--- [ Papers ] ---

Exploiting TCP and the Persist Timer Infiniteness

Exploitation of the TCP Persist Timer to perform a generic DoS attack, completely statelessly and with no memory overhead using the Nkiller2 POC tool. This paper was originally published at Phrack #66. You can also find a local copy here.


Abusing Network Protocols

The focus here is a new stealthy port scanning attack made possible by abusing XMPP. The technique uses a "zombie" host (that can be anyone in your [most probably fake] friend/contact list) and some timing calculations in order to conduct a portscan through that proxy to any target. The IP address is never revealed to the scanned victim, the same way the famous idle/zombie scan, discovered by antirez, works. I presented this research at athcon, a new security conference in Athens, Greece.

paper     presentation

Hacking the OpenSSH library for Ncrack

This paper analyses the process of building a OpenSSH-based library for Ncrack's SSH module. It goes through OpenSSH code involved with the authentication part, mentions the major changes that had to be done to convert the codebase to Ncrack's and Nsock's needs and also discusses some challenges with SSH bruteforcing.


SOCK_RAW Demystified

SOCK_RAW Demystified is a paper I wrote about explaining the implementation of the raw sockets mechanism in the kernels of FreeBSD 7.0 and Linux 2.6. It delves into network internals showing the details of this powerful socket type and how it works behind the scene.


Ncrack Developer's Guide

The official guide to writing your own modules for the Ncrack authentication cracking tool. Starting with an overview of the architecture and followed by an analysis of the main engine of Ncrack, a complete tutorial for building a simple FTP module is then given. The web page version is at Ncrack's official site and the txt form of it is here.

paper     web-version

Locating Stateless Firewalls

Locating Stateless Firewalls focuses on methods to discern between stateful and stateless firewalls. It discusses about how stateless firewalls can be further exploited due to possible misconfigurations and the result of RFC ambiguites.


Coding a Syn Scanner

Coding a Syn Scanner is a paper which explores the craft of making a custom port scanner that takes advantage of half-open connections. It explains in detail all the process required to code such a tool from scratch. It uses the codebase of Creeper - the simple syn scanner, which was actually written in parallel to this guide.

paper   creeper.c.html

Hacking Bash History

Hacking Bash History discusses about why the history mechanism of bash cannot be used as a monitoring/logging facility even with the strictest measures applied to secure it. A section of the text is dedicated to hacking the bash source code to interface it with syslog.


Byakugan, a full-fledged logo recognition system

My diploma thesis for my degree from the Computer Engineering and Informatics Department, University of Patras, Greece It analyzes the implementation of a complete logo recognition system, leveraging the power of OpenCV and Android. It is written in Greek, with a complete code listing in the end.