing
in the end.